QAD 2017 Enterprise Edition > User Guides > Security Administration > Security Overview > Sign-in Security > Workspace Security
  
Workspace Security
Access to domains and entities is controlled at two points:
During system sign in
During the application session
When users start the system, they submit user credentials using the sign in dialog box.
The client authenticates the user by calling the authentication service. If a user’s identity cannot be verified, sign in to the system fails. This authentication takes place during sign in for the character UI, the QAD .NET UI, and the Channel Islands UI. The system next checks to see if the user has access to any domains and entities defined in User Domain/Entity Access.
This step varies based on the user interface:
In character, the system checks to see if the user has an assigned domain. If not, an error is generated, and sign in is refused. If only one assigned domain is found, sign in to that domain is automatic. A user with access to more than one domain can choose from a list. The one marked as default in User Domain/Entity Access displays at the top of the list.
In .NET UI and Channel Islands UI, the authentication service creates a session for the user, and returns a session ID to the .NET UI. The .NET UI uses the session ID to initialize any workspaces (domain/entity combination). By default, this is the workspace that was active when the user signed out of a previous session. If no previous session exists, the default domain is used.
Note: Sign in to the .NET UI can be successful even when the user is not assigned to a workspace. This is because the .NET UI is a container for multiple applications and also provides access to system administration functions that are not part of any specific application.
Changing domains also differs depending on the UI:
In the .NET UI and the Channel Islands UI, a user with access to more than one domain or more than one entity in a domain switches from one to another by opening a different workspace.
In the character UI, users switch domains by using Change Current Domain (36.1.1.1.10). This automatically switches to the primary entity of the new domain.
At no time can a user access an entity that is not authorized in their user record. In the .NET UI, these workspaces do not display for selection; in the character UI, attempting to switch to an unauthorized domain or entity displays an error message. See Specify Access to Domains and Entities.
When a user exits the .NET UI, the active workspace is saved and displays when that user signs in again. In the character UI, the default domain assigned to the user in User Domain/Entity Access always displays by default.
For details about using and managing workspaces, see Introduction to QAD Enterprise Applications User Guide.