480 likes | 539 Views
DataQuest Application Security and Access. Welcome ! Application Security and Access.
E N D
DataQuest Application Security and Access
Welcome ! Application Security and Access. In this presentation you will learn how to secure your DataQuest Applications at different levels including System Wide User Profiles and Application User Profiles where you can limit access to entire applications, groups of program options, individual program options and system printers.
System Wide Parameters. In this first section we will discuss options that are only available in the System Wide Parameters menu. Access to this option is normally limited to System Administrator type personnel at the site. If you don’t have access to System Wide Parameters and it’s determined that you need access you can have your System Administrator contact DataQuest Support to request that access be given to you. We do process such request with caution since System Wide Parameter access should only be given to those with proper authority.
System Wide Parameters The screen above shows a typical DataQuest Application Main Menu for a User with access to System Wide Parameters. Note – the option number will vary by site and can vary by user.
System Wide – User Profile There are 6 options available in the System Wide Parameters menu of options. Option 4.. User Profiles can be used to define access by user to DataQuest Applications and System Printers. The other 5 options on this menu are not used to define access to applications or printers and will not be covered in detail during this presentation. Options 1, 2, 3 and 6 should only be modified with assistance from DataQuest Support.
System Wide – Printers and Applications Option 2 Printer Assignments is where your system printers are defined. Option 6 Application Codes is where the applications used at your site (for example Payroll, Utility Billing, etc) is setup. The setup in both these options will be done originally by your DataQuest Installer and is normally maintained by DataQuest Support as you add new printers or applications to your system. Before you can manage user access to system printers or applications you will at least need to know the printer numbers and application codes that exist on your system. You can select these two options and inquire on the records that are setup or print the screens to retain for your information.
Printer Assignments List Once you select option 2 Printer Assignments, then Inquire mode you will be asked to enter the printer number (direct or scroll). If you press F9 or press enter thru that screen it will list the printers defined on your system. You may want to screen print this information if you need to limit user access to system printers because knowledge of printer numbers is needed to do that.
Application Codes List Once you select option 6 Application Codes, then Inquire mode you will be asked to enter the application code (direct or scroll). If you press F9 or press enter thru that screen it will list the application codes defined on your system. You may want to screen print this information if you need to limit user access to applications on your system.
System Wide – User Profile Now that you have the System Printer and Application Code information we will look into the User Profile option where you can use this information to limit access. In this example we will be Updating an existing User Profile to limit access to printers and to modify the application access. You can of course apply these same access limitations while in Create mode if you are adding a new User to your system.
System Wide – User Profile Printer Access (Screen 02) The System Wide User Profile record is a 3 screen record. Once you select the User Profile option, Update mode and enter the username you need to update (Screen 01) will be displayed. Screen 02 is where Printer access is defined and Screen 03 is where Application access is defined. When you are on Screen 01 you can press F9 to get the screen number prompt and specify 02 to get to the Printer Access screen shown in this slide. Note - Unless you specifically request users to be setup with limited access to printers during your Installation they will be defined with access to All Printers (as shown in the setup for User Name THMS above).
System Wide - User Profile Printer Access (Screen 02) This slide shows where I updated screen 02 to deny access to printers 4 and 5 for the User Name THMS. Notice that I left the All Printers definition in place on line 1 but on lines 2 and 3 excluded access to printers 4 and 5. The I/E means Include / Exclude. If a user should have access to every printer on the system except one or two special printers it may be easier to define line 1 with access to all printers and then let lines 2, 3, 4 etc define exclusions to the All Printers definition. If there were 50 printers defined at your site you could allow access to all (except two) with 3 entries on this screen as shown.
You do not have access ! This slide shows the Error message displayed when the User attempts to print to a printer they do not have Access to. This Error is displayed and they must re-enter a printer number they have access to in order to print.
System Wide – User Profile - Application Access (Screen 03) Once you select the System Wide User Profile option, Update mode and enter the username you need to update (Screen 01) will be displayed. Screen 03 is where Application access is defined. When you are on Screen 01 you can press F9 to get the screen number prompt and specify 03 to get to the Application Access screen shown in this slide. Notice how the DataQuest Main Menu Application options (shown on the next slide for the user THMS) are defined on this screen. Even the order that the Applications appear on the screen is determined here.
User THMS Main Menu Notice that the user THMS has access to the Payroll and New Property Tax applications.
System Wide – User Profile - Application Access (Screen 03) Notice on the slide above that I updated the Application Access for User THMS by removing the PP and PT application codes. The next slide shows the results on the user THMS Main Menu.
User THMS Main Menu The Payroll and New Property Tax application options are no longer displayed on the User THMS Applications Main Menu. There is absolutely no way that the user THMS can gain access to those applications while logged on as THMS.
That completes the Printer and Application Menu access (by System Wide User Profile) section of this presentation. Next we will look into modifying user access to (programs / menu options) within a DataQuest Application by the Application User Profile definition. Each DataQuest Application has a option on the Applications Main Menu where User Profiles are defined within that Application. The next few slides show examples of the User Profile option on a few of the DataQuest Applications Main Menu.
