Security Help
Security Overview
Security Groups
Depending upon the implementation, a security
group may represent a work group, a department, business unit or company.
A group is identified by a unique user-defined 10 character alphanumeric
code. The user may also define a 50 character textual description of the
group. Data is not shared between groups. Although all data is stored
in one sql database, data in one group cannot be accessed by a user in
another group.
Groups do not have rights or permissions assigned
to them, however, groups do have configuration
options associated with them.
Internet Customers - ODEN®
controls the ability to create and delete security groups. In most situations
a security group represents a company; however, in some instances a security
group may represent a branch
office of a company. At the time of purchase, your sales representative
will help you determine the configuration that best suits your company's
needs.
Intranet Customers - The
customer's super user account controls the ability to create, modify and
delete security groups. ODEN® recommends discussing your
configuration requirements with your sales representative before creating
security groups.
User Types
A user type is a collection of access rights that
defines the permissible activities of a user within the system.
User Defined User Types
A user (with the appropriate rights) may define
user types that are specific to their group. These user types may be copied
and modified as needed. If a user-defined type is deleted, the assigned
user accounts lose their privileges to the system.
ODEN® User Types
There are 9 predefined ODEN® user types. These
types may not be modified or deleted; however, one can make a modifiable
user-defined type by copying an ODEN® type. The following is a list of
the predefined ODEN® user types:
Personal
Operator Commercial
Operator P
& C Operator
Personal
Supervisor Commercial
Supervisor P&C
Supervisor
Personal
Administrator Commercial
Administrator P&C
Administrator
Personal Read
Only Commercial
Read Only P&C
Read Only
Rights
A "right"
is defined as the user's ability to perform a defined function. Each function
may be assigned up to four rights (create, read, update or delete) for
either personal lines, commercial lines or universally. Universally means
that the function does not explicitly apply to either commercial or personal.
Universal rights are mutually exclusive of personal and commercial rights.
For a complete list of functions and associated rights see the User
Type Rights section.
Each user type, whether user defined or ODEN® defined
is composed of a series of rights. Each right defines at what level the
associated user may perform a particular function.
A user type may be assigned different rights for commercial
lines versus personal lines. In fact, a particular user type may be denied
access to personal or commercial lines altogether.
User Accounts
Each user is assigned a user account. A user account
is associated with exactly one security
group. If a particular user needs to access
the data from more than one group they will need an account for each corresponding
group. User names must be unique within a group but do not have to be
unique across groups.
Each user account is assigned exactly one user type.
Accounts or passwords with no expiration date never expire. However, accounts
with an expiration date inactivate on the specified date. If a user attempts
to login using an expired account or password, they are denied access
to the system.
For more information see:
Group Options - customizing your security
group.
User Types - defining custom user types.
User Type Rights - definition of all
rights.
Users - defining user accounts.
Link to Utilities Help
Page
|