9700 3.x Security Guide

1Sim 9700 3.x Security Guide In This Document This document describes 9700 s security design, features that monitor actions that employees take on the System, and features that restrict employee access to the database, reports, and operational procedures. Declarations... 2 Overview... 3 Authentication... 5 Authorization/Privileges... 7 Encryption... 50 Audit Trail... 51 Security Maintenance... 56 9700 3.x Security Guide MD0006-090

Declarations Declarations Warranties Trademarks Printing History Although the best efforts are made to ensure that the information in this document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but not limited to the implied warranties of marketability and fitness for a particular purpose. Information in this guide is subject to change without notice. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information recording and retrieval systems, for any purpose other than for personal use, without the express written permission of MICROS Systems, Inc. MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this guide. Windows is a registered trademark of Microsoft Corporation. FrameMaker is a registered trademark of Adobe Corporation. New editions of this guide incorporate new and changed material since the previous edition. Minor corrections and updates may be incorporated into reprints of the current edition without changing the publication date or the edition number. Edition Month Year Software Version 1st July 2007 3.x 2 MD0006-090

Overview Overview Security features in 9700 are divided into the following areas: Securing the client s property with 9700 applications and database servers Keeping servers, Windows operating systems, and 9700 applications up-todate with security fixes Setting up operating systems and database users with the following security guidelines: No master password Allow password changes Grant minimal privileges whenever possible Authenticating workstations on the Network Protecting data during storage and transmission Monitoring functionality via Audit Trail Enabling Authorizations and Privileges via Employee IDs, Employee Levels, Employee Groups, Access Levels, Employee Classes, and Workstation Privileges What to Protect Permanent data stored on the 9700 database server: The database will contain a mix of sensitive information (credit cards, employee social security numbers, employee identification numbers), less sensitive data, configuration information, and sales figures. Temporary data cache: Flat files on the workstation contain a cache of the configuration data needed for the workstation to operate in offline mode and store transaction data during operations. Transaction data can contain sensitive information, such as credit card information. Data that is transmitted between the workstation and the server during normal operations and during data playback. 9700 3.x Security Guide 3

Overview 9700 Technical Design Any Credit Card data is wiped out of memory as soon as it is used Encrypted authorization and transactional data is kept in the database Pathway between WinStation to OPS is clear Pathway between SAR and POSSRV is encrypted using CryptoAPI Pathway from processes to CC driver is encrypted Pathway from CC driver to Agency is beyond MICROS control Credit Card Settlement Retention of Credit Card detail is kept for 6 weeks in the CHECKS table and purged automatically Any Credit Card data available on receipts or check images is masked/ encrypted 4 MD0006-090

Authentication Authentication Overview Authentication is the process of ensuring that people on both ends of the connection are who they say they are. Applicable to not only the entity trying to access a service, Authentication is also applicable to the entity providing the service. EMC Authentication All users credentials of the 9700 System are stored in the central database. Anyone who has access to the Enterprise Management Console (EMC) must provide a login of a valid username/password. No two MICROS users can have the same username. MICROS Systems, Inc. mandates client sites maintain proper configuration and adhere to privilege level restrictions based on a need-to-know basis. For security purposes, each user s activities are traced via Audit Trail. To ensure strict access control of the 9700 application, always assign unique usernames and complex passwords to each account. For more information, please see the 9700 PABP Compliance document specific to the site s software version. Note The 9700 System does NOT use the Windows Login. Workstation Authentication User Authentication A user must authenticate themselves through the workstation by signing in using a unique employee ID number or an employee magnetic card. 9700 3.x Security Guide 5

Authentication Database User Management MICROS Systems, Inc. mandates that users create a strong, PCI compliant password for the EMC user account within the EMC s Personnel Employees module after initially logging into the EMC for the first time. The password must be PCI compliant, containing at least 8 alphanumeric characters with both letters and numbers. For more information, please see the 9700 PABP Compliance document specific to the site s software version. During 9700 s installation, the wizard prompts for the creation of a Database Administrator username and password. The Database Administrator is used to log into the SQL Server 2005 database (or the Oracle 10g database, depending on the site s setup). 9700 s installation wizard also prompts for the creation of a MICROS Database User. 9700 s code uses the MICROS Database User to access the database during communication with services. Before any code can make SQL (or Oracle) statements to the SQL database (or Oracle database), the SQL database requires a username and password in the SQL string. Always assign strong usernames and passwords. When creating the usernames and passwords for the Database Administrator and MICROS Database User during the 9700 installation, users are advised to create a strong password for the user account consisting of at least 8 alphanumeric characters including both letters, numbers, and special characters for all 9700 accounts. Whenever possible, always assign strong application and system passwords. Database credentials are stored in the configuration file on the 9700 application server, which is encrypted. No applications, except for the application server, need access to the database directly. After initial authentication, the application server performs a check of the authorization for the given user to perform the requested action. 6 MD0006-090

