In order to bring you the best possible user experience, this site uses Javascript. If you are seeing this message, it is likely that the Javascript option in your browser is disabled. For optimal viewing of this site, please ensure that Javascript is enabled for your browser.
Login  |   Cloud ERP  |   Home  |   qad.com



  •     QAD Glossary

  • Users and Security
    This chapter describes how to set up users and manage different kinds of security.
    Security in QAD Enterprise Applications
    Explains what is addressed by QAD security applications.
    Security Overview
    Outlines the types of security enforced at log-in and which other security methods are used based on what the user is doing, and gives details on password management, basic login security, OS-based log-in security, domain security, operating system and progress security, workstation security, and a security implementation summary.
    Setting Up Security Control
    Explains how to use Security Control (36.3.24) with details on creating password strategies, and e-mail notifications.
    Defining Users
    Explains how to define users with User Maintenance (36.3.1), explains some interactions with licensing, how to control information process and display, identifying users, specifying e-mail addresses, setting interface preferences, specifying security settings, updating passwords, specifying domains, specifying user groups, and specifying application use.
    Controlling Access with User Groups
    Discusses how to manage user access by defining groups and gives an example user group.
    Using Security Functions
    Explains how to specify groups or users, assign access by menu, limit access to fields, control inventory access by site, control entity access, define GL account security, and define inventory movement code security.
    Monitoring System Security
    Discusses methods of tracking security-related events.
    Security in QAD Enterprise Applications
    Security and related technical controls must be viewed within the context of an organization’s overall security framework. While it is beyond the scope of this user guide to discuss the details of information security, the fundamental components involve measures to assure the preservation of:
    Confidentiality—ensuring that information is accessible only to those authorized to have access
    Integrity—safeguarding the accuracy and completeness of information and processing methods
    Availability—ensuring that authorized users have access to information and associated assets when required
    Availability includes items such as policies and procedures for data, equipment, and infrastructure backup and recovery. Features that can support these items are discussed in other sections of the user guide.
    Security properly starts with a comprehensive policy statement that:
    Clearly demonstrates management’s support and commitment to security
    Defines the principal security components important to the organization
    Describes the general approach for meeting security objectives
    After the policy statement is prepared, procedures, guidelines, and other supporting administrative controls are typically defined to support the policy. Finally, technical controls such as those described in this chapter are designed and implemented to support the administrative controls.
    This chapter includes several checklists to use as starting points in planning and implementing a comprehensive security plan to meet the specific security requirements of your environment.
    The specific level of security control an organization should implement is a function of the underlying information security requirements. Those requirements originate:
    Externally, including regulatory, legal, and legislative requirements
    Internally, based on the value of information assets, associated risks to those assets, and available controls that can eliminate or mitigate exposures to an acceptable level
    Much of the security control is designed to support external requirements. Numerous controls have been introduced to support customers who are concerned with meeting the security requirements of legislation and regulations such as the Sarbanes-Oxley Act and Food and Drug Administration 21 CFR Part 11.