Welcome GuestLogin

ComCept Documentation

RSS RSS

 



Navigation




 Search:

»

The Short Version

We made some positive changes to security, to make ComCept easier to lock down. 

ComCept .Net checks permissions in more places now, so we temporarily gave your users these permissions.  Doing so keeps everyone from losing functionality until you manually take them away.  We did this by adding new groups with the new permissions to your data, and then we assigned the new groups to your users.

You should add these new permissions to your security groups.

While we were making security changes, we also added some features to the Security Maintenance page, so you will have an easier time managing all these permissions.

Details

ComCept made some essential changes to security.  These changes allow you to better control which users can perform functions on the Point-of-Sale pages within ComCept .Net.  We also diminished the importance of “Security Levels” in Point-of-Sale functions, which will require security administrators to act in the next few weeks.

Briefly, we:

  • created new permission checks
  • removed unneeded permissions
  • consolidated redundant permissions
  • removed dependencies on “Security Levels” in Point-of-Sale
  • made security easier to manage

Security Levels vs. Roles

There are two ways to grant users access to functions in ComCept.  You can either set the user’s Security Level, or you can grant Permissions through one of your many Security Groups.

Security Levels

Security Levels are assigned to users to indicate how much of the application they can access.  Higher Security Levels allowed access to more functions.

A complete explanation of Security Levels can be found here: Security Levels

Groups and Permissions

ComCept needed a more granular way to assign permissions than with Security Levels, so we implemented role-based security using permissions and groups.  You can define roles within your organization and assign those roles to your users.  Many functions in ComCept .Net honor both Security Levels and Permissions.  For example, users with Security Level 3 or users with the permission, “PurchaseOrder_New” in their roles can create new Purchase Orders.



No More Security Levels in Point of Sale

All the ComCept Point-of-Sale functions are now entirely dependent on Permissions, not Security Levels.  This change means giving a user Security Level 1 will no longer provide them with access to Invoicing, for example.  As you create new users in your data, you must assign them to groups that grant Point-of-Sale permissions, as Security Levels will no longer work.

Note: Purchasing functions, such as the Purchase Orders page are still responding to security levels, but we will be migrating these functions to Permissions over time as well.  Eventually, all Security Levels will be removed entirely from ComCept.

Action Required

ComCept has added new security groups to your data, filled with Point-of-Sale permissions that will keep your users from losing any functionality.  You should add these permissions to your groups. Please read through the rest of this document for detailed information on what permissions changed.

New Groups

We have temporarily added some new security groups to your data, to keep users from losing functionality. 



We added new permissions for actions that users could already perform so that you can now deny these permissions from users if needed.  ComCept .Net will now check to see if a user has permission to perform these actions before allowing them to continue.  To keep everyone from losing functionality after the code release, we automatically added the new permissions to new Security Groups and assigned those groups to your current users who were already allowed to perform these functions.

For example, users with Security Level 3 or higher were able to save work orders.  For this reason, we will automatically place all your Security Level 3 (or higher) users in the “ComCept Level 3” group, which contains a permission called, “POS_WorkOrder_Save”.



New GroupPurpose
ComCept DataMaintAllow users to upload and download all types of Data Maintenance sheets. Previously, users only needed one permission to access all types of DM sheets.
ComCept Level 1Allow users navigate to Invoices and perform common data entry tasks. Previously, users only needed Security Level 1 to perform these tasks.
ComCept Level 2Allow users navigate to Credit Memos and perform common data entry tasks. Previously, users only needed Security Level 2 to perform these tasks.
ComCept Level 3Allow users to modify most Invoice fields and navigate to Quotes, Work Orders and Purchase Orders. Previously, users only needed Security Level 3 to perform these tasks.
ComCept PurchasingAllow users to create all different types of POs, including vendor orders, returned goods orders and transfers. Previously, any users who had access to the Purchase Order page could perform these tasks. They are all separate permissions now, added to this group for your convenience.

Security administrators should inspect the “ComCept” groups and assign the permissions within them to other groups. 



Permission Changes and Consolidation

We have added permissions for the following actions:

PermissionPurpose
DM_WorkOrderAddUpload a work order spreadsheet using data maintenance.
DM_CustomerUpdateUpload a Customer Update spreadsheet using data maintenance.
DM_MasterInventoryUpdateUpload a Master Inventory spreadsheet using data maintenance.
DM_MasterPricingUpdateUpload a Master Pricing spreadsheet using data maintenance.
DM_LocalInventoryUpdateUpload a Local Inventory spreadsheet using data maintenance.
DM_AttributeAssignUpload an Attribute spreadsheet using data maintenance.
DM_TaxGroupExemptionUpload a Tax Group Exemption spreadsheet using data maintenance.
DM_PriceProfilesUpload a Customer Special Pricing / Pricing Profiles spreadsheet using data maintenance.
DM_CustomerEmailAddUpload a Customer Email Add spreadsheet using data maintenance.
DM_CustomerAddUpload a Customer Add spreadsheet using data maintenance.
DM_InventoryAddUpload an Inventory Add spreadsheet using data maintenance.
DM_PriceProUpload a Price Pro spreadsheet using data maintenance.
DM_VendorPartUpload a Vendor Part spreadsheet using data maintenance.
POS_CustomerBillToDetailsModify the name and address for the Bill-To customer.
POS_CustomerShipToDetailsModify the name and address for the Ship-To customer.
POS_StandingPOIndicate that the PO on this order is a standing PO, preventing the order from automatically closing.
POS_SalesmanCallInIndicate that the order was a salesman call-in, as opposed to customer-initiated order.
POS_ConsignmentCreditAllow user to change a consignment to a Consignment Credit.
POS_LineItemDetailsViewAllow user to open the line item details and see gross margin, cost and pricing explanations.
POS_LineItemCanBackorderAllow user to change the Backorder flag for line items.
POS_LineItemTaxableAllow user to change the taxable status of a line item.
PurchaseOrder_TypePOAllow user to save "PO" type purchase orders.
PurchaseOrder_TypeRGPOAllow user to save returned goods purchase orders.
PurchaseOrder_TypeXferAllow user to save transfer POs.
PurchaseOrder_TypeQuickXferAllow user to save quick transfers. 

