Space TimelineSpace Timeline

jCore Security Manager

Date

Changes

Date

Changes

February 2024

Created initial version.

Overview

Figure 1: Open Security Manager

To access the Security Manager:

  1. Click the ADMIN tab (1)

  2. Click on Security Manager (2).

The Security Manager module allows administrators to define and manage different Security Roles. Each Security Role has two types of privileges associated with it: dynamic and static. Static Security gives access to buttons, tabs, and windows. Dynamic Security defines rules of what kind of data can be accessible.

 

 

 

 

 

 

 

Security Manager Window

Security Manager window contains a list of already created Security Roles. Manager allows a user to define different Security Roles. They define users' access rights in the software.

Figure 2: Security Roles

Add a new Role

To add a new Security Role, in the Security Manager window click ADD (Figure 2 #1). The module will open a pop-up window. Enter the new Security Role Name and click OK.

Remove a Security Role

To remove a Security Role, in the Security Manager window select the desired Security Role and click REMOVE (Figure 2 #2). The module will open a pop-up window with a confirmation message. Click Yes to delete the selected Security Role.

Note: You cannot remove a security role if it is linked to any users. The module will display an error message.

Open a Security Role

To open a Security Roles details, in the Security Manager window click DETAILS (Figure 2 #3). The module will open a Security Detail window (see Types of Security Roles section).

Types of Security Roles

There are four types of access rights defined in a security role:

- Dynamic Privileges

- IP Addresses

- Static Privileges

- Mask Parameters

Dynamic Privileges Tab

Dynamic security defines what data will be visible to employees with that role. First, select module from the jCore Modules/Functionalities (1) list. The data access for this module is defined by either the Employee Hierarchy (Figure 5 #2) or the Locations Hierarchy (Figure 6 #3) or both. The Dynamic Privileges for a feature could be set to Self, Direct Peers, Supervisors, Self and Direct Reports, etc.

- Self. The accessed data will be limited to data linked to the employee logged onto the software.

- Direct peers. The accessed data will be limited to data linked to the direct, equal-level peers.

- Self and Reporting Employees. The accessed data will be limited to the employee logged into the software and his directly or to all reporting employees.

- Self and Supervisors of Employees. The accessed data will be limited to the employee logged into the software and his direct or to all supervisors of employees.

- All Employees. The data is accessible for everyone.

The access rights granted by the Dynamic Privileges settings for users with the same Security Role can be different. They depend on where the user is in the Employee Hierarchy (or what locations he is assigned to). Hence it is “dynamic”.

In the lower part of the window there is a sub-section - Object Security (Figure 7). It allows granting or revoking access to individual objects (modules) with the software. This section is available only for Attributes, Status Flags, and Report Warehouse. Security Role controls access to individual Attributes, Status Flags, or Report Warehouse correspondingly.

How to Grant or Refuse Access to Individual Objects

IP Addresses Tab

This screen allows you to limit system access to specific approved work locations. By limiting authorized IP addresses, you can prevent users from accessing the system through insecure methods, such as the internet connection at a public airport.

To define an IP address:

  1. Double-click inside the IP address area. (1)

  2. In the pop-up window enter the IP Address (2).

  3. Click Apply (3).

To edit an existing IP Address:

  1. Right-click on the required address (1).

  2. Select EDIT (2).

  3. In the pop-up window change the IP parameters (3).

  4. Click Apply (4).

To delete an existing IP Address:

  1. Right-click on the required address (1).

  2. Select DELETE (2).

  3. In the pop-up window, click Yes (3) to confirm.

Static Privileges Tab

The Static Privileges tab determines the windows, tabs, and buttons that a user can access in the system and will allow a user to have either browse or read/write access to the application. Static Privileges can be thought of as defining where a user can go in the application. Apart from the Dynamic Privileges, the Static Privileges does not change from one user to another user within the same Security Role. If the Static Privilege is set to No Access, then that feature will simply not display on the user’s desktop.

To assign Static Privileges for a User Role, select Screen or Functionality from the list (1), and Access Type (2) from the Privileges list.

To restrict privileges for specific functions inside the screen, click the triangle before the screen name (1) to expand the branch. Then select the function and assign any required privileges.

Warning: You cannot grant a privilege at the lower level that hasn't also been granted at the higher level.

Tip: To expand all screens, check Expand All (2).

Mask Parameters

You can mask (or hide) SSN, EIN, Phone, and Zip Code fields to provide additional security. You can choose to mask only when printing documents or include onscreen data. The system masks symbols with an asterisk “*”. The number of masked symbols from the start or end determines how many symbols are still readable.

Best Practices

Because the number of settings is quite high and contains an enormous amount of detail, we allow users to clone Security Roles.

Security Settings Report

There is a Security Settings report in PDF format for all Security Roles.

  • This report allows you to verify if everything is set up correctly.

  • This report is often needed for regulatory reviews.

 

 

 

Related pages