SYSPRO Security
Exploring
SYSPRO incorporates a number of facilities aimed at securing the system from unauthorized access.
The various levels at which security can be defined enable you to implement internal controls according to your own business requirements.
Security measures range from login authentication to access levels configured per operator against programs, transactions, activities and fields.
-
Tailored security measures
You can configure your system security to be as simple, or as finely-tuned as your operating environment requires.
-
Segregation of duties
You can ensure a method of working whereby tasks are split between different members of staff to reduce the scope of error and fraud.
For example: Clerks who post invoices in Accounts Receivable should not be the same people who process the payments of these invoices.
-
Controlled access
External access to data is controlled through the SYSPRO integration framework and e.net business objects, thus maintaining the SYSPRO business rules and security integrity.
Standard security features include password control as well as group and operator maintenance facilities.
Administrators can also control access down to certain business processes, companies, modules, menus, program functions and activities.
-
Data visibility
You have visibility down to transactional data for key codes such as warehouse, bank, salesperson, ledger, etc.
-
Audit trails
Master data amendment journals and transactional audit trails provide records of data changes and the users responsible.
The job logging facility provides an audit trail of user access and processing activity.
Additionally, the Electronic Signatures system can be configured to maintain a detailed transaction log for auditing purposes (which can be retained indefinitely).
-
Transaction level security
Electronic Signatures enable administrators to secure transactions by authenticating the operator who is performing the transaction. This can be configured at system, company, group, role, or operator level.
You can also configure the system to activate triggers for integration with third party systems or notification via e-mail.
Starting
Solving
Why don't you drop us a line with some useful information we can add here?
Using
Referencing
SYSPRO provides a number of facilities that ensure security and authentication across various levels:
Access level | Description |
---|---|
SYSPRO level |
An operator ID and password is required to access SYSPRO. |
Company level |
Access to a SYSPRO company can be restricted in a number of ways:
|
Program level |
Access to SYSPRO programs can be restricted in a number of ways:
|
Transaction level |
Transactions in SYSPRO can be secured in a number of ways:
|
Activity level |
You can restrict access to specific activities in SYSPRO at operator level, as well as by assigning passwords to specific activities. |
Field level |
You can restrict access to specific fields in SYSPRO by denying operator access to the editing of fields and viewing of sensitive company data. |
Company-wide setup options enable you to tailor SYSPRO to suit a company's control requirements.
Source | Description |
---|---|
Operators |
In SYSPRO, the basic control entity is through the operator code. An operator is any person in an organization who requires access to the company data to perform tasks. Operators are typically configured by system administrators, where a login name is assigned to each individual and access rights are configured according to the function the operator performs within the organization. The configuration of operators enable system security to be controlled at an individual level, regulating the type of tasks and activities that individuals can perform, as well as certain field access based on the authority granted to them. Other features of operator security control include:
|
Groups and subgroups |
In SYSPRO, security groups refer to a collection of operators who have access to company data. Groups are typically configured by system administrators and access rights are then configured according to the function the group performs within the organization. Subgroups enable you to assign operators to multiple groups. This accommodates the need for certain operators to inherit the program access settings of a number of different groups, without you having to configure additional groups.
When
establishing an operator's level of access to a program, access is denied
only if all the groups to which the operator belongs deny access to that
program.
