Page History: Security Changes 2018 - Phase II
Compare Page Revisions
Page Revision: 09/19/2018 10:20 PM
The Short Version
ComCept .Net is continuing efforts to migrate away from Security Levels to a total role-based security system where you have more granular control over user access.
In Phase I of the project, we moved all point-of-sale (POS) based functions to role-based security. POS functions were contained in Security Levels 1-3.
In Phase II of the project, we have moved all non-POS based functions in Security Levels 1-3, along with all functions in Security Levels 4-6 to role-based security.
ComCept .Net checks permissions in more places now, so we temporarily gave your users these permissions. Doing so keeps everyone from losing functionality until you manually take them away. We did this by adding new groups with the new permissions to your data, and then we assigned the new groups to your users.
Security Administrators should add these new permissions to your security groups, or rename the temporary groups.
Moving forward, as new permissions are added to ComCept .Net, those permissions will be placed in the appropriate starter groups as required.
Details
ComCept has been making changes to security that allow you to control better which users can perform functions within ComCept .Net. We also diminished the use of “Security Levels” throughout ComCept .Net functions, which will require security administrators to act in the next few weeks.
Briefly, we have been:
• creating new permission checks
• removing unneeded permissions
• consolidating redundant permissions
• removing dependencies on “Security Levels”
• making security easier to manage
Security Levels vs. Roles
There were ways to grant users access to functions in ComCept. You could either set the user’s Security Level, or you can grant Permissions through one of your many Security Groups.
Security Levels
Security Levels were assigned to users to indicate how much of the application they can access. Higher Security Levels allowed access to more functions.
Groups and Permissions¶
ComCept needed a more granular way to assign permissions than with Security Levels, so we implemented role-based security using permissions and groups. You can define roles within your organization and assign those roles to your users.
No More Security Levels in ComCept .Net
All the ComCept functions are now entirely dependent on Permissions, not Security Levels. This change means giving a user Security Level 1 will no longer provide them with access to Invoicing, for example. As you create new users in your data, you must assign them to groups that grant the permissions they need, as Security Levels will no longer work.
Note: During the transition period, you will still see the Security Level in the employee record. However, it forms no function anymore.
Action Required
ComCept has added new security groups to your data, filled with permissions that will keep your users from losing any functionality. You should add these permissions to your groups, or rename the temporary groups.
New Groups
We have temporarily added some new security groups to your data, and updated existing temporary groups with non-POS permissions.
ComCept .Net will now check to see if a user has permission to perform these actions before allowing them to continue. To keep everyone from losing functionality after the code release, we automatically added the new permissions to new Security Groups and assigned those groups to your current users who were already allowed to perform these functions.
Temporary Group Permissions Added
Temporary Group | Permissions Added |
---|
ComCept Level 1 | Consignment_New, Lookup_ItemAvailability, Shipment_New |
ComCept Level 3 | InvDocumentBatch_View, Notes_ManufacturerView, Notes_VendorView, Notes_ViewCustomer, Notes_ViewInventory, PurchaseOrder_Close, PurchaseOrder_Electronic, PurchaseOrder_Generate, PurchaseOrder_New PurchaseOrder_Print, PurchaseOrder_PrintNew, PurchaseOrder_Release, PurchaseOrder_Save, Quote_New, Receipt_New, ReceiptWorksheet_View, TransJournal_View |
ComCept Level 4 | Bin_View, InventoryLocal_Edit, InventoryMaster_Edit, Manufacturer_New, PriceProfile_View, PurchaseOrder_AdjustTransfers, System_ChangeLocation, Technician_Assign, Technician_View, Vendor_New |
ComCept Level 5 | AR_PaymentsSearch, AR_ServiceCharges, Attribute_AssignCustomer, Attribute_AssignInventory, Customer_New, Customer_QuickAdd, POS_Invoice_WriteOff, RecurringBilling_View, TransJournal_ViewAllLocations |
Note:
Security Level 2: There were no non-POS related permissions to assign to this group.
Security Level 6: Additional privileges within Level 6 were already transitioned to security permissions as ComCept .Net moved those functions from the smart client to the thin client. Therefore, a temporary group for Level 6 was not needed.
Permission Changes and Consolidation¶
The following permissions were renamed or replaced:
Permission | Replaces |
---|
Lookup_ItemAvailability | Inventory_View |
InventoryMaster_Edit | InventoryMaster_New |
InventoryLocal_Edit | InventoryLocal_New |
The following permissions were deleted:
Permission |
---|
Inventory_View |
InventoryMaster_Save |
InventoryLocal_Save |