Authorization/Privileges Overview Setting Authorization/Privileges establishes strict access control, explicitly enabling or restricting the ability to do something with a computer resource. User access control for Employees Levels, a way of controlling how employees can view other employee information, is defined within the EMC Personnel Employees module. User access control for 9700 System elements is defined within the EMC Personnel Access Levels and Report Writer Access Levels modules. User authorization/privileges are configured by Employee Class configured within the EMC Personnel Employees module. Workstations also have their own EMC privileges module, Hardware Device Table module. Employee IDs The Employee ID field consists of a ten-digit number that identifies the operator when attempting to sign in to POS Operations on the User Workstation or when attempting to clock in or out at the User Workstation. 9700 3.x Security Guide 7

Enabling ID Enter an ID number to be used to identify the employee on workstations. If you wish to assign employee IDs from magnetic cards, you must do this though UWS Procedures. Employee Levels The Employee Levels feature may be used to create up to nine levels of employee access. Employees assigned to a specific Employee Level can only access (i.e., view or change) information about other employees whose own Employee Level is equal to or higher than their own. The 9700 System only displays information about employees who have an equal or higher number. This feature is used to create an Employee Level to control an employee s ability to: Access privileged operations in the EMC Access privileged operations in UWS Reports Access privileged operations in UWS Procedures Access privileged operations in Report Writer 8 MD0006-090

Usage Example 1: Employee Levels In a large restaurant, Employee Levels are used to allow an Assistant Manager to have access only to information about other Assistant Managers and subordinate employees. Assistant Managers are then prevented from accessing information about their General Managers or other employees to whom they are subordinate. Assistant Manager Employee Level #6 Level 0 Employees Level 1 Employees Level 2 Employees Level 3 Employees Level 4 Employees Level 5 Employees Level 6 Employees Level 7 Employees Level 8 Employees not displayed Example 2: Employee Levels Combined With Employee Groups Employee Levels can be used with the Employee Group feature on page 11, to further restrict access to employee information. Assistant Manager Employee Group #198 Employee Level #6 Employee Group # Level # Access? Employee #231 Employee #232 Employee #234 197 5 7 4 No No No Employee #235 5 No 198 Employee #236 6 Yes Employee #237 Employee #238 199 7 8 Yes No 9700 3.x Security Guide 9

Employee Levels Configuration Configuration within the EMC Personnel Employees module determines the Employee Level granted to each employee. One of nine Access Levels can be granted to an Employee. The Master Access Level, 0, allows unrestricted access. The lowest Access Level, 8, grants the lowest level of permission. Access Progression Employee Levels are progressive. That is, an employee with an Access Level of 4 can use files or functions that are themselves assigned Access Levels of 4 through 8. Files with an Access Level of 4 may be opened by employees with an Access Level of 0 through 4. Enabling Level Navigate within the EMC to Personnel Employees Sort By Employee and enter the access level of the employees that this employee is allowed to access when performing privileged operations in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is set to zero, access is unrestricted. If this field is not zero, the employee is allowed to access other employees of a high-numbered level. For example, Level 3 employees may perform any operations for which they are privileges, only on employees with Levels 4 through 9. Employees with Level 0 can access all employees. 10 MD0006-090

Employee Groups This feature may be used to create up to 300 distinct groups of employees within 9700, whose members cannot access information about each other. When a privileged employee performs any operations that involve other employees, 9700 only displays information for other employees who have the same Group number. Since Employee records reside on the Enterprise Level, this feature can be used to isolate information access to a Property or a single Revenue Center. This feature is used to create an Employee Group to control an employee s ability to: Access privileged operations in the EMC Access privileged operations in UWS Reports Access privileged operations in UWS Procedures Access privileged operations in Report Writer Usage Example 1 In a large restaurant, Employee Groups are used to prevent General Managers in the Catering Revenue Center from accessing information about employees, including other Managers, in the Lounge Revenue Center. Example 2 In an airport concessions complex that uses 9700 to manage multiple Properties, this feature may be used to prevent employees in the Pizza Shop from accessing information about employees in the Gift Shop. Pizza Shop Manager Employee Group #198 Employee #2301 Employee #2302 Employee #2304 Employee #2305 Employee #2306 Employee #2307 Employee #2308 Group #197 not displayed Group #198 Group #199 not displayed 9700 3.x Security Guide 11

For an example of how Employee Groups can be used in combination with Employee Levels, refer to page 9. Employee Groups Configuration Configuration within the EMC Personnel Employees module determines the Employee Group granted to each employee. Enabling Group Navigate within the EMC to Personnel Employees Sort by Employee and enter the number of the group that this employee is allowed to access when performing privileged options in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is zero, access is unrestricted. If this field is not zero, the employee is allows to access other employees of an equal group number. 12 MD0006-090

Access Levels Description The Access Levels module determines the access level required for an employee to open and modify modules in the 9700 Configurator within the EMC. The lowestnumbered levels are the most powerful. For example, if the access level required to add or change records in the Cashiers file is 3, a user must have an access level setting of 3, 2 or 1 in order to perform these functions. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted. Set the access level for each employee on the Employees General tab (Personnel Employee Maintenance Sort By Class Privileges tab) 0 Highest Level MASTER 1 ACCESS 2 3 4 LEVELS Levels are cumulative, which means that a level 3 also has the access rights of levels 4 through 8. 5 6 7 8 Lowest Level 9700 3.x Security Guide 13

