Security Notes

· Identify the security access definitions that can be defined and their meanings.

Element	Description
Users	Users who have access to a application.
User groups	Sets of users who have similar security requirements.
Security classes	Sets of securable tasks and application elements.
Access rights	Tasks users can perform and application elements users can access.
Right	Description
Modify	Perform tasks Change data Define application elements Define reports Print reports
View	View data View application elements Print reports
Limited	View application elements Prevent viewing data Prevent printing reports
None	Prevent performing tasks Prevent viewing application elements Prevent viewing data Prevent printing reports

· Describe how to access the security module.

The Security Setup and Security Access windows are in the Application module.

· Identify the relationship between the security ASCII file and system ASCII file.

When you extract security, the current state information is not copied to the ASCII text file. If you use this text file to rebuild an application, all users who were Locked when security was extracted will be Unlocked.

· Identify security issues.

To limit the number of users who can modify security elements, you must assign a security class for each security element.
When you create a security class, its access rights are set to None.
You cannot delete the HQ or UNASSSIGNED user group.

· Identify the steps to create users, groups, and classes.

Users, groups and classes are created in the tables in the Security Setup window.

· Describe the relationship of users to groups.

User groups are sets of users with similar security requirements.

· Identify the steps to change the access rights of a task.

The access rights of a task could be changed in two ways:

By changing the security class the task belongs to.
By changing the users or user group access rights to the security task.

· Given an exhibit where user's and the group's access rights differ (in the case where a user belongs to only 1 group), describe what the user's access rights will be.

Where a user and a user's groups have different rights the user's rights apply.

· Given an exhibit where the user belongs to more than one group, describe what the user's access rights will be.

Where a users belongs to groups with different rights for the same task the least restrictive right apply.

· Describe the steps to apply entity security where modify access is desired only for a set of base entities and not the parents above them.

Create MEDIUM and MINIMUM security classes.
Make security class for base entities MINIMUM.
Make security class for parent entities MEDIUM.
Make security class for other elements MINIMUM.
For the users/user groups for which modify access is only desired for base entities assign the follow access rights MAXIMUM = None, MEDIUM = Limited, MINIMUM = Modify.

Medium = Limited prevents user from viewing parent data but does allow users to modify base entity data.