Versions Compared

Old Version 27

changes.mady.by.user Gints Vaskums

Saved on

compared with

New Version Current

changes.mady.by.user Mercedes Rothwell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleView Changelog

Date

Changes

February 2024

Created initial version.

Overview

To access the Security Manager:

  1. Click the ADMIN tab (1)

  2. Click on Security Manager (2).

The Security Manager module allows administrators to define and manage different Security Roles. Each Security Role has two types of privileges associated with it: dynamic and static. Static Security gives access to buttons, tabs, and windows. Dynamic Security defines rules of what kind of data can be accessible.

Security Manager Window

Security Manager window contains a list of already created Security Roles. Manager allows a user to define different Security Roles. They define users' access rights in the software.

Add a new Role

To add a new Security Role, in the Security Manager window click ADD (Figure 2 #1). The module will open a pop-up window. Enter the new Security Role Name and click OK.

Remove a Security Role

To remove a Security Role, in the Security Manager window select the desired Security Role and click REMOVE (Figure 2 #2). The module will open a pop-up window with a confirmation message. Click Yes to delete the selected Security Role.

Note: You cannot remove a security role if it is linked to any users. The module will display an error message.

Open a Security Role

To open a Security Roles details, in the Security Manager window click DETAILS (Figure 2 #3). The module will open a Security Detail window (see Types of Security Roles section).

Types of Security Roles

There are four types of access rights defined in a security role:

- Dynamic Privileges

- IP Addresses

- Static Privileges

- Mask Parameters

DynamicPrivileges Tab

Dynamic security defines what data will be visible to employees with that role. First, select module from the jCore Modules/Functionalities (1) list. The data access for this module is defined by either the Employee Hierarchy (Figure 5 #2) or the Locations Hierarchy (Figure 6 #3) or both. The Dynamic Privileges for a feature could be set to Self, Direct Peers, Supervisors, Selfand Direct Reports, etc.

- Self. The accessed data will be limited to data linked to the employee logged onto the software.

- Direct peers. The accessed data will be limited to data linked to the direct, equal-level peers.

- Self and Reporting Employees. The accessed data will be limited to the employee logged into the software and his directly or to all reporting employees.

- Self and Supervisors of Employees. The accessed data will be limited to the employee logged into the software and his direct or to all supervisors of employees.

- All Employees. The data is accessible for everyone.

The access rights granted by the Dynamic Privileges settings for users with the same Security Role can be different. They depend on where the user is in the Employee Hierarchy (or what locations he is assigned to). Hence it is “dynamic”.

In the lower part of the window there is a sub-section - Object Security (Figure 7). It allows granting or revoking access to individual objects (modules) with the software. This section is available only for Attributes, Status Flags, and Report Warehouse. Security Role controls access to individual Attributes, Status Flags, or Report Warehouse correspondingly.

How to Grant or Refuse Access to Individual Objects

Rw ui steps macro
Rw step

Select one of these modules from the jCore Modules/Functionalities list (1) and select Access by Object from the dropdown (2).

Rw step

To refuse the access to objects, select one or multiple (using <CTRL+click>) objects (3) and click ASSIGN>> (4).

To assign access to all objects, click ASSIGN ALL>> (5).

Then check the Exclude Selected Objects checkbox (6).

Rw step

To include back access to objects, select one or multiple objects (3) and click <<REMOVE (4).

To include back access to all objects, click <<REMOVE ALL (5).

IP Addresses Tab

This screen allows you to limit system access to specific approved work locations. By limiting authorized IP addresses, you can prevent users from accessing the system through insecure methods, such as the internet connection at a public airport.

To define an IP address:

  1. Double-click inside the IP address area. (1)

  2. In the pop-up window enter the IP Address (2).

  3. Click Apply (3).

To edit an existing IP Address:

  1. Right-click on the required address (1).

  2. Select EDIT (2).

  3. In the pop-up window change the IP parameters (3).

  4. Click Apply (4).

To delete an existing IP Address:

  1. Right-click on the required address (1).

  2. Select DELETE (2).

  3. In the pop-up window, click Yes (3) to confirm.

Static Privileges Tab

The Static Privileges tab determines the windows, tabs, and buttons that a user can access in the system and will allow a user to have either browse or read/write access to the application. Static Privileges can be thought of as defining where a user can go in the application. Apart from the Dynamic Privileges, the Static Privileges does not change from one user to another user within the same Security Role. If the Static Privilege is set to No Access, then that feature will simply not display on the user’s desktop.

To assign Static Privileges for a User Role, select Screen or Functionality from the list (1), and Access Type (2) from the Privileges list.

To restrict privileges for specific functions inside the screen, click the triangle before the screen name (1) to expand the branch. Then select the function and assign any required privileges.

Note

Warning: You cannot grant a privilege at the lower level that hasn't also been granted at the higher level.

Tip

Tip: To expand all screens, check Expand All (2).

Mask Parameters

You can mask (or hide) SSN, EIN, Phone, and Zip Code fields to provide additional security. You can choose to mask only when printing documents or include onscreen data. The system masks symbols with an asterisk “*”. The number of masked symbols from the start or end determines how many symbols are still readable.

08. Detail - Mask Parameters.png

Best Practices

Because the number of settings is quite high and contains an enormous amount of detail, we allow users to clone Security Roles.

Rw ui steps macro
Rw step

Instead of starting from scratch, select the Security Role that is close to what you want and click Save As (Figure 15 #1).

Rw step

Enter a different Security Role Name for the copy (Figure 15 #2).

Rw step

Click OK (Figure 15 #3).

Rw step

Edit only parameters you need to change, and leave the common ones as they are.

Security Settings Report

There is a Security Settings report in PDF format for all Security Roles.

  • This report allows you to verify if everything is set up correctly.

  • This report is often needed for regulatory reviews.

Rw ui steps macro
Rw step

Go to REPORTING (1) module, and open the Report Warehouse (2).

Then double-click a Security Settings (3) report from the list.

Rw step

In the Report Detail window, specify report parameters:

  • Select Security Role from the dropdown

  • [Optional] To select multiple security roles:

    • Click the three dots after the dropdown

    • In the Multi Selection window (Figure 19), select required security roles, and click OK to confirm.

  • Select Type of report (PDF or CSV)

  • Select Asynchronous mode (yes or no)

  • Specify Max records for print (number)

Click OK when finished.

12. Multi Selection.png
Rw step

The system is generating the report based on selected parameters. A red arrow pointing to the mailbox notifies when the report is ready. Click the mailbox.

Note: The generation process can take several minutes or more, depending of the amount of data.

Rw step

Double-click the Report.

Rw step

In the Message Detail window, click OPEN.

The Web browser opens the Security Setting Report. You can print and download the report using the icons on the toolbar.

16. Report.png

Audience: System Administrators, Managers.

Info

Functionality:The Security Manager module allows administrators to define and manage different security roles.