Programming Access Levels An employee s access level is determined by the Employee Class that they belong to. Since this designation must be made when you set up the Employee Classes, it is recommended that you define the Access Levels module first. There are six tabs in the Access Levels module, one for each main component of the 9700 System. The five Record Access Level fields shown below on the General tab determine the access level required to perform each of several module maintenance functions. The fields contained on the remaining tabs, such as the Menu tab shown below, determine the access level required to open each specific module within the Configurator. 14 MD0006-090

Access Level Granted to an Employee Class An employee s access privileges to the EMC Configurator are determined by the setting of the Configuration Privilege Level for the Employee Class to which they belong. (The Report Writer Privilege Level controls use of Report Writer.) The Personnel Employe Maintenance Sort by Class Privileges tab is shown below. Report Writer Access Levels Description The Report Writer Access Levels module determines the access level required for an employee to take and reset reports in 9700 Report Writer. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted. Access Level Required by Report Writer The Report Writer Access Levels module determines the Access Level required to perform each of two reset options located on the General tab: Reset Access Level Number Reset-no-print Access Level Number 9700 3.x Security Guide 15

Additional fields in this module determine the Access Level required to take each specific report. Access Level Granted to an Employee Class An employee s access privileges to Report Writer are determined by the setting of the Report Writer Privilege Level for the Employee Class to which they belong. The Personnel Employe Maintenance Sort by Class Privileges tab is shown below. Employee Classes Employee Classes allow you to group employees according to the duties that they perform, such as servers, bussers, and cooks, then assign the same privilege and option settings to all employees in a particular class. For example, the employee class Bartenders is privileged to use one-touch sign in keys. The default touchscreen (Bar Main) is programmed to display two one-touch keys, one for each bartender on duty. Without classes, you would have to assign privileges to each individual employee, which can be a very repetitive and time consuming Cashier Bartender Property Expert Busser EMPLOYEE CLASSES Manager Retail Server Cooks task. Besides easing your workload, employee classes also allow you to generate reports for specific kinds of employees based on the class they belong to. When adding employees to the System, you must specify which class they belong to. So, in order for the list of classes to be available when defining the employee, you should create the employee classes first. 16 MD0006-090

Working with Employee Classes To work with the Class forms in the Employees Maintenance module, you must set the Sort By field on the Employee Maintenance window to Class. The tree view displays the list of classes in alphabetical order that exist in the database. The + sign to the left of the class name indicates that there are employees linked to that class. To display the linked employees, click the + sign to expand the list. If a + sign displays to the left of an employee name, at least one Revenue Center is linked to that employee. To display the linked Revenue Centers, click the + sign to expand the list. Linking Employees to Employee Classes The diagram below illustrates that each employee is linked to a single employee class. This designation is made on the General tab when sorting Employee Maintenance records by Employee. For each employee record, enter the Employee Class number from the Employee Class file. Employee General Form Employees 401 402 403 Chris Alex John Class 101-Server 101-Server 101-Server Employee Class Shared Privileges 101 Server If there are special cases among the staff who don t fit any of the general classes, create a class just for them. For example, Sheila usually works as a server, but occasionally tends bar, and also fills in as a manager when necessary. She needs to be able to perform the duties of all three of the employee classes (Server, Bartender, or Manager). Create an employee class that combines the privileges required to perform as either a bartender or a server and allows the access levels required of a manager. Label this new class Utility, or perhaps Sheila, and select it as her Employee Class in her Employee record only. The number of classes that can be created is limited only by the size of system memory. So, if you have several of these special cases, take comfort in knowing that you can set up whatever you may need to handle the situation. 9700 3.x Security Guide 17

Class Privileges They are a variety of privileges that can be assigned to each Employee Class. When sorting by Class, you will see the eight tabs shown below, which contain the option settings for each of these categories. General Privileges The General tab, shown below, contains options relating to timekeeping and transaction privileges. Authorize/Perform Reprint of Time Card Select this option to allow employees associated with this class to reprint a timecard using the [Reprint Timecard] key and to authorize nonprivileged employees to do so as well. Change Revenue Center at Clock-In Select this option to allow employees associated with this class to authorize changes in the Revenue Center assignment of other employees who are clocking in. 18 MD0006-090

Clock in at Rate 1 Select this option to allow employees associated with this class to Clock in at Job Rate 1. Authorize Clock In Select this option to allow employees associated with this class to authorize other employees to clock in. Authorize/Perform Clock In/Out Outside Schedule or Scheduled Breaks Select this option to allow employees associated with this class to clock in or out at times that conflict with their assignment in the Time Clock Schedules module. ON = Minor Employees; OFF = Regular Employees Some jurisdictions have labor laws that apply specifically to minors age 16 and under. This option is used in conjunction with the Time Clock Parameters, in the Parameters module, that allows the creation of separate definitions of paid and unpaid breaks for minors and regular employees. Select this option to designate employees associated with this class as minors. Do NOT select this option to designate employees associated with this class as regular, adult employees. Authorize Changing Revenue Center at Clock In Select this option to allow employees associated with this class to change their Revenue Center assignment when clocking in. Clock Out with Open Checks Select this option to allow employees associated with this class to clock out at the end of a shift even if they still have open guest checks. If this option is enabled, it overrides the setting of the Cannot Clock Out with Open Checks option in the Job Codes module. Authorize/Perform Clock Out in the Future Select this option to allow employees associated with this class to clock themselves out at a time ahead of the system time or to authorize an employee without this privilege to clock out at a time ahead of the system time. Change Revenue Centers Select this option to allow employees associated with this class to change Revenue Centers by signing into a workstation that belongs to a Revenue Center that is different from RVC to which the employee is currently assigned. 9700 3.x Security Guide 19