The Application User Profiles are normally created by the DataQuest Installers as your system is being installed. Unless you specifically request a user to be setup with limited program access they will be setup with full access to all programs/menu options within the application. The Program Access screen of the Application User Profile can be used to allow or deny access to individual or groups of programs within an application. The Application User Profile screens do vary by Application but in most cases Screen 02 is the Program Access definition screen. The next few slides show the User Profile - Program Access definition screens in a few DataQuest Applications. Note – when you enter the user profile in update mode you will have to go to screen 02 to see these screens.
Application User Profile – Program Access Screen 02 As you can see the Program Access screen is almost identical in each application. Once you learn how to use this screen to define program access in one application you can easily do the same for other applications. In the sample above the User THMS is Allowed X C U D Access to ALL programs within the GL Application. Notice that there are 4 columns that each have a heading of Prog and Access XCUD. Each column has 10 rows allowing you to define up to 40 individual lines of program access.
Application User Profile – Program Access Screen 02 Access Flags 1 = Allow, 0 = Do not allow can be entered under each of the 4 Access Levels where X = Run the Program, C = Create Mode, U = Update Mode and D = Delete Mode. Mask (*) valid for program Only. The Prog column is asking for the Program ID. If you fill the first Prog slot with asterisks you are representing ALL program ID’s. When you are running a program the program ID is displayed in the upper right corner of the screen. Notice above that the program we are currently running is GLZ210. The next few slides will show different menu options / programs within the General Ledger application and the Program ID’s associated with them.
GL Program ID’s When you are inquiring on Ledger Balances by Period you are running GL Program ID 1110
GL Program ID’s When you are Creating General Ledger Packets you are running GL Program ID 3200
GL Program ID’s When you are using the Automatic Budget Projections option you are running GL Program ID 5200
GL Program ID’s When you are printing the Selected Account Analysis report you are running GL Program ID 6640
You can see how the GL Program ID changes depending on the menu option / program you are running. In many cases programs that are grouped under a sub-menu option will all begin with the same first or first two program ID digits. For example from the GL Main Menu if you select option ( 21.. Year-End ) a sub-menu of 7 options is listed. Each of those 7 options have a GL Program ID that begins with 23. The last two digits of the program ID’s vary but since the first two are the same you can use the Mask feature in the Prog column of the Application Access screen to allow or deny access to the entire sub-menu group. You will find this use of the same program ID (first digits) in most sub-menu groupings of programs throughout all of the DataQuest Applications. The next few slides show how the sub-menu options under Year End all have the same first two digits for the Program ID.
Application User Profile – Program Access You can see how the GL Program ID for each option on the Year-End sub-menu has the same first two digits 23 but the last two digits vary. Now we will return to the Application User Profile – Program Access screen and show how the Program ID’s can be used to define program access for a user.
Application User Profile – Program Access Notice in this slide that I have updated the User THMS and added Program ID 5200, 6640 and 23** to the Prog column and for each of these new entries I set the XCUD Access to 0 which means Do not allow. 5200 is the program ID for the Automatic Budget Projections option, 6640 is the program ID for the Selected Account Analysis report and 23** is an example of using the Mask option to limit access to all of the options in the Year-End sub-menu which all have ID’s beginning with 23.
As you can see it is very easy to deny access to individual or groups of like program options by sub-menu that have program ID’s that begin with the same digits. Next we will look at limiting a users access at the X C U D (Run, Create, Update, Delete) level. It is very common for DataQuest File Maintenance type options to prompt you for CUID (create, update, inquire delete) modes when you first enter them. What if you had a user that you wanted to have access to Create and Inquire but did not want that user to have access to Update or Delete modes. These next few slides will demonstrate how that can be done using the Program Access screen and the XCUD 1 = Allow, 0 = Do not allow options.
Program Access at the XCUD level At this point the user THMS has full access to X Run, C Create, U Update or D Delete when in the GL File Maintenance options. Notice the CUID prompt on the next slide after the user selects the File Maintenance option.
Program Access at the XCUD level Once the File Maintenance option is selected the user is presented with all 4 of the available File Maintenance options – Create, Update, Inquire and Delete. Each one can be selected and executed at this point. Also notice that the Program ID for GL File Maintenance is 1200.
Program Access at the XCUD level This slide shows that I updated the Program Access screen to include the GL File Maintenance ID 1200. In the Access XCUD section I placed a 1 under the X Run and C Create options but left the number 0 under the U Update and D Delete options. 1 = Allow and 0 = Do not allow.
Program Access at the XCUD level Now when the User attempts to select the U Update or D Delete modes the Message – Invalid C, U, I, D Selection; Try Again !! Appears. The User can still select the C Create and I Inquire options and perform those operations.
This Presentation demonstrates only a few of the options within the DataQuest Applications for defining User Access to applications and options within applications. Each DataQuest application has it’s own set of unique parameters and other setup options that can be used to further define user access. If you need help with a specific user access issue that this presentation does not seem to cover, simply contact the DataQuest Support Center and we will be glad to help.
The END Note: You can close this window to return to LGDPC’s How-To Presentations Page.