The following permissions were deleted:

Deleted Permission
Credit_LineItemAdd
Credit_LineItemCost
Credit_ShipTo 
Invoice_CustomerMessage
Invoice_Delete
Invoice_LineItemAdd
Invoice_LineItemCost
Invoice_LineItemCostSave
Invoice_ShipTo
Invoice_View
Invoice_SelectCustomerOverCreditLimit
POS_LineItemDescription

The following permissions were renamed or combined:

New PermissionReplaces
POS_LineItemDescriptionCredit_LineItemDescription, Invoice_LineItemDescription
POS_LineItemExtendedDescriptionCredit_LineItemExtendedDescription, Invoice_LineItemExtendedDescription
POS_LineItemBasePriceGMInvoice_LineItemBasePrice, Credit_LineItemBasePrice
POS_LineItemCostInvoice_LineItemCost, Credit_LineItemCost, Invoice_LineItemCostSave
POS_LineItemDiscountAmountSavingsInvoice_LineItemDiscountAmount, Credit_LineItemDiscountAmount
POS_LineItemOrderedInvoice_LineItemOrdered, Credit_LineItemOrdered
POS_LineItemSalesGLAccountInvoice_LineItemSalesGLAccount, Credit_LineItemSalesGLAccount
POS_LineItemShippedInvoice_LineItemShipped, Credit_LineItemShipped
POS_LineItemUOMInvoice_LineItemUOM, Credit_LineItemUOM
POS_LineSalesAccountInvoice_LineSalesAccount, Credit_LineSalesAccount
POS_BillingDateInvoice_BillingDate, Credit_BillingDate
POS_DetailsInvoice_Details, Credit_Details
POS_MoveNextInvoice_MoveNext, Credit_MoveNext
POS_MovePreviousInvoice_MovePrevious, Credit_MovePrevious
POS_PONumberInvoice_PONumber, Credit_PONumber
POS_PricingProfileInvoice_PricingProfile, Credit_PricingProfile
POS_PrintInvoice_Print, Credit_Print, WorkOrder_Print
POS_PrintNewInvoice_PrintNew, Credit_PrintNew, WorkOrder_PrintNew
POS_SalesPersonInvoice_SalesPerson, Credit_SalesPerson
POS_ShipViaInvoice_ShipVia, Credit_ShipVia
POS_TaxModelInvoice_TaxModel, Credit_TaxModel
POS_TermsCodeInvoice_TermsCode, Credit_TermsCode
POS_ChangeShipToAfterPostInvoice_ChangeShipTo
POS_Invoice_ViewInvoice_New
POS_Credit_ViewCredit_New
POS_WorkOrder_ViewWorkOrder_New
Offline_WorkOrder_DeletePOS_WorkOrder_Delete
POS_Credit_InvoiceCreditCredit_InvoiceCredit
POS_PrintPickSlipWorkOrder_PrintPickSlip

Security Level Dependency

The very first version of ComCept .Net implemented Security Levels.  Assigning a user to Security Level 1 would allow them to perform some functions while placing them in Security Level 2 would allow them access to even more features.

ComCept has since added individual security permissions for specific actions and allowed you to bundle those permissions into groups.  This addition allows for more role-based security, putting clusters of permitted functionality together and assigning them to users who perform those roles.

Security Levels are being phased out.



 

Security Maintenance

In addition to the many changes to permission names, we have added some usability features to the Security Maintenance page.

List Searches

In short, you can filter all lists quickly, so you will easily find the group, permission or user you seek.

For example, the list of permissions may be very long, so you can now quickly filter the permission lists. Just type a few letters in the “Search” box at the top-right of any list to instantly filter its contents, as shown here:

Image











User Lookup

The list of users can grow quite long. For this reason, we have changed the User list to a type-ahead search, which allows you to jump straight to the users with a partial match, as shown here:

Image











Permission List

We have added another tab to the Security Maintenance page, which contains a reference of all ComCept permissions, including a Description of how the permission is used in the system. The list can be searched quickly, to zero in on the permissions you want to inspect.

Image        
  Name Size
- SecurityMaint.01.png 12.15 KB
- SecurityMaint.02.png 8.74 KB
- SecurityMaint.03.png 24.77 KB
Copyright 1999 - 2019 ComCept Solutions, LLC