Electronic Signatures

Administration > Electronic Signatures > Electronic Signatures

Electronic Signatures

System administrators use this program to configure the Electronic Signatures system.

Electronic Signatures provide security access, transaction logging and event triggering; enabling you to increase control over your system changes. This is achieved through the authentication and tracking of system activities against key business processes and sensitive data.

The Electronic Signatures system additionally assists with the effective segregation of duties, so you would typically use this system if you needed to control who in your company is allowed to process various transactions and if you require an audit trail of who performed a transaction and when it occurred.

This improves security by facilitating the integrity of operations and control over internal automated workflows. Therefore SYSPRO's Electronic Signatures system is commonly used by companies who have requirements for passing corporate governance audits, or who require compliance with various industry regulations such as FDA 21 CFR Part 11 and the Sarbanes-Oxley Act.

Summary implementation and usage

The following steps outline how to implement the Electronic Signatures system for a single company. However this is a basic guide only and you can configure the Electronic Signatures system differently according to your requirements.

See Tasks for additional step-by-step guides.

(Optional) Configure the Roles system to create operator roles and define settings for each role.

The Role Management system is used to maintain operator roles and to configure settings for each role. This enables system administrators to easily pre-configure and control a number of settings within SYSPRO.

When initially defining eSignatures by operator Role, you need to access the system from the Roles program, as you cannot add a new Role directly into the eSignature Setup program.

However, once eSignatures are defined for a specific role, you can maintain the configuration directly from the eSignature Setup program, without first loading the Roles program.

See also: Restrictions and limits in the Notes and Warnings section.
Enable the Electronic Signatures system.

As Electronic Signatures are disabled by default, the Global Configuration screen is displayed when you initially access the eSignature Setup program. (Once you have closed this screen, you can access it again by selecting the Global Configuration option from the Options menu.)

See Global Configuration for reference fields.
- Select the option: Electronic signatures required
- Deselect the option: Secure by default
- Select the option: Company, group or operator
- Select the option: Operator password and save your settings
Add a new configuration level.
- From the Add a New Configuration window, at the Configure by field, select the Company option
- Select the company id for which you want to configure Electronic Signatures and save your settings.
Define the access control for the Company configuration level.
- From the Transactions menu, select the All Log only option.
- The Transaction Configuration message window displayed, confirm to continue.
  
  This ensures that at company level, all operators can process all transactions to which they have not been denied access (see Operators and Groups) and an audit log is generated for each transaction.
Define the access control level you require for each operator.
- From the Configuration menu, select the New option.
- At the Configure by field on the Add a New Configuration screen, select Operator.
- Select the operator for whom you want to define the access level and save your changes.
The operator is added to the Configuration Level listview.

All transactions which can be secured by Electronic Signatures are displayed in the Transactions listview. For the selected operator, all transactions are displayed as being selected (Allowed).
Define the access control at transaction level.

If you want to disallow most transactions (i.e. only allow the operator to process all AP transactions, for example) then you can select the All Denied option from the Transactions menu. This deselects all the transactions for the operator.

You then manually define the access level required for those transactions to which you want to give the operator access:
- From the Configuration Level listview, highlight the operator for whom you want to define access at transaction level
- Select Define by Transaction from the Transactions menu.
- Highlight the transaction for which you want to define the level of access for the selected operator.
- Select the Configure option in the Configure column (Alternatively, use your right mouse button to select the Advanced Configuration option).
- Define the Access control level for the transaction as eSignature.
- Optionally define an Effective period for this access control level for this transaction.
- Optionally select the Logging and Trigger Options tab to configure a detailed audit log for the transaction (see Configure Detail Log).
- Optionally select the Logging and Trigger Options tab to configure a trigger for the transaction.
- Select the Apply function to apply your selections to the transaction for the operator.
- Repeat steps for each transaction to which you want to define eSignatures against for the operator.
Repeat steps 5 and 6 for each operator.

Access Control Levels

The following table summarizes the access control levels available for Electronic Signatures:

See also: Access Control considerations in the Notes and warnings section.

