User Profile Maintenance allows Data Plus administrative users to grant or remove user access. Data Plus offers tremendous flexibility in setting security for individual users. A user's access can be limited to a specific task, a group of tasks, or entire applications.
The security feature is a part of User Profile Maintenance. It displays a list of every application and function.
- Accessing User Profile Maintenance
IMPORTANT: Log on to the Data Plus application as the dpi user. This user is a Data Plus administrative user that must be able to access all customer systems or Client Groups. Select the Customer’s Live client group when logging on.
On the DPHS Administration tab, select User Profile Maintenance.
User Profile Maintenance will be displayed as a new window.
- Add a User
To add a new user, click Add.
The User Profile Information viewer now allows input of user and security information.
In the viewer, enter the following information:
Enter the Citrix login assigned to the new user which is a unique User ID, up to 16 characters. This is a required field.
The User Profile is currently active. This is the default value.
The User Profile is currently not active. This User ID cannot be used to log in to Data Plus.
Enter the first and last name of the user.
The Password drop down appears by default in Add mode. This drop down can be displayed at any time by clicking on the double arrows next to the Password icon.
Enter New Password
Enter a password for the user.
Retype Your Password
Retype the password for the user.
to set the password.
Password drop down is minimized when the Password bar is clicked
Default Report Path
Any print files that are not deleted will be saved in the selected Report Path, and should generally be the similar for each user in the database. This is only used for the Report Path in Xponent applications. The Report Path is typically set to “Reports\<User ID>”.
Click the folder icon to open a Question box to browse to the Report Path.
Click the search icon to open a Browse dialog box. Navigate to the desired folder or add a new folder for the user’s Default Report Path.
Enter the user’s email address.
Menu Access Group
When adding a new user, leave this field blank. A blank Menu Access Group is assigned to a regular user. These users have no access to User Profile Maintenance. This is the default value and is intended for a customer’s staff members.
To assign an Admin or GroupAdmin Menu Access Group requires updating the User Profile record after all security has been assigned for the user. See Section XI below for specific instructions.
Leave blank. For future use.
Enter the number of prior periods to which the user can post transactions. For example, entering 1(one) would allow the user to post only one period in the past.
Leave blank. For future use.
Max Check Amount
To limit the user to a maximum check amount that is lower than the maximum amount set for the database, enter the amount; leave the field 0(zero) to permit the user the maximum for the database.
NOTE: The maximum amount for the database is set in Accounts Payable>File Maintenance>Parameters>General Info Part 2.
Enter the number of future periods to which the user can post transactions. For example, entering 2(two) would allow the user to post only two periods into the future.
Enter any notes for the user. To restrict a user to one property in a multi-property database enter:
property=XX XX represents the Property ID.
There should be no spaces, and the cursor should not move to the next line. This applies only to Release 7 modules.
NOTE: When removing a property restriction for a user he/she must then log out of Data Plus and log back in for the change to take effect.
The Password Settings can be set up on the Client Group record by Data Plus Support/Release Management. These settings will default to each user being added by an Admin or Group Admin when logged in to the Client Group system. Customers will have to contact Data Plus to let us know when to set up default values at the Client Group level.
To maintain a Client Group record, access Data Plus Support > Client Groups > Client Group Maintenance.
Apply Password Rules
Apply Password Rules for this user. The Password Rules enforce Active Directory password complexity rules when a Data Plus password is changed or created. The rules are:
The password cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
The password must be a minimum of 7 characters.
The password must contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (ex: !, $, #, %)
Do not apply Password Rules for this user. This is the default value.
Enter the number of failed login attempts allowed. Once the Retry Count is reached, the User Profile is locked, preventing future logins. The User Profile must then be manually unlocked to allow future logins.
The default value is zero (0) which means there is no limit on the number of failed login attempts and the User Profile will never be locked automatically.
The User Profile is currently locked. Logins are not allowed. If a user has attempted to login unsuccessfully and exceeded the number of allowed failed login attempts, Data Plus will update this value. To allow the user to login again, uncheck this box.
The User Profile is currently not locked. This is the default value.
Password Change Interval (Days)
Enter the number of days a Data Plus password can remain valid before expiration. When the specified number of days elapses, the user will be prompted to change the password.
The default value is zero (0) which means the password never expires.
To add the User Profile record, click Save.
- Assigning a Client Group
To assign Client Groups, select the User ID to maintain in the User Profile grid.
Click on the Client Groups tab to display the Assigned Client Groups grid, if not already visible. In the ribbon, the focus will shift to Groups Maintenance.
