In order to bring you the best possible user experience, this site uses Javascript. If you are seeing this message, it is likely that the Javascript option in your browser is disabled. For optimal viewing of this site, please ensure that Javascript is enabled for your browser.
Login  |   Cloud ERP  |   Home  |   qad.com



  •     QAD Glossary

  • Setting Up Security Control
    Use the two frames of Security Control (36.3.24) to:
    Establish basic security parameters for your environment
    Define the way you want to set up and control passwords
    Two special security considerations apply to records created in this program:
    Whenever a field is updated, the system notifies members of the administrator group by e-mail. See here.
    You must use this program to update data values in the User Control (usrc_ctrl) table. The system prevents you from using other methods, such as Progress Editor, to modify that record.

    Security Control (36.3.24), Initial Frame
    Session ID Prefix
    Enter a prefix for temporary system-generated work files. These are created in the directory where the user started the system. The default is TMP. Modify this field only if you access multiple databases from the same directory. If the prefix in both databases is TMP, one session’s temporary files could overwrite another’s.
    Timeout Minutes
    Specify a number of minutes after which the system should automatically log out inactive sessions. Set a value in this field to minimize unnecessary overhead on busy systems.
    The field can also be used as part of an overall security strategy to prevent users from inadvertently allowing access to unauthorized individuals.
    If you enter a value, the system considers a session inactive only when a menu is displaying. If the user is in a menu function—Item Master Maintenance, for example—a session is never automatically logged out.
    Enforce Licensed User Count
    Use this field to implement enforcement of the total number of users, sessions, or transactions allowed based on your license agreement.
    No (the default): The system issues license violation warnings if you violate your license agreement, but you are not prevented from completing the action that caused the violation.
    Yes: The system issues a violation error if you violate your license agreement and you cannot complete your current activity.
    The system tracks all license violations, both warnings and errors. License violations can occur in the following situations:
    In User Maintenance (36.3.1) when you attempt to add users or assign them to applications
    In License Registration (36.16.10.1) when you assign users to applications
    During user log-in to the system
    When users attempt to use separately licensed applications or nonregistered applications
    See Registering Licenses for details on licensing.
    Important: Violation warnings should not occur often; if repeated warnings occur, contact your QAD representative or distributor for a license upgrade.
    Enforce OS User ID
    Specify whether the system allows users to access character and Windows sessions based on their operating system log-in.
    No: Users are always required to enter a valid user ID and password.
    Yes: Depending on password parameters defined in Security Control, valid users may be able to access the system directly without entering log-in information.
    Header Display Mode
    Use this field to control the information that displays in the menu and program title bars of programs in the character and Windows user interfaces.
    Note: Display mode does not affect the display of programs in QAD Desktop or .NET UI.
    Valid values are:
    0 (Display Date). The menu title bar displays the name associated with the ~SCREENS address code defined in Company Address Maintenance (2.12) and the current database name defined in Database Connection Maintenance. The program title bar from left to right includes the program name, the version of the program, the menu number and title, and the current date (see Display Mode 0).

    Display Mode 0
    1 (Display User ID). The menu title bar is the same as choice 0. The program title bar is the same as choice 0 except that the log-in ID of the current user replaces the current date. Reading from left to right, the title bar includes the program name, the version of the program, the menu number and title, and the log-in ID of the current user (see Display Mode 1).

    Display Mode 1
    2 (Display Date with Domain). The menu title bar displays only the current database name defined in Database Connection Maintenance. The program title bar from left to right includes the short name and currency of the current working domain, the menu number and title, and the current date (see Display Mode 2).

    Display Mode 2
    3 (Display User ID with Domain). The menu title bar is the same as choice 2. The program title bar is the same as choice 2 except that the log-in ID of the current user replaces the current date. Reading from left to right, the program title bar includes the short name and currency of the current working domain, the menu number and title, and the log-in ID of the current user (see Display Mode 3).