Access Control	Description
All Secured by eSignature (Configuration level) or eSignature (Transaction level)	Select this to set the current transaction or configuration level to be subject to Electronic Signatures. If you select this access control at Configuration level, the transactions are subject to Electronic Signatures and therefore Operators must enter a password before the transaction can be processed. If selected at Transaction level, you would need to additionally indicate if the operator is required to confirm with a password to proceed, or alternatively if a message box should be displayed, requesting confirmation with a default result to either proceed or deny the transaction. If selected at either level, an audit log is generated for the transaction.
All Allowed (Configuration level) or Allowed (Transaction level)	If selected at either Configuration or Transaction level, this access control allows Operators to process the transaction without having to enter a password, therefore the transaction is ignored by the Electronic Signatures system. No audit log is generated for the transaction.
All Denied (Configuration level) or Denied (Transaction level)	If selected at either Configuration or Transaction level, this access control prevents Operators from processing any SYSPRO transaction that is part of the Electronic Signatures system.
All Log Only (Configuration level) or Log only (Transaction level)	If selected at either Configuration or Transaction level, this access control allows operators to process the transaction, but an audit log is generated for the transaction (i.e. This is the same control as Allowed, except an audit log is generated).
All Excluded (Configuration level) or Excluded from definition (Transaction level)	If selected at either Configuration or Transaction level, the transaction is ignored. At configuration level this Access Control is an advanced option and should only be used with sophisticated conditional logic. The purpose of this option at configuration level is to cascade the access level up to the next level defined (i.e if the transaction is excluded for an operator, then the access level defined against the group applies. If this is set to excluded from definition, then the access level defined against the company applies). This option has no cascading effect when using role-based eSignature definitions, as there are no higher-up levels. You would typically select this option at Configuration level if you wanted to configure only a few transactions for Electronic Signatures (i.e. if selected at configuration level then the access control to all transactions listed in the transactions listview pane is set to Excluded. You can then select the option: Define by Transaction to configure the transactions you want to secure individually). If you select this option but do not configure any transactions individually, then this is equivalent to selecting the option: All Allowed for the selected configuration level.
Define by Transaction (Configuration level)	Select this at Configuration level to configure each SYSPRO transaction that is part of the Electronic Signatures system individually. If you select this option, then you can select the Configure option from the Transactions listview pane to define additional configuration options for each transaction. In addition, you can deselect individual transactions in the Transactions listview, thereby setting that transaction to Denied for the highlighted configuration level.

Access Control

Description

All Secured by eSignature (Configuration level)

eSignature (Transaction level)

Select this to set the current transaction or configuration level to be subject to Electronic Signatures.

If you select this access control at Configuration level, the transactions are subject to Electronic Signatures and therefore Operators must enter a password before the transaction can be processed.

If selected at Transaction level, you would need to additionally indicate if the operator is required to confirm with a password to proceed, or alternatively if a message box should be displayed, requesting confirmation with a default result to either proceed or deny the transaction.

If selected at either level, an audit log is generated for the transaction.

All Allowed (Configuration level)

Allowed (Transaction level)

If selected at either Configuration or Transaction level, this access control allows Operators to process the transaction without having to enter a password, therefore the transaction is ignored by the Electronic Signatures system.

No audit log is generated for the transaction.

All Denied (Configuration level)

Denied (Transaction level)

If selected at either Configuration or Transaction level, this access control prevents Operators from processing any SYSPRO transaction that is part of the Electronic Signatures system.

All Log Only (Configuration level)

Log only (Transaction level)

If selected at either Configuration or Transaction level, this access control allows operators to process the transaction, but an audit log is generated for the transaction (i.e. This is the same control as Allowed, except an audit log is generated).

All Excluded (Configuration level)

Excluded from definition (Transaction level)

If selected at either Configuration or Transaction level, the transaction is ignored.

At configuration level this Access Control is an advanced option and should only be used with sophisticated conditional logic.

The purpose of this option at configuration level is to cascade the access level up to the next level defined (i.e if the transaction is excluded for an operator, then the access level defined against the group applies. If this is set to excluded from definition, then the access level defined against the company applies).

This option has no cascading effect when using role-based eSignature definitions, as there are no higher-up levels.

You would typically select this option at Configuration level if you wanted to configure only a few transactions for Electronic Signatures (i.e. if selected at configuration level then the access control to all transactions listed in the transactions listview pane is set to Excluded. You can then select the option: Define by Transaction to configure the transactions you want to secure individually).

If you select this option but do not configure any transactions individually, then this is equivalent to selecting the option: All Allowed for the selected configuration level.

Define by Transaction (Configuration level)

Select this at Configuration level to configure each SYSPRO transaction that is part of the Electronic Signatures system individually.

If you select this option, then you can select the Configure option from the Transactions listview pane to define additional configuration options for each transaction.

In addition, you can deselect individual transactions in the Transactions listview, thereby setting that transaction to Denied for the highlighted configuration level.

Transaction Security Level Hierarchy

Transactions can be configured with different security levels for all operators, by Operator or by Group. In addition, each transaction can be configured with multiple conditions.

Therefore it is crucial to understand the security level hierarchy in both single and multiple Operator/Group/Company configurations:

Single Operator/Group/Company configuration - Processing of transactions with multiple conditions

If a transaction is configured for a single operator/group/company, with multiple conditions, and all of these conditions are true, then the following hierarchy is used to determine which condition applies:

Denied takes precedence followed by:

eSignature
Log only
Allowed
Excluded from definition

Therefore, if the condition is true and the security level is set to Denied, then this will override any other conditions for the transaction.

See also: Transaction Security Level Hierarchy in the Hints and Tips section.

The following illustrates the hierarchy used for processing multiple conditions in a Single Operator/Group/Company configuration:

If "condition 1" is set to Denied:

Then the security level for the transaction is set to Denied, regardless of what access control is set for "condition 2".
If "condition 1" is set to eSignature:

Then the security level for the transaction is set to eSignature.

Exception: If the access control for "condition 2" is defined as Denied, then "condition 2" would take precedence.
If "condition 1" is set to Log only:

Then the security level for the transaction is set to Log only.

