In order to bring you the best possible user experience, this site uses Javascript. If you are seeing this message, it is likely that the Javascript option in your browser is disabled. For optimal viewing of this site, please ensure that Javascript is enabled for your browser.
Login  |   Cloud ERP  |   Home  |   qad.com



  •     QAD Glossary

  • Security Implementation Summary
    Security Work Flow illustrates a work flow for implementing and using security features.

    Security Work Flow
    Establish a Security Plan
    By default, only log-in security is defined. Once you set up explicit permission for one user to access entities, fields, menus, and so on, all other users are excluded. For this reason, you should have a comprehensive security plan before beginning to set up security records.
    The set of checklists provided in this chapter can serve as a starting point for determining the focal points to consider when establishing a plan.
    You should consider both internal and external requirements when planning such security elements as password protection. For example:
    Does your company have specific requirements regarding password aging for all its systems?
    Do external regulatory agencies set standards for such things as password complexity, or whether the logged-in user ID should always display on the screen?
    Does your environment require database or operating system security controls implemented outside of the QAD application?
    Other planning considerations apply if you are setting up security for a multiple-domain database.
    For example, user profiles defined in User Maintenance apply to all domains in the system. However, profiles include several generalized codes that are domain specific such as access location and user type. To prevent validation errors, you should ensure that these codes exist in all domains.
    If you determine how you will use such system-wide data as part of your security planning effort, you can prevent duplication of effort by having basic information in place when you create new domains.
    Additionally, be aware that while user IDs and groups are defined for the entire database, group security access is controlled on a domain-by-domain basis. For example, you can restrict a particular group from accessing a GL account in Domain 1—but give the same group access to that account in Domain 2.
    Implement Your Security Plan
    After planning how your security system should operate to meet your company’s specific requirements, perform the following tasks to implement the plan:
    Define control settings using Security Control (36.3.24). An important feature of this program is the Passwords frame, where you establish a system-wide password strategy. See here.
    Set up user records. Depending on your overall security plan, you can define such elements as domain access and group membership, as well as enter temporary passwords for your users. See here.
    Note: If you want to assign users to groups at the same time you set up user records, you must define groups first. Alternatively, you can just define the users and assign them to groups in User Group Maintenance (36.3.4).
    Based on how you want to control access to functions, define groups using User Group Maintenance. See here.
    Use several programs to set up user or group access to menus, fields, sites, entities, GL accounts, and inventory movement codes. See here.
    Security Planning Checklists
    Tables 12.1 through 12.3 summarize the various security controls that should be considered as part of an effective overall information security plan. The degree to which each of these items is relevant will be a function of an organization’s security requirements.
    Where applicable, the tables include references to information on related topics.

    Planning, Policies, and Procedures Checklist
     
    Topic
    Reference
    Review all information security documentation for both QAD and Progress prior to installation (or software upgrade if applicable).
    This chapter
    Installation Guide
    Progress documents, including Data Administration, Guide, Client Deployment Guide, and Programming Handbook
    Review all QAD-related files to determine the appropriate permission and ownership settings.
    Document the users who should be permitted access to the application and verify user IDs.
    Determine if user groups will be used, and if so document the group names and the user IDs to be assigned to each group.
    Consider requirements for policies and/or procedures regarding deactivation of old user accounts. To meet the requirements of many regulated environments, user accounts can be deactivated, but not deleted, once they have been used to access the system.
    Define policies and procedures to be used to assure that user and group membership information will be kept current.
     
    Determine procedures to be used to create new user accounts and communicate initial passwords (e-mail, personal contact, other).
    Decide if a simplified access approach is sufficient. This lets users log in based on operating system-level security.
    Define how often users are required to changed passwords, and update the corresponding security setting.
    Define procedures for failed log-ins, including:
    The number of failed attempts before an event notification should be communicated to the defined security administrators
    Alternatives to e-mail notification
    Reviews of system logs
    Procedures for resetting locked accounts
    Define password policies and procedures, including password composition, length, expiration, and reuse of previous passwords.
    Define appropriate policies and procedures for users requiring that sessions be locked using a screen saver or comparable mechanism whenever the user leaves the session unattended.

    Progress and Operating System Checklist
     
    Topic
    Reference
    Determine whether to implement Progress as well as QAD user ID and password controls.
    Determine requirements for Progress-level schema security to control access to database tables.
    Consider disallowing Progress-level table and field access for the blank user ID
    Determine the period of inactivity after which a session should be disabled. For each device used to access the system, assure that a screen saver, or comparable utility, is set to activate after the defined period of activity, requiring reentry of the user’s password to unlock the session.
    Determine whether multiple users share a common workstation to access the system and whether appropriate operating system functionality exists to adequately support security.
    Operating system documentation

    Security Parameters, Setup, and Processes Checklist
     
    Topic
    Reference
    Verify and update relevant control program settings, especially those for security.
    Review any currently defined users and groups and disable any inappropriate, inaccurate, or out-of-date entries.
    Define users designated as security administrators, who will receive e-mail notification of security events such as failed log-ins exceeding a defined threshold.
    Update security settings regarding user IDs and passwords, including:
    Password composition
    Password length
    Password expiration
    Limits on re-use of previous passwords
    Limits on number of failed logon attempts
    Determine how security functions should be implemented to protect the integrity of database records. For each menu item, site, GL account, and so on, specify the appropriate users or groups authorized to execute the menu program or access data.
    Review menu function authorizations for potential segregation of duty issues and adjust groups as appropriate.
    Security Programs
    System Security Menu (36.3) lists the menu programs you use in defining and maintaining security for your system.

    System Security Menu (36.3)
     
    Number
    Description
    Program
    36.3.1
    User Maintenance
    mgurmt.p
    36.3.2
    User Inquiry
    mguriq.p
    36.3.3
    User Password Maintenance
    mgurmtp.p
    36.3.4
    User Group Maintenance
    mgurgpmt.p
    36.3.5
    User Group Inquiry
    mgurgpiq.p
    36.3.9
    GL Account Security Maintenance
    mgacsmt.p
    36.3.10
    Menu Security Maintenance
    mgpwmt.p
    36.3.11
    Menu Security Change
    mgpwcg.p
    36.3.13
    Entity Security Maintenance
    glsecmt.p
    36.3.14
    Entity Security Inquiry
    glseciq.p
    36.3.15
    Site Security Maintenance
    clsismt.p
    36.3.17
    Inventory Movement Code Security
    sosimt.p
    36.3.18
    Inv Mvmt Code Security Browse
    gpbr502.p
    36.3.19
    Field Security Maintenance
    mgflpwmt.p
    36.3.20
    Field Security by Group
    mgflgpmt.p
    36.3.22
    User Access by Application Inquiry
    lvusriq.p
    36.3.23
    Reports and Utilities Menu
     
    36.3.23.1
    Logon Attempt Report
    mgurpsrp.p
    36.3.23.2
    User Account Status Report
    mguactrp.p
    36.3.23.4
    User Group Report
    mgurgprp.p
    36.3.23.12
    User Password Force Change Util
    utfrcpsw.p
    36.3.23.13
    Entity Security Report
    glsecrp.p
    36.3.23.15
    Site Security Report
    clsisrp.p
    36.3.23.16
    GL Account Security Report
    mgacsrp.p
    36.3.23.19
    Activated Field Security Report
    mgflpwrp.p
    36.3.23.20
    Dictionary Field Security Report
    mgfldcrp.p
    36.3.24
    Security Control
    mgurpmmt.p