1. Security Guide
  2. Implementing Simphony Security
  3. Authorization Privileges

Authorization Privileges

Setting Authorization privileges establishes strict access control, explicitly enabling or restricting the ability to do something with a computer resource. User authorization privileges are configured in the EMC.

  • Select the Enterprise level and then click the Roles module.

  • Workstation services also have their own privilege configuration settings within the EMC. Select the property level and then click the Workstations module.

Roles

A role is a group of privilege options defining what an employee can do. Employee roles determine the EMC modules a user may access, and they also determine what types of transaction behavior a workstation operator has (for example, permission to perform voids or open the cash drawer). A single role may be configured for all locations in the enterprise, or a role may be active in selected locations (zone, property, or revenue center). In addition, multiple roles may be assigned to a single employee, making the configuration of roles a task-based procedure. A role may include permissions that only allow a user to edit menu items (for example, see more in the best practices section). Also, job codes may be associated with employee roles, restricting clocked-in employees to a single set of permissions for the duration of a shift.

EMC Configuration

To open the Roles module in the EMC, select the Enterprise level, click Configuration, and then click Roles.

General Tab

  • Name: Enter the name of the role. Up to 64 characters are allowed.

  • Comment: Enter a comment describing this role. Up to 2000 characters are allowed; this field is not translatable.

  • Level: This field is a level of security; it was created to prevent EMC users from creating employee records more powerful than themselves.

EMC Modules Tab

Figure 3-1 Roles EMC Modules Tab


This figure shows the Roles module and its EMC Modules tab.

In the EMC Modules tab, roles are configured to allow access to various modules of the EMC. From this tab, a user may be given permissions to:

  • View a module (open it)

  • Edit a module (to update fields or records within the module)

  • Add records (to insert records where applicable)

  • Add Override records allows for the creation of records or override existing records in differing levels. For example, property menu item records can override Enterprise menu item records when a role has this privilege enabled. Add Override is available only for zoneable modules.

Add Override also controls the ability to delete an override in single-record modules. In these modules, there are multiple fields to change, but all the changes are for a single record. Users cannot insert additional records into single-record modules.

Note:

Users must be assigned View access to a module to open it. If a user is assigned the privilege to edit, add, and delete a module, but not to view it, they are unable to open the module. When an employee does not have access to view a module, the module appears as grayed out on the EMC Enterprise home page.

In some modules, such as Enterprise Parameters, RVC Parameters or Order Devices, there is not an Add or Delete option because individual records cannot be added or deleted.

Global Access

The All Modules and All Property/Zone Modules check boxes are available so that a role may be easily configured to view, edit, add, or delete every module without having to individually check each box. Furthermore, this check box allows access to new modules that are created in the future. For example, if a new module “voice ordering” is created and released in a new version, an employee with “Global Access” for View will be able to access this module without having a specific check box for the “voice ordering” module. Oracle Food and Beverage recommends that administrator-type roles have the All Modules option checked, so that administrators are always able to access every module in the system.

Actions Tab

In the Actions tab, roles are granted access to specific actions that can be performed in the EMC.

Figure 3-2 Roles Actions Tab


This figure shows the Roles module and its Actions tab.

Actions Global Access

Similar to the options on the EMC Modules tab, selecting the All Actions check box grants users associated with this role, permission to perform all actions. Oracle Food and Beverage recommends that administrator-type roles have this option checked, so that administrators are always able to perform all types of actions, including future actions that are not currently in the system.

Security

A user who does not have a role assigned is not able to access any Enterprise level modules.

Operations Tab

There are over 200 operational options, so it could be difficult to find an option by searching on the various tabs. To quickly find options, use the Search tab to perform a Context Sensitive Help text comparison. The example figure above shows a search for discount options.

Figure 3-3 Roles Operations Tab


This figure shows the Roles module and its Operations tab.

The Operations tab contains all of the options related to workstation functionality. The Operations tab is divided into sub-tabs based on similar functionality: Timekeeping, Voids, and the PMC.

Visibility Tab

On the properties tab, the role is assigned to specific locations or assigned to the Enterprise. In many situations, a role is assigned to the Enterprise — it is likely that a Server or Bartender role is the same for all properties. This tab consists of a grid that allows the administrator to add and delete locations, and to set the check box, [Propagate to Children], for each location.

The check box allows a role to be visible in the selected zones/locations and all its children; if it is unchecked, the role is visible in the selected zone/location only, but not its children.

View Tab

The View tab contains one option that controls the revenue centers that users can view: Enable Revenue Center-Level Security. This option relates to workstation behavior only. Employees associated with a role that has this option enabled are only able to view revenue centers in which they are an operator.

Employees can be set as an operator in a revenue center in the Employee Edit Form. When an employee is associated with a role with this option enabled, the employee is unable to add new revenue centers, even if the user is associated with a role with the Add Revenue Centers option enabled.

Fields Tab

The Field tab allows you to control specific field access for users in several EMC modules. Access control includes three privileges:

  • Editable: You are able to view and edit the field

  • View Only: You are only able to see the field (no editing allowed)

  • Exclude: You cannot view or access the field at all

Figure 3-4 Roles Fields Tab


This figure shows the Roles module and its Fields tab.

Parent topic: Implementing Simphony Security