Exception: If the access control for "condition 2" is defined as Denied or eSignature, then those access levels would take precedence.
If "condition 1" is set to Allowed:

Then the security level for the transaction is set to that of "condition 2".

Exception: If the access control for "condition 2" is defined as Excluded from definition, then "condition 1" would take precedence.
If "condition 1" is set to Excluded from definition:

Then the security level for the transaction is set to that of "condition 2".

Multiple Group configurations: Processing of transactions with multiple conditions

For each group, for the current transaction, it must be determined which security level applies. If there are multiple conditions, then this security level is determined as described above.

Where an operator belongs to multiple groups, the following security hierarchy is used to determine which group's configuration applies:

eSignature takes precedence followed by:

Log only
Allowed
Access denied
Excluded from definition

Therefore, if the operator belongs to any group where eSignature is configured for the current transaction, then this overrides any other conditions configured for another group for the same transaction.

The following illustrates the hierarchy used for processing multiple groups:

If "group 1" is set to Denied:

Then the security level for the transaction is set to that of "group 2".

Exception: If "group 2" has the access level defined as Excluded from definition, then "group 1" would take precedence.
If "group 1" is set to eSignature:

Then the security level for the transaction is set to eSignature, regardless of what access control is set for "group 2".
If "group 1" is set to Log only:

Then the security level for the transaction is set to Log only.

Exception: If "group 2" has the access level defined as eSignature, then "group 2" would take precedence.
If "group 1" is set to Allowed:

Then the security level for the transaction is set to Allowed.

Exception: If "group 2" has the access level defined as eSignature or Log only, then "group 2" would take precedence.
If "group 1" is set to Excluded from definition:

Then the security level for the transaction is set to that of "group 2".

Benefits and features

Electronic Signatures System

Securing of transactions by authenticating the operator performing the transaction.
Implementation of access control at transaction level rather than only at program level.
Control over who in your company is allowed to process various transactions.
Centralized management for ease of administration.
Configurable at role, operator, system, company or group level.

Elimination of paper document storage as records can be displayed on screen, in reports, electronically, or exported PDF format.

Electronic Signature Triggers

Electronic Signatures can be configured to activate triggers for integration to third-party systems or notification via email (e.g. after adding a customer).

These triggers furthermore enable the timely identification of abnormal events or transactions which may potentially indicate fraudulent activity.

Conditional logic can also be set so that an Electronic Signature Trigger is only fired when additional conditions are met.

See Trigger Setup for more information.

Configure and activate triggers to notify management when significant events occur, or to prevent operators from executing various transaction types, such as negative receipts.
Configure multiple actions to be executed automatically when an Electronic Signature transaction is successfully completed.
Configure VBScripts that can be invoked when a trigger is fired (This caters for almost unlimited triggering capability, since virtually any type of application can be invoked using VBScript).
Invoke SYSPRO Reporting Services (SRS) reports when a trigger is fired.

Audit Log

The Electronic Signatures system can be configured to maintain a detailed transaction log for auditing purposes (which can be retained indefinitely).

The eSignature Query program provides an audit log of information relating to transactions controlled by Electronic Signatures.

The eSignature Report program is used to generate a report of audit log information relating to transactions requiring Electronic Signatures.

The eSignature Purge program is used to remove audit log entries held on file, based on the age of the entries, in order to reduce the number of entries in the log file/table. This is due to the fact that the file/table can consume excessive disk space after you have used the Electronic Signatures system for some time.

This purge system can be controlled using the Global Configuration options within the Electronic Signatures Setup program. Within these options purging can be enabled or disabled, and the run time selection can be maintained.

Generate an audit trail of completed transactions, indicating who performed a transaction and when it occurred.
Audit trail is secure from modification or deletion
Archiving ability for record keeping
Computer-generated time-stamp to record the date and time of operator entry, including creation, modification, or deletion of records

Reference fields

Toolbar and menu

Field	Description
Options
Global Configuration	Select this to define the global configuration options for the Electronic Signatures system.
Configuration	These options are not available if you selected to apply Electronic Signatures on a system-wide level.
New	Select this to add a new configuration level.
Delete	Select this to remove the highlighted configuration level.
Copy Operators	Select this to copy the highlighted operator configuration to another operator. When you select this option, the Copy Operators screen is displayed and indicates the code of the operator from which you are copying the configuration. From the list view of all operators, you use the tick box to select/deselect the operator for inclusion/exclusion in the copy process. Select the Only show operators for group option to display operators for a specific group only. See also: Copying of configurations in the Hints and tips section.
Copy From Another Configuration	You use the Copy From Another Configuration option to copy the setup of another configuration to the selected level in the Configuration Level listview. This is particularly useful when changing existing eSignature configuration levels from operators to Groups or Roles, or from Groups to Roles. See also: Copying of configurations in the Hints and tips section and Setup considerations in the Notes and warnings section.
Transactions	The access control option you select here applies to the currently highlighted Configuration Level. If you selected to apply Electronic Signatures at a system-wide level, then the options you select here will apply to all operators in all companies. See Access Control Levels for explanations of each option.
New	Select this icon to add a new configuration level.
Delete	Select this icon to remove the highlighted configuration level.
Copy From	Select this to copy the highlighted configuration level to another configuration level(s).