On the right side of the screen is the list of Available Client Groups. This is a list of groups that the logged in user has access to. To assign the selected user to a Client Group, select the Client Group in the Available Client Groups grid.
The Move Left arrow button will now be activated. Click the arrow, to add the selected Client Group to the list of Assigned Client Groups. Click Save to assign the Client Group.
Additional Available Client Groups can be assigned by clicking the Move Left button. To remove a Client Group from the list of Assigned Client Groups, highlight the Group in the grid and click the Move Right arrow. The Client Group ID will go back to the Available Client Groups grid.
Each time a Client Group is assigned or removed from the Assigned Client Groups list, click the Save button in Groups Maintenance.
- Assigning Security Groups
To assign Security Groups, select the User ID to maintain in the User Profile grid.
Click on the Security Groups tab.
On the right side of the screen is a list of Available Security Groups. To add a Security Group to the Assigned Security Groups, select the Group Name in the Available Security Groups grid and then, click the Move Left arrow.
The Assigned Security Group grid is updated with the added Security Group.
Additional Available Security Groups can be assigned by clicking the Move Left button. To remove a Security Group from the list of Assigned Security Groups, highlight the Group in the grid and click the Move Right arrow. The Security Group will go back to the Available Security Groups grid.
Once the user has been assigned to the correct Security Groups, click the Save button in Groups Maintenance.
NOTE: Always assign the DPHS Administration and Style security groups to every user. Never assign DPHS Support to a customer user.
Assigning the General Ledger or the System Tables Inquiry Security Groups allows the user access to only reports and inquiries. Assigning the General Ledger or the System Tables Transactions Groups allows the user access to only transactions. This provides more security options without having to select individual menu option security.
- Setting Menu Security
To set Menu Security for individual menu items in the DPHS 8.0 application, select the User ID to maintain in the User Profile grid.
Click on the Menu Security tab in the right portion of the User Profile Maintenance window. A popup will appear.
When the Menu Security options are ready for editing, the popup message will change.
The Menu Security Maintenance grid is displayed showing all menu options for the Security Groups the user has been assigned.
The Menu Item column displays the name of the category or function. The column with the User ID in the title displays the current security setting for each category or function. There are four possible values for the security setting.
The user does not have access by default. Access is restricted based on the Menu Access Group and Security Group settings. This value is assigned typically to high level system functions (e.g. SmartFramework Maintenance) and Security Groups not assigned (e.g. Accounts Payable).
The user has access by default. Access is granted based on the Menu Access Group and Security Group settings.
The user is allowed access. This overrides any default setting.
The user is not allowed access. This overrides any default setting.
Any Security Group assignment for a user sets the Menu Security setting for all categories and functions in that Security Group to Default (NOTRESTRICTED-BY-GROUP). Conversely, removing any Security Group assignment for a user sets the Menu Security setting for all categories and functions in that Security Group to Default (RESTRICTED-BY-REALM).
To enable or disable access to a particular function, select the setting in the grid and select the desired option from the drop down.
After making any Menu Security changes, click the Save button in Groups Maintenance.
- Xponent Security
To set Xponent menu security for individual menu items in the Release 7 applications, select the User ID to maintain in the User Profile grid.
Click on the Xponent Security tab in the right portion of the User Profile Maintenance window. The Xponent Functions check box will appear and not be checked. To display all of the Xponent categories and Functions, click on the check box.
The frame displays a list of categories and functions in the DPHS Release 7 application. Categories are defined by indentations. Descriptions closer to the left of the frame include more categories. Descriptions that are indented fall under the above category. In the example above, Demand/Hand Checks a sub-category of CHECKS/EFT. To collapse or expand a category, click on the arrow to the left of the category.
By default, access is granted to all categories and functions when the Xponent Functions box is checked. Click on the box next to a category or function to remove access. All sub-categories and sub-functions inherit the access granted at the level above unless specifically overridden.
When any changes are made to grant access to Xponent Functions, the Save and Cancel buttons in Groups Maintenance are enabled. After making any Xponent Security changes, click Save. Release 7 Xponent Menu Security is updated. The user will have to exit the Release 7 module and access it again for the security changes to take effect.
Restricting Access for one Function
A user is authorized to enter A/P invoices and print edit lists to check for errors, but is not authorized to post invoice batches.
In Xponent Security, find the entry for Post under Xponent Functions > Accounts Payable > Transactions > Invoices > A/P Invoices and uncheck the box to remove access to posting invoice batches. To indicate that access is denied to a function, a lock icon appears next to the function and the box remains unchecked.