Authorize Changing Revenue Centers Select this option to allow employees associated with this class to Change Revenue Centers and to authorize non-privileged employees to do so as well. Allow Sign-in to a Workstation Select this option to allow employees associated with this class to sign into a workstation or a Mobile MICROS unit. Do not select this option to prevent employees from performing any operations other than clocking in and out unless they gain authorization from a privileged employee. (Refer to the Authorize/Use the [Keyboard Select] Key option.) Authorize Sign-in to a User Workstation Select this option to allow employees associated with this Class to authorize a non-privileged employee (one for whom the Allow Sign into a Workstation option is disabled) to sign in to a workstation or Mobile MICROS unit. Guest Checks Privileges The Guest Checks tab, shown below, contains options relating to guest check editing and control authorization privileges. 20 MD0006-090

Authorize/Add Team Member to Check Select this option to allow employees associated with this class to use the [Add Team Member] key to add additional servers to a check. Authorize/Perform Edit of a Guest Check ID In a Closed Check Select this option to allow employees associated with this class to edit a Guest Check ID of a closed check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well. Authorize/Perform Edit of a Guest Check ID In an Open Check Select this option to allow employees associated with this class to edit a Guest Check ID of an open check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well. Authorize/Remove Team Member from Check Select this option to allow employees associated with this class to use the [Remove Team Member] key to remove servers from a check. Authorize/Add Guest Information to Check Enable this option to allow employees associated with this class to use the [Enter Guest Info] key to enter guest information when creating a special event check on the workstation and to authorize non-privileged employees to do so as well. View All Team Detail A guest check must be started with the [Begin Party Check] key (keycode #399) to use this Employee Class option. Enable this option to allow employees associated with this class to view the detail posted by all team members on a special event check and to authorize non-privileged employees to do so as well. If this option is disabled, employees associated with this class can only view the detail they have posted to the guest check. Authorize/Perform Pickup of a Check that is Open on System Select this option to allow employees associated with this class to pickup checks that already have an open status and to authorize non-privileged employees to do so as well. Checks with an open status are checks that are considered in use at another workstation or by another process. Allow Pickup Of Checks from other Revenue Centers Select this option to allow employees associated with this class to pickup checks in other Revenue Centers using the [Pickup Check, RVC] keys. Disable this option to prevent employees from picking up checks in other Revenue Centers. 9700 3.x Security Guide 21

Authorize/Perform Closed Check Pickup (Reopen a Closed Check) Select this option to allow employees associated with this class to use the [Reopen Closed Check] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Block Transfer] and [Auto Block Transfer] Keys Select this option to allow employees associated with this class to transfer an entire block of checks from another operator and to authorize nonprivileged employees to do so as well. This function is useful with a shift change, when an entire group of checks must be turned over from the operator who is leaving to the operator who is just signing in. Create New Checks using [Begin Check] Key Select this option to allow employees associated with this class to begin a guest check. Authorize Adding of Checks Between Revenue Centers Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) from another Revenue Center and to authorize non-privileged employees to do so as well. Authorize Adding of Checks in the Same Revenue Center Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) within a Revenue Center and to authorize non-privileged employees to do so as well. Authorize Transfer of Checks Between Revenue Centers Select this option to allow employees associated with this class to transfer checks from another Revenue Center and to authorize non-privileged employees to do so as well. Authorize Transfer of Checks in the Same Revenue Center Select this option to allow employees associated with this class to transfer checks from another operator within the same Revenue Center and to authorize non-privileged employees to do so as well. Authorize/Perform Open of Checks for Multiple Groups at a Table Select this option to allow employees associated with this class to open multiple checks at the same table. Each succeeding check is assigned a successive check number. An employee who is authorized to split checks (option Authorize/Use the [Split Check] key and Perform Memo Tenders ) is also authorized to open checks for multiple groups at a table. 22 MD0006-090

Authorize/Use the [Split Check] Key and Perform Memo Tenders Select this option to allow employees associated with this class to split guest checks and to perform memo tenders and to authorize nonprivileged employees to do so as well. Authorize/Perform Pickup of a Check Belonging to Another Operator Select this option to allow employees associated with this class to pick up another operator's checks and to authorize non-privileged employees to do so as well. Authorize/Perform Closed Check Adjust Select this option to allow employees associated with this class to use the [Adjust Closed Check] key and to authorize non-privileged employees to do so as well. A closed check adjustment allows the user (if privileged to void Tender/ Media from a previous round) to adjust the Tender/Media or Service Charge on a closed check. Authorize/Perform Pickup of a Check that is Owned by Offline UWS If a check is rung on a workstation that proceeds to go offline, the check is considered Owned by an Offline Workstation. Select this option to allow employees associated with this class to pickup these checks from another workstation and to authorize non-privileged employees to do so as well. Authorize/Perform Lock/Unlock of Guest Checks Enable this option to allow employees associated with this class to use the [Lock Guest Check] and [Unlock Guest Check] keys and to authorize non-privileged employees to do so as well. Authorize/Perform Memo Tenders Enable this option to allow privileged employees associated with this class to perform memo tenders and to authorize non-privileged employees to do so as well. Enable Limited Split Check Enable this option to prevent an employee from performing the Split Check function more than once on a check. If this option is enabled, the Authorize/Use Split Check option must be disabled. Note: This option was created to safeguard against the floating soda technique. 9700 3.x Security Guide 23