Global Configuration

Field	Description
Electronic signatures required	Select this to enable the Electronic Signatures system.
Secure by default	Select this to define the access control of all new eSignature transactions added to the system, as Denied by default. This means that you will have to manually change the access control for any new transactions that are added to the SYSPRO application after you have made this selection. However if the SYSPRO application has a new eSignature against a transaction that was previously not part of the eSignature system, then the transaction will default to Allowed. This is to prevent the situation of transactions which were working prior to an upgrade, being Denied by eSignatures when you download the latest SYSPRO software. If you do not select this option, then any new eSignature transactions added to the system are automatically set to Allowed by default.
Configuration level
System-wide	Select this to apply Electronic Signatures on a system-wide basis. If you select this option, then the access control option you select from the Transactions menu will apply to all operators and groups across the system (i.e. in all companies). In addition, any advanced settings specified will apply to all operators and groups across the system.
Company, group, operator or role	Select this to apply Electronic Signatures at company, operator group, operator role and/or operator level. See also: Restrictions and limits in the Notes and warnings section regarding roles.
Specify company for operator/group/role	Select this to specify the specific company in which the Electronic Signature settings for groups, roles and operators applies. You typically select this option if you have operators who have access to more than one company and you want to define their access to transactions differently in each company. If you do not select this option, then the Electronic Signature settings you define for operators, roles and groups apply to those operators, roles and groups in all companies. This option is only enabled if you selected the Configuration level: Company, group or operator. See also: Restrictions and limits and Configuration considerations in the Notes and warnings section.
Authentication by	The Electronic Signatures system can be configured to require a password to be entered before certain transactions can be processed. This section enables you to indicate which password must be used for the authentication process.
Operator password	Select this to use the operator password as the authentication password for transactions. If you select this option, then you must ensure that a password is configured for the operator (Operators - Password tab).
Alternate operator password	Select this to use the Alternate operator password (SYSPRO Ribbon bar->Setup->Passwords) as the authentication password for transactions. If you select this option, then you must ensure that an alternate password is configured for the operator. See also: Alternate operator password in the Hints and tips section.
Purge options
Allow purge	Select this to be able to access and use the eSignature Purge program to remove audit log entries. Do not select this option if you want to retain audit log entries indefinitely.
Allow run time selection	Select this to be able to define the option: Delete log records older than at the time of running the eSignature Purge program. This option enables you to indicate the number of months or years according to which entries must be removed.
Purge log records older than	Indicate the number of months or years for which you want to retain audit log entries created by the eSignature Query program. If you select the option: Allow run time selection, then you can change the entry you make here at the time of running the eSignature Purge program.

Configuration Level Listview

The following information is included in the Configuration Level listview pane:

Column	Description
Type	This column indicates the configuration level (i.e. company, group, role or operator).
Company	This indicates the company applicable to the configuration level.
Item	This indicates either an operator, an operator role or an operator group.
Name	This column displays the description for the company, group, role or operator.

Transactions Listview

The Transactions listview pane displays the default SYSPRO transactions that can be secured using eSignatures.

Column	Description
Transaction description	This displays the module and transaction description.
Access control	This displays the current access control level defined for the transaction for the selected configuration level. You can also choose a different access control for the transaction from the drop down menu in this column. An entry of Conditional in the Access control column indicates that the transaction is subject to more than one condition.
Configure	Select this to configure additional conditions for the transaction. You can only select this if you selected the option: Define by Transaction from the Transactions menu. (Alternatively, use your right mouse button to select the Advanced Configuration option)
Module	This indicates the module in which the transaction applies.

Add a New Configuration

You use the New option from the Configuration menu to add configuration levels.

Field	Description
Configure by	Select the type of configuration level you want to use. Options available are Operator, Group or Company.
Company	Enter the company code for which you want to add a configuration level.
Operator	Enter the operator for whom you want to add a configuration level.
Group	Enter the operator group code for which you want to add a configuration level.

Transaction Configuration

You use the hyperlink option inside the Configure column of the Transactions listview pane to define additional configuration options for each transaction, however you can only define additional configuration options for a transaction if you selected the Define by Transaction access control at Configuration level.

When you select the Configure option for a transaction, a listview displays the conditions already defined for the transaction. The additional configuration options you define will apply to the transaction condition highlighted in this listview.

Optionally, from this listview you can right click on a transaction condition to select either New Condition (See New Condition) or Delete (Deletes the condition highlighted in the listview).

Transaction Details

The options on the Transaction Details tab enable you to define the access control level and effective period for a specific transaction.

Field	Description
Description	This displays the description assigned to the condition for the transaction.
Define	Select this to maintain the condition for the currently highlighted transaction. This function is only displayed when you highlight a user defined transaction in the listview.
Access control level	The access control level you select at this option applies only to the currently selected transaction condition. See Access Control Levels for explanations of each option.
Effective period	Indicate the period(s) for which the access control level for the current transaction applies.
Always	Select this if the access control level for the transaction is always applicable.
Date range	Select this to apply the access control level for the current transaction for a specified date range. Enter the first and last date in a range of dates for which the access control level applies to the selected transaction.
New Condition	Select this to define a new condition for the transaction. See New Condition for further information.

