Documentation >
MAC-PAC Reference and Help >
Technical Support >
Key Concepts and Procedures >
Menu Authorization >
Security Control
Security Control
The security control aspect of the Menu Authorization utility consists of several different functions: user authority maintenance, initial menu assignments, and menu security officer maintenance. The system security officer is defined on Reference File category E16, System Security Officer. Menu security officers are defined on Reference File category E15, Menu Security Officers.
The initial menu assignment and user authority maintenance functions allow the system security officer and menu security officers to manage user access to menus and options. Initial menu assignments define which menu will be displayed when a user signs on to the system and user authority maintenance allows security officers to grant or revoke authority to specific menus and options for individual users. If a user does not possess authority to a menu or an option, it can not be displayed for the user, nor can it be accessed by mnemonic or fast path code.
Menu security officers are users with authority to specific menus who may maintain authority to those menus for specific users. Menu security officers allow the system security officer to selectively delegate responsibility for authorizations while maintaining a necessary level of control. Menu security officers are authorized to all menus and options in the menu groups to which they are granted authority by the System Security Officer.
As part of Menu Authorization, you may also perform security authorization recovery in case of a system crash by selecting Menu Authorization Recovery from the Menu Authorization Menu. This function will restore authorization to the appropriate options for the user assignments defined on the Security Detail File (MA140M). Security officers are also allowed to request a listing of all user and security officer authorizations to options through the Menu Authorization Report Request. Menu security officers may only obtain a listing for menu groups to which they are authorized by the system security officer.
User Authority Maintenance
The User Authority Maintenance Conversation allows a security officer to grant or revoke authority to users for options on menus to which the officer is authorized. By granting or revoking authority to users at the option level, you are able to create custom menus that display only those options to which the user is authorized. If a user is not authorized to an option, that option is not displayed on any menus for that user, and the option may not be selected with a mnemonic or fast path code by the user. You may inquire into user authority assignments by selecting User Authority Inquiry from the Menu Authorization Menu.
For example, if you had a temporary worker entering paper sales orders from sales representatives, you would want to define authority for the user to the options on the Customer Service Rep. Menu. However, the worker only needs to access the customer conversation. So, you only want to grant authority for the temporary user to the customer options. The customer service menu for the temporary user (WILLIAMS) would appear as in the figure below.
Customer Service Rep. Menu
Select one of the following:
Customer
01. Customer Master Maintenance
02. Customer Master Inquiry
Other Options
89. Return
90. Signoff
Selection or command
===>
F3=Exit F4=Prompt F15=Mnemonic List F19=Mnemonic Dsp
|
The Customer Service Representative Menu for Temporary User WILLIAMS.
This menu was custom made using the Menu Authorization Module.
To add authority to an option for a user, select User Authority Maintenance from the Menu Authorization Menu to display the User Authority Maintenance Function Select Screen (MA140S01). When the screen is displayed, you are prompted to enter the security officer password and a valid user ID (or several user IDs). If you enter more than one user ID, authority for each user is updated by the conversation.
For the user WILLIAMS, the function select screen would appear as in the figure below.
WILLIAMS MENU AUTHORIZATION 1/08/92
DSP01 USER AUTHORITY MAINTENANCE SELECT
Security Officer Password
User ID WILLIAMS
F3=Exit F9=Inquiry
|
The User Authority Maintenance Function Select Screen for the User WILLIAMS.
Use this screen to add user authority to an option for a user.
Once the Enter key is pressed and the information you entered is validated, the User Authority Maintenance Select Screen (MA140S03) is displayed with a list of menus to which the security officer is authorized. You may select any or all of these menus from which you want to grant or revoke user authority. When the list is displayed for the user WILLIAMS, you would page through the listing (if necessary) until you reach the CSMENU and select it, see the figure below.
V80SECOFR MENU AUTHORIZATION 4/07/93
WILLIAMS USER AUTHORITY MAINTENANCE SELECT
Select one or more menus, and press Enter to maintain authority.
