This record is used to implement multiple location security for multiple branches or regions running on a single database. In this discussion, we will define the term read access as the ability to "see" a record or id, and write access as the ability to change the contents of, add or delete a record. Security limits read access so that you can create local records (such as client sites) that are only applicable to a single branch office - or a specific area or region. Global records (such as parts records that are standard company-wide) visible to all locations and users are created without security limits. In this way, offices A and B can share the same database without seeing each other's information.
By coordinating your Security, User, User Group and Branch records, you can control the read and write access of the user groups within your system. Security controls read access to individual records within a viewer (e.g., some client site records), based on the security level of the user. User Groups can be set up to limit write access to an entire class of records viewer. For example, you could set up your user groups so that only global users had access to Inventory Item records. In this way, your parts inventory list would remain consistent for all branch users. Global User Groups would likewise be restricted from creating Client Site records since these records should only be created by branches.
TIP: National Clients
Local Clients (pertaining to only one branch) would be created locally. National Clients (with Sites in many branches) would be created on a global or regional level. Therefore, View Client would be included on the functions list for the User Group Local and Global.
Security by Job
See Global Setting Security Override to set the security of work orders and other records according the the security of the Job, not the user.
Required to implement security and multiple branches in a centralized database. Note that a detailed Security setup example is included at the end of this topic. Records created by a user without a Security Id are considered to be global, and may be viewed by all users.
See Global Setting Security Override to set the security of work orders and other records according the security of the Job, not the user.
See Block Users from Seeing Records with Specific Security for a registry to limit user's access to specific companies by Security (Intercompany installations).
Security Id:
This required alpha-numeric field identifies this security level (A, A1, 0, 01, etc.) and determines the security level that will be associated with a record created by this user.
Description:
A brief description of the group (Region 1, Rgn 1 Branch 1, etc). This field is optional.
Read Only? Check this field (by double-clicking or pressing the spacebar) if users with this security level should be able to view (read only) information but not change or create it. Typically, this field would be checked to enable a user to run regional reports.
Like:
This field defines how much information users with this security level can ‘see’. The last (right-hand) character must be the % (percent sign). The alpha-numeric characters to the left of the percent sign form an alpha-numeric template, ranging from the most general (highest security level) to the most specific (lowest level). This system can include as many tiers as needed but must be used consistently. The following example shows a four-tiered system:
% (sees local records created at all security levels (A, B, A1, etc.).
A% (sees records created at and below security level A (A1, A2, etc.), but not B.
A1% (sees local records created at and below security level A1 (A11, A12, etc.).
A11% (sees local records created at level A11 only)
Recall that all users can see records created at the global level by a user with no security implemented in his user record.
The following illustration shows how Security records could be set up for a firm using a centralized database with two regions (01 and 02), each of which include two branches (0101 and 0102 for Region 1, and 0201 and 0202 for Region 2). All branches should be able to "see" all global inventory item records, but only those local client sites pertaining to their individual branch. In addition, we want to be able to run consolidated reports for regions 1 and 2 on a read-only basis. The following illustration shows how the Security Records would be set up to implement this three-tiered scheme (global, region and branch).
After creating Security records, User Groups should be set up to restrict write access to those record appropriate to the security level of Global or Branch. In this example, the User Group Local would include locally defined records such as Client Site, Client Site Equipment, Work Orders, Technicians, Employees, and Service Zone. The User Group Global would include standard company records required to be identical for all branches, including Inventory Groups and Items, Work Codes, and Certifications.
User(s) must also be set up as shown below.
When this system is in place, global users will have write access to all global records. Users with a Security Id of 0101 (region 1, branch one) will be able to view global records, and records created with a Security level of 0101 - but not records created under local security levels 0102, 0201, or 0202. Only global users can create global records (e.g., inventory items). Branch users should only create those local records that pertain to their sites (e.g., Client Sites).
TIP
Remember that the Security Id field must be set in all limited security (non-global) User records for correct implementation of this feature.