Logging and Trigger Options

You use this tab to configure the logging and trigger options for the transaction.

These are only enabled if the access control level on the Transaction Details tab is set to Log only or to eSignature.

Field	Description
Audit	Where applicable, a default log is created for transactions (see eSignature Query). If you selected the option: Define by Transaction from the Transactions menu, then you can define additional variables to include in the audit log for both default and user defined transactions.
Detail log required	Select this if you want a detailed log to be generated for the currently selected transaction.
Configure Details	Indicate the details you want to include in the transaction log for the current transaction. These details are displayed when you select the Show Detail function in the eSignature Query program. See Configure Detail Log for further information.
Triggers
Transaction successful	Select this to define a trigger against the transaction.
Setup Trigger	Select this to use the Trigger Setup program to define trigger options.

New Condition

You use the New Condition function to define new conditions for the transaction. Multiple conditions can be defined for a single transaction, up to a maximum of 50 user-defined conditions.

Refer to Transaction Security Level Hierarchy for details on access level precedences for conditions.

Field	Description
Condition	Select the type of condition you want to configure: Default condition (define additional options using the default condition for the transaction) User defined (define your own condition, together with its options)
Description	Enter a description for the condition.
Name	Assign a name to the condition.
Define Condition	Select this to define additional conditions against the transaction condition. This function is only enabled for User defined conditions.

Define Condition

When configuring a User defined condition, you use the Define Condition function from the New Condition screen to specify the conditions that must apply.

You can combine simple conditions using and/or logic. A simple condition comprises the comparison of two fields which should both be the same type (i.e. Alphanumeric, numeric or date). These fields are compared algebraically, alphabetically or chronologically, depending on their type.

When the Electronic Signatures system evaluates a condition, the following rules are applied:

The simple conditions are compared to determine if they are true or false.
If any brackets exist, then all the And combined conditions within the brackets are evaluated to true or false.
If any brackets exist then all the Or combined conditions within brackets are evaluated to true or false.
All the remaining And combined conditions are evaluated to true or false.
All the remaining Or combined conditions are evaluated to true or false.
The result is either true or false.

See also: Field considerations in the Notes and warnings section.

The following information is included in this Transaction listview window:

Field	Description
Save and Exit	Save the condition configuration details and return to the previous screen.
Insert Row	Select this to add a new condition row to the list of conditions. The new condition row is added above the currently highlighted condition row. You cannot insert a condition row above the first condition row.
Remove Selected Row	Select this to remove the currently highlighted condition row from the condition.
Remove All Rows	Select this to delete all condition rows from the condition. This has the same effect as deleting the entire condition for the transaction.
Condition Configuration
And/Or	For the beginning of the first condition, this defaults to If and cannot not be changed. Select And to combine conditions using AND logic. When applying AND logic, the combined condition is true if both simple conditions are true. Select Or to combine conditions using OR logic. When applying OR logic, the combined condition is true if either of the simple conditions are true.
Open bracket	Use brackets to group multiple conditions. Brackets determine how multiple conditions are evaluated.
Field or Variable	Select a field from a table/file or a system or key variable to use in the condition. See also: Field or Variable options.
Condition	Enter a valid condition that must be used to compare the fields. If the fields are numeric, then they are compared algebraically. If the fields are alphanumeric, then they are compared alphabetically. If the fields are dates, then they are compared chronologically. The following options can be selected: Equals Less than Greater than Less than or equal Greater than or equal Not equal Contains Does not contain Begins with
Field, Variable, String or Constant	Select a field from a table/file or a system variable, or enter a string, number, time or date to use in the condition. Only variables whose values are available prior to the transaction being completed are displayed. The reason is that if you had a condition such as: if %OrderValue > 10000 then deny transaction, the order value can only be established once the order is complete. The transaction can therefore not be denied before the order is complete so the condition cannot be applied. Similarly for add or post type transactions, you cannot use a field from the item being added (e.g. when adding a customer you cannot specify that a field against the customer has a value, as the customer has not yet been added). You can however use one or more of the supplied user variables. See also: Field considerations in the Notes and warnings section.
Close bracket	Use brackets to group multiple conditions. Brackets determine how multiple conditions are evaluated.

Field or Variable options:

Variables are case sensitive (for example, you must use %Key as %key will not work). However when you tab off the field, the system looks up the field/variable name in a case insensitive way and will replace it with the item of the correct case (e.g. if you type %key and tab from the field, the value %Key will be inserted).

Fields include:

Primary table columns - e.g. InvMaster.Description (available for all transactions)
Custom form table columns - e.g. InvMaster+.Status (available for all transactions)

This only applies when using SYSPRO in an SQL environment.

Depending on the primary table associated with the transaction (and only when the transaction is maintaining or deleting an item) you can provide fields or custom form fields related to the primary table.

