Establishing Security
Topics in this part:
-
Security Shell Components provides an overview of the security features on the system.
-
Working with Companies (WCMP) describes how to create a company and control security by company.
-
Setting Up User Classes (WUCL) describes how to create user classes and control access to menus and menu options by groups of users. This topic also describes how to assign authority to companies, menu options, secured features and user-defined functions for a user class.
-
Working with User Records (WUSR) describes how to create user profiles and control access to menus and menu options by individual user. This topic also describes how to assign authority to companies, menu options, secured features and user-defined functions for an user individual user.
-
Working with Threshold Values (WTHR) describes how to create threshold values for defined functions in the system.
Security Shell Components
Purpose: Some security features in the system are set by Order Administration, while others require decisions and planning by your system administrator or security officer. You are not required to use every security feature that the system offers. Your company procedures will determine which features you need to implement.
It is recommended that you read this entire topic before performing any security related activities. Since access to system options relies on the level of security each user is assigned, security implementation requires well thought-out procedures.
In this topic:
Understanding System Security
Security Levels
Security is established in three aspects of the system:
-
Application security
-
Menu security
-
Feature security
Menu security: Menu security is initially defined by Order Administration, until you change authority levels when setting up user records (and user classes, if applicable).
Access to menus depends upon whether the system is delivered in a 'closed' or 'open' environment. In a closed environment, users are not allowed to access a menu option until they are granted authority. In an open environment, all users are allowed access to menu options unless they are specifically prohibited by the authority level in their user or user class record.
You establish authority to menu options through user records and, if applicable, to user classes. Access to companies, secured features, and user defined options is also established at the user and user class level.
Feature security: You can establish feature security by user and user class, and also by individual feature. A feature is a procedure or action that occurs within a function. For example, the ability to maintain batch totals and override prices in the Order Entry function are examples of secured features.
The system allows you to assign a company-wide authority level to a single secured feature. A feature's authority level (*ALLOW, *EXCLUDE, or *DISPLAY) replaces the need for passwords for these features. If you permit authority to all features in the system, all users can perform the feature unless a user is specifically excluded from a feature on the user record or user class level.
Security Considerations
Before you begin: Read this entire topic. You'll find that some security setup is required, while other features are optional (although you might consider some optional features important to your business). Certain features require prior setup before you can use others. For example, user classes are not required, but if you plan to use them, you must establish user classes before setting up your user records, which is a required component of the system.
What is required? First, you must have access to the system and define yourself as the system administrator in your user record (selected System Administrator field). This means that you have access to all menu options, system control values, and secured features on the system, and that you have the authority to create user records and assign authority levels. At a minimum, you must:
-
Create your primary company (and other companies if you are working in a multi-company environment)
-
Create user records for all personnel who will use the system and assign company authority
-
Define the system control values necessary to the running of your company
What is optional?
-
Creating user classes
-
Assigning menu option, secured feature, and user defined authority to individual users or user classes
-
Creating menu options
-
Creating and tailoring menus
-
Creating additional application areas and application groups
-
Setting up user defined functions
Security Requirements
Purpose: The security components you must set up to use the system are companies, user records, and system control values.
For more information:
-
User Configuration in the Administration Guide
Companies
Companies are single, isolated sets of data: an organization's financial information, inventory, and customers. The majority of tables includes COMPANY in the key, so you can establish unique sets of data without having separate libraries, although you can use separate libraries if you wish
The tables that are not company-specific, but rather database-specific include:
-
ZIP table. See Setting Up the Zip/City/State (Postal Code) Table (WZIP)
-
Application Area table. See Setting Up Application Areas
-
Application Group table. See Setting Up Application Groups
-
Menu table. See Customizing Menus (WMNU)
-
User table. See Working with User Records (WUSR)
If your company is providing fulfillment services for other companies, you can set up a separate company for each client you serve.
When should you create more than one company? You must create another company when you do not want data, (for example sales analysis figures, items, customers) to mix with another company's data. If you only want to separate sales analysis, you can handle that through entities and divisions. See Sales Reporting Hierarchy
Sales Reporting Hierarchy
User Records
User records allow an individual to sign on and access all or some of the features of the system. A user can be a customer service representative, an order entry operator, or a system administrator. Each user on the system must have both a user profile and a user control record.
What settings are in the user control record? The user control record (available through the Work with Users option) specifies the user’s:-
ID code (the code that identifies the user to the system)
-
authority to options available under My Jobs, My Docs, and Advanced Commands, including working with other user profiles or having access to other uses’ jobs
-
name
-
user class (optional), such as customer service representative or warehouse staff
-
default menu (the first menu that appears when the user signs on to the system)
-
default company (the company where a user automatically works after signing on to the system)
-
default authority level (indicating either default global access to or exclusion from menu options and secured features)
-
whether the user advances automatically to the Customer Selection Screen in order entry
-
authority to companies, menu options, secured features and user defined functions
Background: See User Configuration in the Administration Guide for step-by-step instructions on how to set up users, and for additional setup scenarios.
System Control table: The System Control table is where you define many of the processing characteristics of the system. The options in this table are used to control special system information, such as:
-
How the system will calculate pricing in Order Entry
-
How SKU information will appear
-
Whether you will use Cart/Bin picking
-
How you will assign purchase order numbers
The information defined in the System Control table is confidential and critical to the operation of your system. Access to the System Control table is restricted to users who have system administrator access. This table should not be available to all users.
Optional Security Procedures
User classes are logical groupings of users, for example all Order Entry operators. Like the individual user record, a default menu and default company can be assigned so that all users in this user class will sign on to the same menu and work within the same company. Authority to companies, menu options, secured features and user defined functions can also be assigned at the user class level.
See Setting Up User Classes (WUCL).
Why use user classes? If you want all your Order Entry operators to have the same level of authority and access to the system, you might want to create a user class where you define the defaults that will apply to all users in this class. As you create user records, you need only assign the user class that you have created to each Order Entry user record. In this manner, classes can be established and assigned for each group of users in your company.
Note:
The authority level assigned to an individual user's record always overrides the authority defined in the user class record.Creating menu options:Order Administration delivers a complete set of menus and menu options, but allows you to create options for commands, programs, and processing functions that you can add to existing menus, or menus that you create through the Customizing Menus (WMNU) menu option.
If you plan on creating menu options, you will need to do this before you can add them to an existing menu.
Creating or customizing menus: The system allows you to create your own menus or customize existing menus, by adding menu options or changing the arrangement of options on a menu. While menus are organized according to application, you might want to create a menu that only includes the options to perform certain specific tasks, such as customer service activities.
Security Procedures
Security Component | Status |
---|---|
Create a user profile record establishing yourself as the System Administrator. See User Configuration in the Administration Guide. |
Required |
Create company if in a single company environment, or more than one if in a multi-company environment. See Working with Companies (WCMP). |
Required |
Create user classes, if you plan to group users according to user class. See Setting Up User Classes (WUCL). |
Optional |
Define system control values. See System Control Table Components. |
Required |
Define secured features. See Setting Up Secured Features. |
Required |
Define company authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR). |
Required |
Define menu option authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR) |
Optional |
Define secured feature authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR) |
Optional |
Define user-function authority. Working with User Records (WUSR). |
Optional |
Create menu options. Delivered with the system, although you can create others. See Setting Up Menu Options (WOPT). |
Optional |
Create menus. Delivered with the system, although you can create others. Customizing Menus (WMNU). |
Optional |
Create application groups. Setting Up Application Groups. |
Optional |
Create application areas. Delivered with the system, although you can create others. Setting Up Application Areas. |
Optional |