Menu Name Menu Description
APMENU Accounts Payable Menu
ARMENU Accounts Receivable Menu
BCMENU Electronic Data Collection
BDMENU Bill of Documents Menu
CBMENU CONBON Menu
CPMENU Capacity Planning Menu
X CSMENU Customer Service Rep Menu
DEMENU Design Engineering Menu
DMMENU Draft Management Menu
ECMENU Expert Configurator Menu
EDMENU Electronic Data Interchange
FNMENU Forecasting Interface Menu
GAMENU Synchro Menu
GLMENU General Ledger Menu
F3=Exit F9=Inquiry F10=Select F15=Rekey Data
|
The User Authority Maintenance Select Screen (MA140S03).
Note: When setting up menu authority for a new user, you should begin by granting authority to SYSMENU options. This grants authority to each option on the selected menu(s). Once authority is granted from SYSMENU, any options that the user should not have authority, should be revoked at the individual menu level. If you set up SYSMENU after setting up individual menus, all authorities you revoked on the individual menus will be canceled.
Once you have selected the menu(s) for authority maintenance and your selection(s) have been validated, the User Authority Maintenance Detail Screen (MA140S02) is displayed with a list of all of the options assigned to the first menu you selected. You may enter a 1 to grant authority to an option or a 4 to revoke authority from an option. You may also select all options to revoke or grant by pressing F20 and F21, respectively. Also, you may select all options under a group heading by entering the desired number in the select field next to the heading. If you select a group heading, you can not select the options under the heading individually, all of them are processed.
When the detail screen is displayed for WILLIAMS, you can either select each customer option separately or you can select the group heading. See the figure below for an example selecting the group heading.
WILLIAMS MENU AUTHORIZATION 1/13/92
DSP01 USER AUTHORITY MAINTENANCE DETAIL
Menu CSMENU Customer Service Rep. Menu
Type options, press Enter; or press F20 or F21 to select all.
1=Grant Authority 4=Revoke Authority
1 Customer
Customer Master Maintenance
Customer Master Inquiry
Account Balance
Accounts Receivable Inquiry
. Availability
Lot Availability Inquiry
. Order Processing
Order Processing
F3=Exit F9=Inquiry F10=Select F15=Rekey Data
F20=Revoke Auth All F21=Grant Auth All
|
The User Authority Maintenance Detail Screen (MA140S02).
Once the Enter key is pressed and your selections are validated, the Security Detail File (MA140M) is updated with the new option authorization(s) for the user(s). WILLIAMS is granted authority to all options under the Customer group heading. After the update, the next menu of options you selected will be displayed for further maintenance. If no more menus are left to maintain, you are returned to the function select screen.
Initial Menu Assignments
The Initial Menu Assignment function allows a security officer to assign a menu to a user to be displayed when the user signs on to the system, allowing the user to avoid unneeded menus after signing on. If a user is not assigned an initial menu, the default menu on Reference File category E14 is displayed as the initial menu. You may inquire into initial menu assignments by selecting Initial Menu Inquiry from the Menu Authorization Menu.
To assign an initial menu to a user, select Initial Menu Assignment from the Menu Authorization Menu to display the Initial Menu Assignment Function Select Screen (MA150S01). Once the screen is displayed, you must enter a valid security officer password and the appropriate maintenance code, see the figure below for an addition. A menu officer may only add, change, or delete initial menu assignments for menus to which he or she is authorized.
WILLIAMS MENU AUTHORIZATION 1/08/92
DSP01 INITIAL MENU ASSIGNMENT FUNCTION SELECT
Security Officer Password
Maintenance Code 1
1 - Assign User Initial Menu
2 - Change User Initial Menu
3 - Delete User Initial Menu
F3=Exit F9=Inquiry
|
The Initial Menu Assignment Function Select Screen (MA150S01).