Variables include:

In addition to being able to select fields from a primary table, some transactions also provide the ability to select fields from additional linked tables and their custom forms, however this is only available where a custom form type has been defined for the variable column.
System variables

Field/Variable

Description

%Key

This variable is the key of the main file/table used by the transaction.

The key can comprise of more than one item of information (i.e. be a composite key). In other cases, the key comprises of only one item of information (e.g. the customer code or stock code).

%xxx

Transaction variables start with % and can be used to reference transaction values passed to the eSignatures system.

System variables start with $ and allow you to access system-wide information not related to the specific transaction being processed.

$ConditionDescrip

This system variable is the description defined against the condition.

$OperatorGroup

This system variable is the primary group defined against the operator (Operators - Operator Details).

$OperatorCurGroup

The contents of this system variable is determined by the electronic signature that is being processed. This entry can and will contain the following:

eSignature Definition	Contents of $OperatorCurGroup
System	Spaces
Company	Spaces
Group	Group code
Operator	Operator
Role	Role

Unless you are defining electronic signatures at group level, this variable is populated by the key for the individual electronic signature and not a group code.

$CompanyDate

This system variable indicates the system date.

$Date

This system variable indicates the operator's computer date.

Configure Detail Log

This screen is displayed when you use the Configure Details function from the Logging and Trigger Options tab.

You use this screen to select additional variables you want to log for the selected transaction. This is in addition to the default log that is created (You can view the audit log details for a transaction by selecting the Show Detail option in the eSignature Query program).

It is important to note that by adding a large number of variables to the detail log, you will significantly increase the size of the detail audit log table. Therefore you should consider only including variables that are necessary.

Field	Description
Available Variables
Variable	This column lists system variables and fields from the main file/table used in the transaction. See also: Field or Variable options.
Description	Indicates the description assigned to the variable.
Variable type	Indicates whether the variable is a transaction type variable or a system variable. All transaction variables begin with a '%' sign. All system type variables begin with a '$' sign.
Select All	Select this to include all variables in the detailed log.
Deselect All	Select this to exclude all variables from the detailed log.

eSignature control messages for Roles

Depending on your current Electronic Signatures settings, the following messages could be displayed when you access the eSignature Setup program from the Roles program:

eSignatures are not enabled

This message is displayed if you have not selected the option: Electronic signatures required (Global Configuration).

Selection	Result
Enable eSignatures	The eSignatures system is enabled for you, and the default eSignature settings are applied to the role you are currently maintaining in the Roles program.
Close	The eSignatures system is not enabled and you remain in the Roles program.

Do you wish to configure eSignatures by Role?

This message is displayed if the eSignatures system is currently defined as System-wide (Global Configuration).


	Changing eSignatures to be configured by Role means that your current system-wide configuration is deleted.

Selection	Result
Copy system-wide	Your current system-wide settings are applied to the role you are currently maintaining in the Roles program. This enables you to start configuring eSignatures by Role using the existing system-wide eSignature settings. If you select this option, then your current system-wide settings are copied to the Role and are thus retained against the role, even though the system-wide configuration itself is deleted.
New Configuration	The Role is added to eSignatures with the default eSignature settings. If you select this option, then your current system-wide configuration is deleted and you will have to configure the Role from scratch.
Close	The Role is not added to eSignatures, your system-wide settings are retained and you remain in the Roles program.

Selection

Result

Copy system-wide

Your current system-wide settings are applied to the role you are currently maintaining in the Roles program. This enables you to start configuring eSignatures by Role using the existing system-wide eSignature settings.

If you select this option, then your current system-wide settings are copied to the Role and are thus retained against the role, even though the system-wide configuration itself is deleted.

New Configuration

The Role is added to eSignatures with the default eSignature settings.

If you select this option, then your current system-wide configuration is deleted and you will have to configure the Role from scratch.

The Role is not added to eSignatures, your system-wide settings are retained and you remain in the Roles program.

Library

The Electronic Signatures Library contains all of eSignature transactions available in the Electronic Signatures system.

Notes and warnings

Restrictions and limits

You cannot add a new Role directly into the eSignature Setup program, you need to access the system from the Roles program.

The following restrictions apply to the eSignature Setup program, when it is accessed from within the Roles program:
- you cannot add a new role.
- the only options available are Delete and Copy From Another Configuration.
- From the Global Configuration screen, only the Authentication by and Purge options are available.

When using eSignatures in a SYSPRO 7 standalone environment, there is a known SQL error when calling business objects through VB Scripting.

An example of how this error occurs would be:

When a SYSPRO program (i.e. program A) is busy with a SQL transaction and an e-signature VBScript (which contains a business object) is called, the business object starts its own SQL connection and thus interferes with the active SQL transaction of program A.


	This error does not occur when running SYSPRO 7 in a Client-Server environment or when running SYSPRO 8.

eSignature Transaction conditions

When defining conditions inside the Transaction screen:

If you enter a string, number, time or date in the column Field, Variable, String or Constant, you must use the following formats:
- String - can be entered as is, or surrounded with single or double quotation marks.
  