Authorize/Perform Creation and Pickup of Unassigned Checks Select this option to allow employees associated with this class to begin and pickup Unassigned Checks and to allow non-privileged employees to do so as well. An Unassigned Check is a check that is begun in the system (usually by a professional services application or other MICROS peripheral product, such as Guest Connection or Suites Management) without an owner. When an Open Check SLU is used, Privileged Operators will see their own checks, as well as any Unassigned Checks in the Revenue Center, but they will not see other operators open checks. Auth/Perform Adjustment of Closed Checks from Prev. Business Days Select this option to allow employees associated with this class to Adjust Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Adjust Closed Check from Previous Business Day] function key. Auth/Perform Reopening of Closed Checks from Prev. Business Days Select this option to allow employees associated with this class to Reopen Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Reopen Closed Check from Previous Business Day] function key. 24 MD0006-090

Printing Privileges The Printing tab, shown below, contains options relating to guest check, receipt, and tender media authorization privileges. Authorize/Perform Printing of Memo Checks Select this option to allow employees associated with this class to print memo checks and to authorize non-privileged employees to do so as well. Authorize/Perform Reprinting of Memo Checks Select this option to allow employees associated with this class to reprint memo checks and to authorize non-privileged employees to do so as well. Authorize/Perform Reprinting of Closed Checks Select this option to allow employees associated with this class to reprint a guest check after it has been closed and to authorize non-privileged employees to do so as well. Authorize/Perform Unlimited Reprinting/Printing of a Check Select this option to allow employees associated with this class to perform two functions. #1: Allow On-Demand operators to print guest checks more than the maximum number allowed in the Revenue Center Parameters Module. #2: Allow By-round operators to use the [Reprint Check] key. This privilege also allows employees associated with this class to give authorization to non-privileged employees for these functions. 9700 3.x Security Guide 25

Authorize/Perform Reprint of a Credit Voucher Select this option to allow employees associated with this class to reprint a credit card voucher slip and to authorize non-privileged employees to do so as well. Void and Return Privileges The Voids/Returns tab, shown below, contains options relating to void and return authorization privileges. Authorize/Use the [Transaction Return] Key Select this option to allow employees associated with this class to use the [Transaction Return] key and to authorize non-privileged employees to do so as well. The [Transaction Return] key is used when performing several returns in a transaction every menu item rung after pressing [Transaction Return] will be a returned menu item. Authorize/Perform Return of Menu Items Entered on Current Check Select this option to allow employees associated with this class to return menu items posted in the current round (using the [Return] key) and to authorize non-privileged employees to do so as well. To perform voids in the current round, the employee class option Authorize/Perform Error Corrects must be enabled. 26 MD0006-090

Authorize/Perform Void of Menu Items from a Previous Round Select this option to allow employees associated with this class to void menu items that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void and Return of Menu Items Not on Check Select this option to allow employees associated with this class to void and return menu items that were never posted to the guest check and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Discounts from a Previous Round Select this option to allow employees associated with this class to void discounts that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Service Charges from a Previous Round Select this option to allow employees associated with this class to void service charges that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Tender/Media from a Previous Round Select this option to allow employees associated with this class to void tender/media entries that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Use the [Void Check] Key Select this option to allow employees associated with this class to use the [Void Check] key, which will void all the items on the check and to authorize non-privileged employees to do so as well. Authorize/Perform Voids in the Current Round Select this option to allow employees associated with this class to perform voids in the current round (i.e., last-item voids, direct voids, line-number voids, and touch-voids). Authorize/Use the [Transaction Void] Key Select this option to allow employees associated with this class to use the [Transaction Void] key and to authorize non-privileged employees to do so as well. The [Transaction Void] key is used when performing several voids in a transaction every menu item rung after pressing [Transaction Void] will be a voided menu item. 9700 3.x Security Guide 27

Authorize/Perform Void of Menu Items on Closed Checks Select this option to allow employees associated with this class to void menu items from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the Authorize/Perform Void of a Menu Item from a Previous Round option must be selected.) Authorize/Perform Void of Discounts on Closed Checks Select this option to allow employees associated with this class to void discounts from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the Authorize/Perform Void of a Discount from a Previous Round option must be selected.) Authorize/Perform Void of Service Charges on Closed Checks Select this option to allow employees associated with this class to void service charges from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. In addition, the Authorize/Perform Void of a Service Charge from a Previous Round option must be selected. Authorize/Perform Voids/Cancels of North American LDS Items Select this option to allow employees associated with this class to perform voids or cancels of menu items ordered through a North American Liquor Dispensing System (NA LDS) and to authorize non-privileged employees to do so as well. Authorize/Perform Direct Voids Select this option to allow employees associated with this class to void transaction items by pressing the [Void] key and then the key for the item (e.g., a Menu Item key). Also, select this option to authorize nonprivileged employees to do so as well. Authorize/Allow Voiding of Shared Check Items Select this option to allow employees associated with this class to void items which are shared between seats or checks, and to authorize nonprivileged employees to do so as well. 28 MD0006-090