Once the Enter key is pressed and the screen is validated, the Initial Menu Assignment Detail Screen (MA150S02) is displayed to allow you to add initial menu assignments for users. If you entered the maintenance code for delete, all initial menu assignments to which you (the officer) are authorized are displayed for you to choose for deletion. A change transaction also displays all current initial assignments to which you are authorized; however, only the menu name is enterable, the user ID cannot be changed. In the case of the temporary worker, WILLIAMS, you could assign the Customer Service Rep. Menu as the initial menu. See the figure below for a sample detail screen for the user WILLIAMS.
WILLIAMS MENU AUTHORIZATION 1/08/92
DSP01 INITIAL MENU ASSIGNMENT ADDITION
User ID Menu Name
WILLIAMS CSMENU
+
F3=Exit F4=Prompt F9=Inquiry F10=Function Select
F15=Rekey Data
|
The Initial Menu Assignment Detail Screen (MA150S02).
Once the Enter key is pressed and the data is validated, the User/Menu Assignment File (MA150M) is updated with the new initial menu assignment information. If you perform a delete transaction, you also have the option of pressing F21 to delete all of the initial assignments to which you are authorized. In the example, the user WILLIAMS is assigned the customer service menu as an initial menu.
Menu Security Officer Maintenance
Menu security officer information is maintained on the Menu Security Officer File (MA130M), and only the system security officer is allowed to maintain the information. This conversation allows the system security officer to add or delete authority to menu groups for menu security officers. Once a menu officer is granted authority to the menu group, the officer may access any of the menus or options within the group. In this way, a menu officer may be assigned authority to a specific business function within the system. You may inquire into menu security officer assignments by selecting Menu Security Officer Inquiry from the Menu Authorization Menu.
Menu groups are maintained on Reference File category 098, Category Maintenance Areas. All menu groups used in the system must be defined on this category. You may define new menu groups for your system through the Reference File Category Maintenance Conversation. The MAC-PAC system is shipped with pre-defined menu group codes for each module you are receiving.
To add authority to the order processing menu group for a menu officer, select Menu Officer Maintenance from the Menu Authorization Menu to display the Menu Officer Maintenance Function Select Screen (MA130S01). When the screen is displayed, you are prompted to enter the system security officer password, the ID of the menu security officer for who you wish to maintain authority, and the appropriate maintenance code. The figure below shows the function select screen to add menu officer authority for the OPSECOFR user ID.
WILLIAMS MENU AUTHORIZATION 1/08/92
DSP01 MENU OFFICER MAINTENANCE FUNCTION SELECT
System Security Officer Password
Menu Security Officer ID OPSECOFR
Maintenance Code 1
1 - Add Menu Assignment
2 - Delete Menu Assignment
F3=Exit F9=Inquiry
|
The Menu Officer Maintenance Function Select Screen (MA130S01).
Once you press Enter, the information is validated, and the Menu Officer Maintenance Detail Screen (MA130S02) is displayed. On this screen, all of the menu groups to which the menu officer is not authorized are displayed, and you may select the groups to which you wish to grant authority. If you entered the maintenance code for delete, all menu groups to which the menu officer is authorized are displayed. To select a menu group(s), type a 1 in the select field next to the desired menu group (4 for delete) or press F21 to select all of the menu groups displayed, see the figure below.
WILLIAMS MENU AUTHORIZATION 1/08/92
DSP01 MENU OFFICER MAINTENANCE ADDITION
Menu Security Officer ID OPSECOFR
Type options, press Enter; or press F21 to select all.
1=Add
Opt Menu Group Description
IC Inventory Control
INSTL MENU AUTHORIZATION
JA Job Costing
JC Job Control
JT Just-In-Time
ME Manufacturing Engineering
MS Master Scheduling
1 OP Order Processing
1 PC Product Costing
PO Purchasing
RP Requirements Planning +
F3=Exit F9=Inquiry F10=Function Select F15=Rekey Data
F21=Select All
|
The Menu Officer Maintenance Detail Screen (MA130S02).
Once the Enter key is pressed and your selections are validated, the Menu Security Officer and Security Detail files (MA130M and MA140M) are updated with the new authorizations. In this example, OPSECOFR is granted authority to all of the menus and options in the Order Processing and Product Costing menu groups.