|
Roles |
In SYSPRO, roles enable security and user-interface customization to be configured by organizational role. These provide a simplified means for a system administrator to pre-configure and control the user interfaces, settings, program access, access control and access to activities and fields presented to SYSPRO operators. By default, a set of roles based on the SYSPRO Business Process Management System are imported to a SYSPRO company. This includes a sample organogram which is a visual representation of roles and hierarchies within the company. |
Passwords |
In SYSPRO, passwords form an integral part of establishing system security and enabling the restriction of unauthorized access to companies, modules, programs and functions. Passwords and password rules can also be configured against operators to improve the integrity of their use in the system. Operators can be forced to change their passwords at prescribed intervals and rules that must be adhered to when defining passwords can be specified (e.g. a minimum number of characters, forcing combinations of word and numbers, preventing the recycling of operator passwords, etc.). |
Setup |
During implementation, setup options must be configured for each SYSPRO module. These enable the company-wide settings to be tailored to suit a company's operational environment and requirements. For example: You can configure how requisitions for purchase orders, stores and capital assets must be managed and processed; how variances during a stock take must be detected and reported; or how various transaction items must be numbered. |
Electronic Signatures |
Electronic Signatures provides access control at transaction level rather than only at program level. This enables the securing of transactions by authenticating the operator performing the transaction. Electronic Signatures also assist with the implementation of segregation of duties. They are commonly used in companies where Sarbanes-Oxley compliance is required because they control access to the processing of specific transactions, as well as provide a trace of who performed each transaction and when it was performed. Electronic Signature triggers also enable the timely identification of abnormal events which may potentially point to fraudulent activity. |
Monitoring allows observers to be aware of the state of a system so that action can be taken if any changes or irregularities occur.
SYSPRO's monitoring functions include dashboards that provide a visual indication of what is happening, as well as systems which can be automated, so that continuous control monitoring can be implemented.
Source |
Description |
---|---|
Event Management |
You can configure events to be monitored in SYSPRO as they occur, and invoke third party applications when this happens (e.g. when stock falls below zero). Events monitor the values of certain fields within SYSPRO and can be configured to perform tasks when predefined levels are met. The actions that can be associated with an event include launching programs, sending email messages to specified persons, or writing the occurrence of the event to the Event Log. With an event you can perform one task, but can have multiples of the same event configured. A trigger, on the other hand, can be configured to perform up to nine tasks (called Programs) but you can't configure multiples of the same trigger. |
Triggers |
Triggers are similar to events, but where events are typically when certain criteria are reached; triggers are typically around specific tasks being performed. Triggers are used to invoke third party applications when a particular trigger is activated in SYSPRO (e.g. after adding a customer). Several of the available triggers can be used to highlight potentially abnormal transactions that may indicate fraudulent activity. |
Electronic Signatures |
Electronic Signatures can be configured to maintain a transaction log for auditing purposes, as well as activate triggers for integration to third party systems, or notification via email. These trigger options enable the configuration of multiple actions to be executed automatically when an electronic signature transaction is successfully completed. Electronic Signatures also enable the configuration of VBScripts that can be invoked when a trigger is fired. This caters for almost unlimited triggering capability, since virtually any type of application can be invoked using VBScript. Additionally, Electronic Signatures enable SYSPRO Reporting Services reports to be invoked when a trigger is fired. |
Dashboards |
SYSPRO Dashboards provide an interactive visual presentation of realtime data in the ERP system. They allow managers and executives to see current status and trends of specific organizational metrics and to gauge how business operations are performing. |
Together with risk and compliance management, the role of auditing is to analyze and assess business data, transactions and processes, as well as to provide insight and recommendations for changes. In addition, auditing provides notification of breaches of policies and procedures.
Source |
Description |
---|---|
System Audit Log |
System audit logs enable the company to track any changes made to the system that affect system security. In addition to enabling more effective system security maintenance, the audit log traces logins which allow system administrators to make more accurate recommendations about the purchase of additional licenses. |
Job logging |
The Job Logging Setup program maintains a log file of all programs that have been accessed by operators. This log file stores information regarding the program accessed, the date and time that the program was accessed, the length of time that the program was in use, the operator who loaded the program, as well as the computer name and process ID from which the program was run. |
Amendment Journals |
Amendment journals track changes made to master files, company setup and operator information. You can also report on these changes using SYSPRO Reporting Services. |
SQL Diagnostics |
The SQL Server Diagnostic program identifies potential problems with the SQL Server database used by SYSPRO companies. It also identifies any differences between the existing database and the standard SYSPRO tables, columns and indexes that should exist; as well as missing user-defined tables, columns and indexes. |
Reporting |
A wide range of reports can be used to audit the security and integrity of an installation by control account reconciliation. SRS Report Archiving enables reports to be electronically archived in the version that was produced at the time that they were run. This provides secure electronic access to transaction audit trails and financial statements. |