    Display Mode 3
    Note: Some regulatory environments may require the name associated with the user ID of the logged-in user to be available from any program. In the character and Windows interfaces, you can use the Ctrl+F key combination to review this information and other context details. In QAD Desktop, the user name displays by default in the browser title bar, along with the current domain and database name. In QAD .NET UI, it displays in the lower-right corner of the screen.
    Maximum Access Failures
    Enter the maximum consecutive failed log-in attempts allowed before the system deactivates the user’s log-in ID. When an account is deactivated, the system sends an e-mail message to members of the specified Administrator Group.
    Leave this field set to zero (0) if you do not want to limit failed access attempts.
    Note: If you are using electronic signatures, this same value controls the number of failed signature attempts that are allowed before the system deactivates the user ID. See Recording Electronic Signatures.
    Administrator Group
    Designate a user group—defined in User Group Maintenance—as an administrator group. Group members receive e-mail notifications when specific security and controlled events occur; for example:
    When a user account is deactivated for too many failed log-in attempts. See here.
    If you are using audit trails, when an audit trail profile is activated or an error occurs during the audit trail creation process. See here.
    If you are using electronic signatures, when an electronic signature profile is activated or a user account is deactivated for too many failed signature attempts. See here.
    When an update is made in Security Control. See here.
    Typically, this group includes the primary system administrator and one or more alternates.
    Email System
    Specify an e-mail system definition—set up in E-Mail Definition Maintenance (36.4.20)—used to notify members of the administrator group when security and Enhanced Controls events take place.
    Note: The system first attempts to use the e-mail definition specified for the logged-in user in User Maintenance. If the user record does not include a valid e-mail definition, the one specified in this field is used.
    Important: For system-generated e-mail to work correctly, be sure that the e-mail system definitions specified both here and for individual users are based on a message text file, rather than a message text string, in E-Mail Definition Maintenance.
    Additionally, if you use the Windows user interface, the system uses the e-mail program on the client machine to send security-related e-mail. This means that a Windows e-mail program must be installed on each client machine. For example, if you use wMailTo.exe, that program must be installed and configured in the home directory on each client.
    Logon History Level
    Indicate the level of system-maintained log-in history.
    None (the default): Log-in history is not maintained.
    Failed: Log-in history is maintained only for failed log-in attempts.
    All: History is maintained for all log-in activity.
    Particularly in highly regulated security environments, you can use log-in history information as part of an overall access monitoring effort. Use Logon Attempt Report (36.3.23.1) to view log-in history.
    Note: Be sure to set this field based on the level of information you think will be needed when you run the report. For example, if you set the history level to None, Logon Attempt Report will not include any data.
    Active Reason Type
    This is a display-only field. The system-assigned value is USER_ACT, the reason type associated in Reason Codes Maintenance (36.2.17) with reason codes used by security functions. The system uses reason codes of this type in two places:
    The Auto-Deactivation Reason field
    Reason codes entered manually in the Active Reason field in User Maintenance. See Active Reason.
    Example: You could use Reason Codes Maintenance to create the following reason codes associated with type USER_ACT:
    AUTO. The system automatically deactivated the account. You could enter this in Auto-Deactivation Reason.
    REACT. The system administrator has manually reactivated the account.
    NEW. The system administrator has added the account for a new user.
    LEFT. The user is no longer with the company, and the system administrator has deactivated the account.
    Note: System installation or conversion automatically creates one default reason code, QAD_DEF, for reason type USER_ACT. After installation, this code displays in the Active Reason field in the User Maintenance record of the default system user. During conversion, existing user records are populated with this value. After you set up values in Reason Codes Maintenance that apply to your system, you do not have to use this default reason code.
    Auto-Deactivation Reason
    Enter the reason code the system enters in user records when it automatically deactivates a user account. This occurs when the user reaches the number of consecutive failed log-in attempts specified in Maximum Access Failures. This code must be defined in Reason Codes Maintenance and be associated with reason type USER_ACT.
    Important: Reason codes are domain specific. During security planning, you should determine the codes you will use and set them up as part of the system domain. This way they are copied by default to all new domains.