In order to bring you the best possible user experience, this site uses Javascript. If you are seeing this message, it is likely that the Javascript option in your browser is disabled. For optimal viewing of this site, please ensure that Javascript is enabled for your browser.
Login  |   On Demand  |   Home  |

Users and Security
This chapter describes how to set up users and manage different kinds of security.
Security in QAD Enterprise Applications
Explains what is addressed by QAD security applications.
Security Overview
Outlines the types of security enforced at log-in and which other security methods are used based on what the user is doing, and gives details on password management, basic login security, OS-based log-in security, domain security, operating system and progress security, workstation security, and a security implementation summary.
Setting Up Security Control
Explains how to use Security Control (36.3.24) with details on creating password strategies, and e-mail notifications.
Defining Users
Explains how to define users with User Maintenance (36.3.1), explains some interactions with licensing, how to control information process and display, identifying users, specifying e-mail addresses, setting interface preferences, specifying security settings, updating passwords, specifying domains, specifying user groups, and specifying application use.
Controlling Access with User Groups
Discusses how to manage user access by defining groups and gives an example user group.
Using Security Functions
Explains how to specify groups or users, assign access by menu, limit access to fields, control inventory access by site, control entity access, define GL account security, and define inventory movement code security.
Monitoring System Security
Discusses methods of tracking security-related events.
Security in QAD Enterprise Applications
Security and related technical controls must be viewed within the context of an organization’s overall security framework. While it is beyond the scope of this user guide to discuss the details of information security, the fundamental components involve measures to assure the preservation of:
Confidentiality—ensuring that information is accessible only to those authorized to have access
Integrity—safeguarding the accuracy and completeness of information and processing methods
Availability—ensuring that authorized users have access to information and associated assets when required
Availability includes items such as policies and procedures for data, equipment, and infrastructure backup and recovery. Features that can support these items are discussed in other sections of the user guide.
Security properly starts with a comprehensive policy statement that:
Clearly demonstrates management’s support and commitment to security
Defines the principal security components important to the organization
Describes the general approach for meeting security objectives
After the policy statement is prepared, procedures, guidelines, and other supporting administrative controls are typically defined to support the policy. Finally, technical controls such as those described in this chapter are designed and implemented to support the administrative controls.
This chapter includes several checklists to use as starting points in planning and implementing a comprehensive security plan to meet the specific security requirements of your environment.
The specific level of security control an organization should implement is a function of the underlying information security requirements. Those requirements originate:
Externally, including regulatory, legal, and legislative requirements
Internally, based on the value of information assets, associated risks to those assets, and available controls that can eliminate or mitigate exposures to an acceptable level
Much of the security control is designed to support external requirements. Numerous controls have been introduced to support customers who are concerned with meeting the security requirements of legislation and regulations such as the Sarbanes-Oxley Act and Food and Drug Administration 21 CFR Part 11.