At
least one organization and organization unit must be defined before you
can begin.
A security group is a set of records that says who can perform what tasks within an application. Once the security group is established, members, permissions, and access points can be added to the security group.
At
least one organization and organization unit must be defined before you
can begin.
To define security groups:
1. From the Security Central screen, click Define Security Group.
2. Click
Add Security Group.
The Security Group Maintenance screen displays, as shown below.
3. Enter a unique Group ID and Group Name.
4. Enter the Group Description.
5. Select the appropriate Organization ID.
6. Select the appropriate Organization Unit ID.
7. In the Security Group Options section, check the appropriate checkboxes:
· Is Active?
· Can Use Debug Tools?
· Can Use Visual Style Designer?
· Can Use Web Designer?
· Can Publish Screens?
· Can Use Database Designer?
· Can Use Application Designer?
· Can Use Unified Search?
· Can Use Web Services Designer?
· Can Publish Web Services?
To
comply with PA-DSS, any user who can use debug tools is considered an
“Administrator”. If you do not want a specific security group to have
administrator privileges, make sure to uncheck the “Can Use Debug Tools?”
checkbox. If this box is checked, the security group defaults any user
within that group to administrator privileges.
8. Click Save.
You
must save now before proceeding to the next step.
9. On
the Assigned Members tab, you will see a list of users within the organization
unit. Double-click the users who should be made members of the security
group.
The red X changes to a green
checkmark.
If
you want to select or deselect all users, click the Select All or Unselect
All links.
10. On
the Assigned Applications tab (shown below), select the appropriate Application Type from the drop-down.
You can view a list of batch processes, online reports, XML-based screens,
or web pages. Check the appropriate permission type checkbox (View, Insert,
Update, Delete, Customize, Run) for the report/application, which vary
depending on the Application Type selected.
For
batch process type applications, “View” allows the security group to view
any report outputs that have been run for the specified batch report.
‘Run’ allows the security group to open the actual TRS process to customize
parameters and run the report. Checking both fields is required for full
security access to the specified batch process.
11. Click Default All Screens to Full Access to automatically give the security group full access (all permission checkboxes are checked) to all of the reports/applications. Or Default All Screens to Read-Only Access to automatically give the security group read-only access (only the “View” checkbox is checked) to all reports/applications.
Users
with Delete privileges have permission to delete records created by another
user. Because this poses a security risk, especially in Contact Tracking
and Batch Job Submission, Delete privileges should be assigned carefully.
12. On
the Assigned Access Points tab (shown below), you will see a list of access
points defined for the organization unit and the privileges that this
group has for those access points.
13. Double-click
the access point you want to add to the security group.
The red X changes to a green
checkmark.
The
access points with the “OLK” prefixes are associated with Outlook integration.
If assigned, the security group is permitted to perform certain actions
in Outlook.
14. Click Save.
Screen Element |
Description |
|---|---|
Group ID |
Text box. A unique ID for the security group. |
Group Name |
Text box. The long name of the security group. |
Group Description |
Text box. The description of the security group. |
Organization ID |
Drop-down. The organization ID in which the security group will be available. |
Organization Unit ID |
Drop-down. The organization unit ID in which the security group will be available. |
Security Group Options |
|
Is Active? |
Checkbox. When checked, indicates the security group is active. Only an active security group can be assigned. |
Can Publish Screens? |
Checkbox. When checked, indicates the security group can publish screens to the database. |
Can Use Debug Tools? |
Checkbox. When checked, indicates the security group can use the debug tools. The debug tools include the options available from the Debug menu on the menu bar. If you check this checkbox and modify the Toolbars.xml file in the Config folder, then the members of the security group have permission to turn on or off the command line (the blank line below the toolbar where you can enter a screen name and access it directly). |
Can Use Database Designer? |
Checkbox. When checked, indicates the security group can use the Database Designer. |
Can Use Visual Style Designer? |
Checkbox. When checked, indicates the security group can use the Visual Style Designer. |
Can Use Application Designer? |
Checkbox. When checked, indicates the security group can use the Application Designer. The Application Designer is used to customize and create Personify screens. |
Can Use Web Designer? |
Checkbox. When checked, indicates the security group can use the Web Form Designer. The Web Form Designer is used to create and publish forms for your Personify e-Business or external ASP.NET applications.
|
Can Use Unified Search? |
Checkbox. When checked, indicates the security group can use the Unified Search functionality first introduced in Personify 7.3.1. Unified Search is a search box that appears in the top-left corner of the application that allows users to enter a free-text search across all customer and order entry records within the user’s Organization Unit.
|