Utilities Privileges The Utilities tab, shown below, contains options for access control to the Control Panel, Credit Card Utilities, NetVupoint and Dataviewer utilities, and other specific utilities. Start the System and Operations from the Control Panel Select this option to allow employees in this class to start the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may start operations on individual workstations from the EMC Workstation module. Stop the System and Operations from the Control Panel Select this option to allow employees in this class to stop the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may stop or kill operations on individual workstations from the EMC Workstation module. Reload the System from the Control Panel Select this option to allow employees in this class to use the Reload button in the Control Panel. Change Backup PC Number from the Control Panel Select this option to allow employees in this class to sign in to the EMC Control Panel and to change the Backup PC numbers. 9700 3.x Security Guide 29

Make PC Active on its Backup PC from the Control Panel Select this option to allow employees in this class to sign in to the EMC Control Panel and make a PC active on its backup PC. Make PCs Active or Inactive from the Control Panel Select this option to allow employees in this class to make PCs active or inactive in a 9700 MOR (MICROS Operational Resiliency) environment. Run the CC Batch Report Program Select this option to allow employees associated with this class to use the Credit Card Report module. Run the CC Batch Transfer Program Select this option to allow employees associated with this class to use the Credit Card Transfer module. Run the CC Batch Edit Program Select this option to allow employees associated with this class to use the Credit Card Batch Editor to edit batches. Run the CC Batch File Creation Program Select this option to allow employees associated with this class to use the Credit Card Batch Creator. Do Not Mask Credit Card Info from Reports Select this option to allow employees associated with this class to view Credit Card Numbers on Credit Card Reports. Can open the System Setup Utility Module in EMC Select this option to allow employees in this class to use the System Setup Utility module in EMC. The EMC module allows users to configure different settings used by the executables that run during the nightly autosequences. Run the Audit Trail Program Select this option to allow employees in this class to run the EMC's Audit Trail module or to run the atrail_b.exe command-line application on the server Reset the Audit Trail Select this option to allow employees in this class to reset the Audit Trail in EMC's Audit Trail module or by using the atrail_b.exe command-line application on the server. 30 MD0006-090

Can Minimize Application Select this option to allow employees in this class to minimize the WinStation/SAR application on a workstation. Can Close Application Select this option to allow employees in this class to close the WinStation/ SAR application on a workstation. Can Change Others' Passwords Select this option to allow employees associated with this class to change EMC passwords of other employees. Can access the NetVupoint Module in EMC Select this option to allow employees in this class to use the NetVupoint module in EMC. The NetVupoint module allows users to configure different settings for the NetVupoint Transformation Service. Login to Dataviewer Select this option to allow employees in this class to log in to Dataviewer. NetVupoint Admin user Select this option to allow employees in this class to perform administrative tasks in NetVupoint and Dataviewer. Run and Save Output on Server Select this option to allow employees in this class to run and save Dataviewer queries. Create Public Queries Select this option to allow employees in this class to save public Dataviewer queries. For information on the options located on the Privileges tab, please see Access Level Granted to an Employee Class on page 15. 9700 3.x Security Guide 31

Procedure and Report Privileges The Procedures/Reports tab, shown below, contains options relating to access and usage of UWS Procedures and Autosequences. Access Employee Job Code/Pay Rates in UWS Procedure #3 Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Can Change Employee Class in Employee File/UWS Procedures Select this option to allow employees in this class to change an employee's Employee Class, in UWS Manager Procedures. Run UWS Procedures in Another Revenue Center Select this option to allow employees in this class to perform UWS Procedures for a Revenue Center to which they are not currently assigned, in UWS Manager Procedures. For instance, if this option is selected, a manager eating lunch in Revenue Center 1 could change the Serving Period (if so privileged) in Revenue Center 2, saving the manager from having to walk to Revenue Center 2 to change the Serving Period, because the manager can simply change the Serving Period from a workstation in Revenue Center 1 while enjoying his/her lunch. 32 MD0006-090

Use UWS Procedure #1: Change Next Guest Check Number Select this option to allow employees in this class to reset the check number sequence and specify the next guest check number to be used in UWS Manager Procedures. Use UWS Procedure #2: Change Serving Period Select this option to allow employees in this class to change the serving period of a Revenue Center in UWS Manager Procedures. Use UWS Procedure #3: Employee Setup Select this option to allow employees in this class to edit Employee Records in UWS Manager Procedures. Note that employees cannot be added or deleted through UWS Manager Procedures. Access Employee Job Code/Pay Rates in UWS Procedure #3 Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Use UWS Procedure #4: Employee Revenue Center Setup Select this option to allow employees in this class to edit Operator Records in UWS Manager Procedures. Use UWS Procedure #5: Change Employee Revenue Center Select this option to allow employees in this class to alter the current Revenue Center assignment for employees in the system, in UWS Manager Procedures. Use UWS Procedure #6: Print Employee List Select this option to allow employees in this class to print a list of employees in the system, in UWS Manager Procedures. Use UWS Procedure #7: Change Employee Training Status Select this option to allow employees in this class to place an employee in Training Mode, in UWS Manager Procedures. Use UWS Procedure #8: Adjust Employee Time Card Select this option to allow employees in this class to adjust the clock-in/ out times for employees, in UWS Manager Procedures. Use UWS Procedure #9: Change Time Clock Schedule Select this option to allow employees in this class to alter the time clock schedule, in UWS Manager Procedures. 9700 3.x Security Guide 33

