Security Changes 2018 - Phase II

Modified on 09/19/2018 10:22 PM by Sharon Duckett — Categorized as: Documentation, Private, Public

Table of Contents [Hide/Show]

The Short Version
   Details
      Security Levels vs. Roles
      Security Levels
      Groups and Permissions
      No More Security Levels in ComCept .Net
   Action Required
   New Groups
   Permission Changes and Consolidation

The Short Version¶

ComCept .Net is continuing efforts to migrate away from Security Levels to a total role-based security system where you have more granular control over user access.

In Phase I of the project, we moved all point-of-sale (POS) based functions to role-based security. POS functions were contained in Security Levels 1-3.

In Phase II of the project, we have moved all non-POS based functions in Security Levels 1-3, along with all functions in Security Levels 4-6 to role-based security.

ComCept .Net checks permissions in more places now, so we temporarily gave your users these permissions. Doing so keeps everyone from losing functionality until you manually take them away. We did this by adding new groups with the new permissions to your data, and then we assigned the new groups to your users.

Security Administrators should add these new permissions to your security groups, or rename the temporary groups.

Moving forward, as new permissions are added to ComCept .Net, those permissions will be placed in the appropriate starter groups as required.

Details¶

ComCept has been making changes to security that allow you to control better which users can perform functions within ComCept .Net. We also diminished the use of “Security Levels” throughout ComCept .Net functions, which will require security administrators to act in the next few weeks.

Briefly, we have been:

• creating new permission checks • removing unneeded permissions • consolidating redundant permissions • removing dependencies on “Security Levels” • making security easier to manage

Security Levels vs. Roles¶

There were ways to grant users access to functions in ComCept. You could either set the user’s Security Level, or you can grant Permissions through one of your many Security Groups.

Security Levels¶

Security Levels were assigned to users to indicate how much of the application they can access. Higher Security Levels allowed access to more functions.

Groups and Permissions¶

ComCept needed a more granular way to assign permissions than with Security Levels, so we implemented role-based security using permissions and groups. You can define roles within your organization and assign those roles to your users.

No More Security Levels in ComCept .Net¶

All the ComCept functions are now entirely dependent on Permissions, not Security Levels. This change means giving a user Security Level 1 will no longer provide them with access to Invoicing, for example. As you create new users in your data, you must assign them to groups that grant the permissions they need, as Security Levels will no longer work.

Note: During the transition period, you will still see the Security Level in the employee record. However, it forms no function anymore.

Action Required¶

ComCept has added new security groups to your data, filled with permissions that will keep your users from losing any functionality. You should add these permissions to your groups, or rename the temporary groups.

New Groups¶

We have temporarily added some new security groups to your data, and updated existing temporary groups with non-POS permissions.

ComCept .Net will now check to see if a user has permission to perform these actions before allowing them to continue. To keep everyone from losing functionality after the code release, we automatically added the new permissions to new Security Groups and assigned those groups to your current users who were already allowed to perform these functions.

Temporary Group Permissions Added

Temporary Group	Permissions Added
ComCept Level 1	Consignment_New, Lookup_ItemAvailability, Shipment_New
ComCept Level 3	InvDocumentBatch_View, Notes_ManufacturerView, Notes_VendorView, Notes_ViewCustomer, Notes_ViewInventory, PurchaseOrder_Close, PurchaseOrder_Electronic, PurchaseOrder_Generate, PurchaseOrder_New PurchaseOrder_Print, PurchaseOrder_PrintNew, PurchaseOrder_Release, PurchaseOrder_Save, Quote_New, Receipt_New, ReceiptWorksheet_View, TransJournal_View
ComCept Level 4	Bin_View, InventoryLocal_Edit, InventoryMaster_Edit, Manufacturer_New, PriceProfile_View, PurchaseOrder_AdjustTransfers, System_ChangeLocation, Technician_Assign, Technician_View, Vendor_New
ComCept Level 5	AR_PaymentsSearch, AR_ServiceCharges, Attribute_AssignCustomer, Attribute_AssignInventory, Customer_New, Customer_QuickAdd, POS_Invoice_WriteOff, RecurringBilling_View, TransJournal_ViewAllLocations

Note:

Security Level 2: There were no non-POS related permissions to assign to this group.

Security Level 6: Additional privileges within Level 6 were already transitioned to security permissions as ComCept .Net moved those functions from the smart client to the thin client. Therefore, a temporary group for Level 6 was not needed.

Permission Changes and Consolidation¶

The following permissions were renamed or replaced:

Permission	Replaces
Lookup_ItemAvailability	Inventory_View
InventoryMaster_Edit	InventoryMaster_New
InventoryLocal_Edit	InventoryLocal_New

The following permissions were deleted:

Permission
Inventory_View
InventoryMaster_Save
InventoryLocal_Save