  If the system is unable to clearly identify the entered value as a string, then you can surround it with single or double quotation marks (e.g. A100 and 'A100' and "A100" are all equivalent).
- Numbers - must be entered without quotation marks. Numbers can be positive or negative.
- Dates - must be entered in the format: CCYYMMDD.
- Times - must be entered in the format "HH:MM" (i.e. with double quotation marks).
Some transaction variables are only available after the transaction is completed.

This is often the case in processing programs, where variable values are calculated during the processing of the transaction. %OrderValue is one of these types of variables.

You can look in the IMPTRN.XML file and check the 'before' attribute. If this is set to No then the variable is not available prior to the transaction having been completed.
When defining a condition for an add type transaction (e.g. AP Supplier added), you will not have access to the Primarytable.columns in the configuration, as this information does not exist yet.

Access control considerations

The access levels you define against an individual operator take precedence over the access levels you defined at company level.
Each transaction condition can have a different access control level.
Each operator group can be assigned a different access level. Refer to Transaction Security Level Hierarchy for details on resolving access levels when an operator belongs to multiple groups.
If you select the access level eSignature or All Secured by eSignature, then a password must be defined against each operator who has access to the transaction. This will either be an operator password (Operators - Password tab) or an alternate password (SYSPRO Ribbon bar->Setup->Passwords), depending on your selection at the Authentication by option on the Global Configurations screen.
Where transactions are configured against a specific operator, the access level defined against the operator applies (except if this access level is set to Excluded from definition), regardless of the configuration against any groups to which the operator belongs.

If the access method for a transaction configured against an operator is set Excluded from definition, then the access level defined against the operator's group(s) applies.

If the access level against the group(s) is also set to 'Excluded from definition, then the access level defined against the company applies.

Setup considerations

If you select to configure Electronic Signatures on a system-wide basis, you will be unable to add configuration levels.
Settings at operator level take precedence and where an operator belongs to multiple groups, the group permissions are resolved appropriately (refer to Transaction Security Level Hierarchy).
If you select the option: Specify company for operator/group on the Global Configuration screen:
- When you add a configuration level for a group or an operator, you must specify the company for that operator or group. The transaction settings you define will then apply to the operator or group in the specified company only. Once you have added the company/group or company/operator combination, the company code is displayed together with the group or operator in the Transactions listview.
- You cannot copy eSignature configurations from one operator to another.
If you did not select the option: Specify company for operator/group on the Global Configurations screen, then the Company field is disabled. The transaction settings you define will then apply to the operator or group in all companies. Once you have added the group or operator, no company code is displayed for the group or operator in the Transactions listview.

Hints and Tips

Copying of configurations

The Copy Operators function is useful if more than one operator requires the same eSignature configuration. You need only define the configuration for one operator and then use this option to copy that configuration to the other operators.

This option is not available if you selected the option: Specify company for operator/group/role (Options > Global Configuration).
An example of how the Copy From Another Configuration function is useful:

Assume you previously configured eSignatures at Operator level and you now want to configure eSignatures for Roles (see Roles) and the eSignature configuration for one of the operators you want to assign to a role typifies the configuration you require for the role.

You can copy the Operator configuration to the new Role and once copied, you can change the Role configuration if required. This saves you having to entirely re-configure eSignatures for the new Role.

Similarly, you could copy an existing Group configuration to a Role.

Once you have assigned the operator(s) to Roles, you can delete the individual operator configurations from eSignatures.

Transaction Security Level Hierarchy

An example of the hierarchy used for access control in a Single Operator/Group/Company configuration:

You used the Advanced Configuration option to define the following against a transaction:

Name	Access control level	Condition
Condition 1	Log only	Whenever stock on hand changed
Condition 2	Allowed	Stock on hand < Safety level
Condition 3	Denied	Stock on < 0

If all the above conditions are true, then the security level 'Denied' would apply.

If the first and second conditions were true, then 'Log only' would apply.

Alternate operator password

A typical use of an alternate password would be if you require certain transactions to be approved by a supervisor. You define the transaction access level as eSignatures and select this option. Ensure that only the supervisor has access to the alternate password. When the operator processes the transaction, the supervisor must enter the correct alternate password, before the operator can continue.

Defining the Global Configuration for Electronic Signatures

You would typically follow this procedure to configure Electronic Signatures at system-wide, company, operator or group level which can apply across all companies or to specific companies.

Open the Electronic Signatures program.
From the Options menu select Global Configuration.
Enable the Electronic signatures required option.
At the Configuration level section, indicate the level at which you want to configure Electronic Signatures.

If you change your existing configuration level from system-wide, a warning message is displayed indicating that your current configuration will be lost.

If you want to configure Electronic Signatures separately for different companies, enable the Specify company for operator/group/role option. Otherwise the configurations selected for each group will apply to those groups in all companies. The system will prompt you to add a new configuration level specific to each company.
At the Authentication by field, select the type of password you want operators to use for Electronic Signatures.
At the Purge options section, optionally indicate whether you want to be able to purge log records.

Adding a new configuration level

You would typically follow this procedure to add a new configuration level to the Electronic Signatures system.