Use UWS Procedure #10: Print Time Clock Schedule Select this option to allow employees in this class to print the time clock schedule, in UWS Manager Procedures. Use UWS Procedure #11: Redirect Order Output Select this option to allow employees in this class to Redirect Order Output for the printers in a Revenue Center, in UWS Manager Procedures. Use UWS Procedure #12: Change Menu Item Class Select this option to allow employees in this class to make changes to Menu Item Classes in UWS Manager Procedures. (Note: Use this option with caution; editing Menu Item Classes in the EMC rather than on the workstation, a user is less likely to make a mistake.) Use UWS Procedures #13,17,18: Change Menu Item Assignment Select this option to allow employees in this class to change Menu Item Assignment, to Change Barcode Menu Items, and to Change Barcode Files, in UWS Manager Procedures. Use UWS Procedure #14: Change Menu Item Availability Select this option to allow employees in this class to designate menu items as being available or unavailable (out-of-stock) in UWS Manager Procedures. Use UWS Procedure #15: Print Menu Item Prices Select this option to allow employees in this class to print the Menu Item Price list, in UWS Manager Procedures. Use UWS Procedure #16: Update Currency Rates Select this option to allow employees in this class to change the exchange rates of alternate currencies, in UWS Manager Procedures. (Note: Use this option with caution; an employee with this privilege could potentially steal from the site. Typically, Currency Rates are infrequently updated, and only updated by a System Administrator through the EMC.) Use UWS Procedure #19: Change IP Printer Name This option should be disabled to ensure that IP Printers are only configured through the EMC. Select this option to allow employees in this class to change the name of the IP Printer, in UWS Manager Procedures. Run PC and UWS Reports Autosequence in Privilege Group 1 Select this option to allow employees in this class to run UWS and PC Autosequences belonging to Privilege Group 1. Note that all employees can run UWS and PC Autosequences belonging to Privilege Group 0. 34 MD0006-090

Reset UWS Reports Without Printing This option is only active if the option Reset UWS Reports is enabled. Select this option to allow employees in this class to run UWS Reports with the Reset option, while not printing the report. Run UWS Reports in Another Revenue Center Select this option to allow employees in this class to run UWS Autosequences (Reports) for Revenue Centers other than the current Revenue Center to which they are currently assigned, in UWS Manager Reports. Reset UWS Reports Select this option to allow employees in this class to run UWS Reports and to Reset the report. Note that if a report is set to Reset and an employee does not have this option enabled, the report will run properly but it will not reset. Transaction Privileges The Transactions tab, shown below, contains options relating to posting and authorization privileges for transactions, service charges, tender, and other employee s checks. Post Payments to Checks Belonging to Another Operator Select this option to allow employees associated with this class to post tender/media entries to checks belonging to another operator. 9700 3.x Security Guide 35

Post Service Charges to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add service charges to checks belonging to another operator. Post Discounts to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add discounts to checks belonging to another operator. Post Menu Items to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add menu items to checks belonging to another operator. Authorize/Perform Automatic Service Charge Exemptions Select this option to allow employees associated with this class to forgive automatic service charges using the [Exempt Auto Service Charge] key and to authorize non-privileged employees to do so as well. Authorize/Perform Posting of Service Charges in Priv Group 1 Select this option to allow employees associated with this class to post Service Charges belonging to Privilege Group 1 and to authorize nonprivileged employees to do so as well. Note that all employees can post Service Charges belonging to Privilege Group 0. Authorize/Perform Posting of Discounts in Priv Group 1 Select this option to allow employees associated with this class to post Discounts belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can post Discounts belonging to Privilege Group 0. Authorize/Perform Posting of Tender/Media in Priv Group 1 Select this option to allow employees associated with this class to post Tender/Media entries belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can post Tender/Media entries belonging to Privilege Group 0. Authorize Over HALO Amounts on [Tender/Media] Keys Select this option to allow employees associated with this class to exceed the HALO amount set for a Tender/Media key and to authorize nonprivileged employees to do so as well. Authorize/Perform Posting of Payments Select this option to allow employees associated with this class to post payments to a transaction and to authorize non-privileged employees to do so as well. 36 MD0006-090