Click the Save button in Groups Maintenance.
Restricting Access for a Category
A user is authorized to access Accounts Payable but not authorized to void checks.
In Xponent Security, find the entry for Void Checks/EFT under Xponent Functions > Accounts Payable > Transactions > Checks/EFT > Void Checks/EFT and uncheck the box to remove access to all functions in the Void Checks/EFT category, including the Data Entry, Edit List, and Post functions for that category. To indicate that access is denied to a function, a lock icon appears next to the function and the box remains unchecked.
Click the Save button in Groups Maintenance.
- Property Security
NOTE: Property security only applies to General Ledger in the first release of DPHS 8.0. The User Notes field in the User Profile Information viewer is used to restrict access to a single property in the Xponent modules.
Property Security only applies to multi-property systems and only needs to be set for a user if there is a property restriction to be enforced. If a user can have access to all properties, there is no need to authorize properties for the user. Only when it is required to authorize a user for a single property or a subset of properties, is Property Security maintenance necessary.
On the DPHS Administration tab, select User Profile Maintenance in the Security group of the ribbon.
To assign Property Security, select the User ID to maintain in the User Profile grid.
Click on the Property Security tab.
On the right side of the screen is a list of Available Properties. To add a Property to the Authorized Properties, select the Property in the Available Properties grid and then, click the Move Left arrow.
The Authorized Properties grid is updated with the added Properties.
Additional Available Properties can be assigned by clicking the Move Left button. To remove a Property from the list of Authorized Properties, highlight the Property in the grid and click the Move Right arrow. The Property will go back to the Available Properties grid.
Once the user has been assigned to the correct Properties, click the Save button in Groups Maintenance.
NOTE: The all properties or single property restriction option still is a limitation of the Xponent modules.
- Department Security – NOT IMPLEMENTED
To assign Department Security, select the User ID to maintain in the User Profile grid.
Click on the Department Security tab.
On the right side of the screen is a list of Available Departments. To add a Department to the Authorized Departments, select the Department in the Available Departments grid and then, click the Move Left arrow.
The Authorized Departments grid is updated with the added Departments.
Additional Available Departments can be assigned by clicking the Move Left button. To remove a Property from the list of Authorized Departments, highlight the Department in the grid and click the Move Right arrow. The Department will go back to the Available Departments grid.
Once the user has been assigned to the correct Departments, click the Save button in Groups Maintenance.
- Delete a User
Select the user to delete in the User Profile grid on the left of the screen. The name will be highlighted in blue.
Click Delete. The following message will display for confirmation:
Click Yes to delete the user.
- Copy a User Profile record
Select the user to copy in the User Profile grid on the left of the screen. The name will be highlighted in blue.
The User Profile information viewer is now open for edit as a new record is created with all of the information of the original.
The User ID must be changed to be the unique value assigned by Data Plus for the user’s Citrix login. All other fields are optional. When editing is complete, click Save to save the new User Profile record.
NOTE: The Copy function copies all of the Client Groups, Security Groups, Menu Security, Xponent Security, and Property Security settings to the new user. To change security for the copied user, please refer to the sections III – VIII above.
- Designating Administrative users
In order to designate an existing user as an administrative user, you must go into Setup Mode. This is accomplished by accessing Enable Setup Processing in the DPHS Support menu.
Select the Enable Setup Processing menu item. The following question message displays:
Click Yes. You will be asked to enter a password.
Enter the dpi user password and click OK. Setup mode is now enabled.
On the DPHS Administration tab, select User Profile Maintenance.
To designate a user as a Data Plus or customer administrator, select the User ID to maintain in the User Profile grid.
The Menu Access Group field is now enabled in the User Profile Information viewer. The valid values are:
Menu Access Group
Admin users have access to all menu items. An Admin user has no restrictions in User Profile Maintenance. Admin users can assign users to any Menu Access Group and any Client Group.
GroupAdmin users have access to all menu items within a Client Group. A GroupAdmin user can only maintain security for other users assigned to the same Client Group. The GroupAdmin designation is intended for a customer’s Data Plus administrator(s).
A blank Menu Access Group is assigned to a regular user. These users have no access to User Profile Maintenance. This is the default value and is intended for a customer’s staff members.
Enter the appropriate value and click Save. If there are no other User Profile records to maintain, exit User Profile Maintenance.
The final step is to get out of Setup mode. In the DPHS Support menu, select the Enable Setup Processing menu item again. The following question message displays:
Click Yes. You will not receive a message. Setup mode is disabled.