Open the Electronic Signatures program.
From the Configuration menu, select the New option.
At the Configure by field, select your required configuration level and then enter the company, group or operator details for which you want to configure Electronic Signatures.

Copying an Electronic Signatures configuration

You would typically follow this procedure to copy the configuration of Electronic Signatures from one operator to another.

Open the Electronic Signatures program.
Highlight the configuration level that you want to copy and from the Configuration menu, select the Copy Operators option.
Within the Copy Security screen, indicate the operator(s) to whom you want to copy the configuration and then select Copy to copy the current configuration to these operator(s).

You can optionally select the Only show operators for group option to enter the operator group for which you want to display the operators in this listview.

This is useful if you have defined the configuration for a single operator in a group and now want to copy this configuration to the other operators in the same group.

Defining access control at configuration level

Ensure that the Global Configuration has been defined.

You would typically follow this procedure to define the access control levels of Electronic Signatures at configuration level.

Open the Electronic Signatures program.
In the Configuration Level pane, highlight the level for which you want to define the access control level.
From the Transactions drop-down menu, select the access control method you want to apply to transactions.
- If you select All Secured by eSignature, then you must define a password against the operators at the configuration level.
- If you select All Allowed, then no transactions are subject to the Electronic Signatures system for this configuration level (i.e. SYSPRO will operate as though you have not selected to use the Electronic Signatures system for the configuration level).
- If you select All Denied, then the operators at this configuration level are unable to process any transaction that is currently defined in the Electronic Signatures system.
- If you select All Log Only, then the operators at this configuration level have access to all transactions, however the Electronic Signatures system generates an audit log of transactions.
- If you select All Excluded, then the operators at this configuration level have access to all transactions.
- If you select Define by Transaction, the default access control level for all transactions is set to: Allowed and you then configure each transaction separately for the configuration level.

Adding a user-defined condition

You would typically follow this procedure to configure additional user defined conditions for a specific transaction in the Electronic Signatures system.

For example you can define a condition against the WIP Job Creation transaction to deny an operator from creating jobs for customers who have exceeded their credit limit.

From the Electronic Signatures program, select the configuration level for which you want to define conditions against a transaction.
Select Define by Transaction from the Transactions menu and then confirm the message box that appears which advises that this option allows the configuration of each transaction separately.
Highlight the transaction for which you want to define a condition and select the Configure hyperlink.

Alternatively, right-click the transaction and select Advanced Configuration.
Select the New Condition function.
At the Condition field, select User defined and enter a meaningful description in the Description field.

You can optionally enter a specific condition code at the Name field.
Select the Define Condition function, add the conditions you require and then save your changes.
From the Transaction Details tab, select the access control level you require for this new condition and apply your changes.

Optionally define an effective period for the condition.

Defining access control at transaction level

Ensure that the Global Configuration has been defined.
Ensure that the access control for the configuration level has been defined as Define by Transaction.

You would typically follow this procedure to define the access control of a specific Electronic Signatures transaction.

Transactions can be configured with different access control methods for all operators, by operator or by group. Additionally, each transaction can be configured with multiple conditions.

Open the Electronic Signatures program.
From the Configuration Level pane, select the level for which you want to define access control at transaction level.
Highlight the transaction for which you want to define the access control and select the Configure function.
Configure the access control level for the highlighted transaction condition in the Transaction Details tab and apply to save your changes.

Configuring a detailed transaction log for auditing purposes

You would typically follow this procedure to generate a more detailed log per transaction, apart from the audit log which is generated by default when you set a transaction's access control to eSignatures or Log only.

From the Electronic Signatures program, select the configuration level for which you want to define a detailed audit log.
Select Define by Transaction from the Transactions menu and then confirm the message box that appears which advises that this option allows the configuration of each transaction separately.
Highlight the transaction for which you want to generate a detailed audit log and select the Configure hyperlink.

Alternatively, right-click the transaction and select Advanced Configuration.
Select the condition for which you want to apply the detailed audit log and then select Detailed log required from the Logging and Trigger Options tab.
Select the Configure Details function and indicate the variables you want to include in the detailed log for the transaction.

Configuring a new Electronic Signatures trigger

Ensure that your access control level for the applicable configuration level is set to Define by Transaction.
Ensure that your access control level for the applicable transaction is set to eSignature or Log only.

You would typically follow this procedure to configure a trigger against an Electronic Signature transaction, whereby an operator is informed of changes made to a program.

From the Electronic Signatures program, select the configuration level for which you want to configure a trigger against a transaction.
Highlight the transaction for which you want to configure a trigger and select the Configure hyperlink.

Alternatively, right-click the transaction and select Advanced Configuration.
Select the condition for which you want to configure a trigger, enable the Transaction successful option from the Logging and Trigger Options tab, and then select the Setup Trigger function.
From the Maintain Trigger pane, select the trigger Type and then edit the Description if required.
- If you select Email, Run a VBScript, Write to message inbox, or Run an SRS Report, select the Edit function at the Contents field to indicate the details applicable.
- If you select Run any NetExpress program, indicate the Program applicable.
- If you select Run any application, indicate the Command line and Start in applicable.