Operator Audit

Administration > Security > Operator Audit

Operator Audit

You use this program to view the different levels of access that have been configured against your operators. It provides a central area for administrators to establish what security access is defined for operators.

Operator Report

Toolbar and menu

Field	Description
Options
Create Conflict.txt	This creates a sample file in your `\Work` folder (on the server) which enables you to construct a list of program pairs to which access should never be granted to a single operator as it would constitute a role/task conflict in your organization. For example: If access to Posting AP invoices (program `APSPIN`) and Paying AP invoices (program `APSP95`) should never be granted to a single operator, then these programs must be listed as a pair in the `conflict.txt` file. When an operator is granted access to both these programs then a conflict is indicated in the Conflict column of the Program listview.
Show all records	This displays all available records in the panes.
Show allowed records	This displays only those records for which the operator is allowed access.

Operators pane

This displays a list of operators against which you can select to view the level of access configured.

Activities pane

This displays a list of activities within the system, indicating whether access has been configured against the operator or the operator role.

Click the hyperlink in the Activity description column to display a window listing all operators who have access to that Activity.

Fields pane

This displays a list of fields within the system, indicating whether access has been configured against the operator or the operator role.

Click the hyperlink in the Field description column to display a window listing all operators who have access to that Field.

Programs pane

This displays a list of programs within the system, indicating whether access has been configured against the operator role or operator group.

A conflict is only highlighted when both programs in a conflicting pair are allowed access based on the conflict.txt file. Conflicting programs are applicable to program access defined globally or configured by role.

Click the hyperlink in the Program column to display a window listing all operators who have access to that Program.

Access Control pane

This displays a list of key fields within the system, indicating whether access has been configured against the operator or the operator role.

Click the hyperlink in the Access control column to display a window displaying all options for that Access control type. You can select an option from this listview to view a list of all operators who have access to that Control.

eSignatures pane

This displays a list of eSignatures within the system, indicating whether access has been configured against the operator, operator role, company, operator group or system wide.

Click the hyperlink in the Transaction description column to display a window listing all operators who have access to that transaction ID.

Workflow pane

This displays a list of Workflow operations within the system, indicating whether access has been configured against the company or operator role.

Click the hyperlink in the Workflow column to display a window listing all operators who have access to that Workflow operation.

Groups pane

This displays a list of groups within the system (including subgroup) indicating those to which the operator belongs.

Click the hyperlink in the Operator group column to display a window listing all operators assigned to that Group.

Roles pane

This displays a list of roles within the system, indicating those to which the operator has been assigned.

Click the hyperlink in the Role column to display a window listing all operators assigned to that Role.

Conflict.txt File

A role conflict file must exist before you can report on role conflicts. To create this file you need to select the Create Conflict.txt option from the Options menu of the Operator Audit program (SYSPRO Programs->Administration->Security->Operator Audit).

You can tailor this file to your specific requirements. The file contains a list of program pairs that, in your opinion, constitute a conflict in your organization.

For example: If you don't consider it appropriate for an operator to have access to processing manual checks as well as voiding checks in the Accounts Payable module, then you would list the programs: APSP82APSP93 in the conflict.txt file.

The conflict.txt file must have the following properties:

The file must be a text file that can be created using an editor such as Notepad.
The file name must be conflict.txt. The file name is not case-sensitive unless you are using a Unix based operating system, in which case the file name must be in capital letters.
The file must reside in your \Work folder and, in a client/server environment, on the server.

Each line of the text file comprises two six-character SYSPRO program names or e.net business objects, which result in a role conflict. The program name pairs are separated by a single space.

Comments can be included in the text file. They can be included at the beginning of the line (i.e. with a semi-colon in column 1) or they can be added from column 25 onwards in a line, providing a semi-colon is placed in column 25.


Role conflicts are applied both in the order in which the programs appear in the `conflict.txt` file and in reverse. For example: If the operator is allowed access to both `IMPMOG` and `APSP82` then the role conflict is listed against `IMPMOG` and against `APSP82` in the report.

Role conflicts are applied both in the order in which the programs appear in the conflict.txt file and in reverse.

For example: If the operator is allowed access to both IMPMOG and APSP82 then the role conflict is listed against IMPMOG and against APSP82 in the report.

Sample file with comments

The following is an example of a conflict.txt file with comments:

;Role conflicts for IMPMOG - Admin operator groups
IMPMOG APSP82
;AP Manual Check Payment
IMPMOG APSP93
;AP Void payment entry
;Role conflicts for IMPPMP - Admin Operators
IMPPMP APSP82
IMPPMP APSP93

Sample without comments

The following is an example of a conflict.txt file without comments:

IMPMOG APSP82
IMPMOG APSP93
IMPPMP APSP82
IMPPMP APSP93

File layout

Column	Usage	Comments
1-6	Program name	6 characters. A semi-colon (;) signifies that the entire line is a comment
7	Space	Filler
8-13	Program name	6 characters
14-24	Spaces	Filler
25+	Additional comment - optional	Must start with a semi-colon (;) in column 25

Notes and warnings

Role configurations and setup

When Activity access is configured by role, an operator can have access to the same activity via more than one role, so it is possible that the same activity is displayed more than once.
When Field access is configured by role, an operator can have access to the same field via more than one role, so it is possible that the same field is displayed more than once.
An operator can have access to a transaction via more than one role, so it is possible that the same Workflow is displayed more than once.
An operator can have access to a program via more than one group, so it is possible that the same program is displayed more than once. The primary group and/or role is displayed in bold text.
An operator can have access to a transaction via more than one setting (operator/group/company/role) so it is possible that the same transaction is displayed more than once.