Authorize/Allow Manual Entry of Credit Card Numbers Select this option to allow manual entry of credit card numbers (typing the numbers into the workstation instead of swiping the credit card) and to authorize non-privileged employees to do so as well. Authorize/Perform Closing of Checks with a Zero Balance Select this option to allow employees associated with this class to tender and close transactions that have a balance due of $0.00 and to authorize non-privileged employees to do so as well. Authorize/Perform Closing of Checks with a Negative Balance Select this option to allow employees associated with this class to tender and close transactions that have a negative balance due and to authorize non-privileged employees to do so as well. Authorize/Perform Open Check Block Settlement Select this option to allow employees associated with this class to close all of their open checks to the Default Cash Tender/Media, specified in Revenue Center Parameters, and to authorize non-privileged employees to do so as well. Authorize/Perform Voiding of Tender w/ Signature Select this option to allow employees associated with this class to void a tender from a check with a signature capture and to authorize nonprivileged employees to do so as well. Allow Tender of Party Checks Select this option to allow employees associated with this class to Tender and close Party Checks. Authorize/Perform Posting of Menu Items in Priv Group 1 Select this option to allow employees associated with this class to post Menu Items belonging to Privilege Group 1 and to authorize nonprivileged employees to do so as well. Note that all employees can post Menu Items belonging to Privilege Group 0. Authorize/Perform Change of Transaction Main Level Select this option to allow employees associated with this class to change the Main Level using one of the eight [Main Level] keys and to authorize non-privileged employees to do so as well. Authorize/Perform Change of Transaction Sub Level Select this option to allow employees associated with this class to change the Sub Menu Level using one of the eight [Sub Level] keys and to authorize non-privileged employees to do so as well. 9700 3.x Security Guide 37

Authorize/Allow Sharing of Check Items Select this option to allow employees associated with this class to share menu items and to authorize non-privileged employees to do so as well. Sharing menu items is performed when using the [TouchSplit] and [TouchEdit] functions to put part of a menu item on two different checks (e.g., 1/2 Bottle of Wine shared between two couples at a table). Authorize/Use the [Table Number] Key Select this option to allow employees associated with this class to use the [Table Number] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Menu Item Price Override] Key Select this option to allow employees associated with this class to use the [Menu Item Price Override key] and to authorize non-privileged employees to do so as well. Menu Item Price Overrides are usually used to override a preset price of a barcode menu item. Authorize/Use the [Order Type] Key Select this option to allow employees associated with this class to select an Order Type and to authorize non-privileged employees to do so as well. Authorize/Perform Tax Exemptions Using [Exempt Tax] Keys Select this option to allow employees associated with this class to forgive tax using one of the [Exempt Tax] keys and to authorize non-privileged employees to do so as well. Authorize/Use the [Item Weight] Key Select this option to allow employees associated with this class to post weighed menu items and to authorize non-privileged employees to do so as well. Authorize/Use the [Transaction Cancel] Key Select this option to allow employees associated with this class to use the [Transaction Cancel] key and to authorize non-privileged employees to do so as well. Authorize/Cause a Transaction to have a Negative Balance Select this option to allow employees associated with this class to create a check with a negative balance and to authorize non-privileged employees to do so as well. 38 MD0006-090

Authorize/Perform Change of Number of Guests Select this option to allow employees associated with this class to change the number of guests in a transaction using the [Number of Guests] key and to authorize non-privileged employees to do so as well. Authorize Open Cash Drawer Using the [No Sale] Key Select this option to allow employees associated with this class to open the cash drawer outside of a transaction using the [No Sale] key and to authorize non-privileged employees to do so as well. Authorize/Perform Signature Capture Override Select this option to allow employees associated with this class to use the [Signature Capture Override] key and to authorize non-privileged employees to do so as well. Signature Capture Override is used to bypass the signature capture process, in the event that the customer refuses to sign, or if the customer has left without signing. Authorize/Perform Employee Meal Discount Override for Non- Scheduled Employees Enable this option to allow employees associated with this class to permit non-scheduled employees to receive the employee meal discount and to authorize non-privileged employees to do so as well. This option works in conjunction with the Employee Meal and Employee Meal Discount Applies to Scheduled Employees Only options in the Discounts module. Authorize/Perform AVS Override Enable this option to allow employees associated with this class to proceed with a credit card process without entering the AVS (Address Verification Service) information and to authorize non-privileged employees to do so as well. Authorize/Perform CVV Override Enable this option to allow employees associated with this class to proceed with a credit card process without entering the CVV, CVC, or CID (the Card-Present Number) and to authorize non-privileged employees to do so as well. 9700 3.x Security Guide 39

Miscellaneous Privileges The Options tab, shown below, contains options for miscellaneous authorization privileges, such as for Mobile Micros Handhelds (MMH), Universal Stored Value Cards, and cash drawer usage. Authorize/Use the [Direct Tips] and [Indirect Tips] Keys Select this option to allow employees associated with this class to use these keys to declare cash tips received (by themselves) and to authorize non-privileged employees to do so as well. Download Database to Mobile MICROS and SAR Clients Select this option to allow employees in this class to download a new database to a Mobile MICROS device or SAR workstation and to authorize non-privileged employees to do so as well. Auth/Perform Assign Cash Drwr 1&2; Unassgn Drwr from Others This option bit includes two different functions. #1: Select this option bit to allow employees associated with this class to use the [Assign Cash Drawer 1] and [Assign Cash Drawer 2] keys to assign the cash drawer to themselves, and to authorize non-privileged employees to use the [Assign Cash Drawer 1] or [Assign Cash Drawer 2] keys to become assigned to a drawer. #2 If this option bit is enabled, employees in this employee class can use the [Unassign Cash Drawer] key to unassign cash drawers from other operators. 40 MD0006-090

Note that the [Assign Cash Drawer] key does not require an Employee class privilege any employee with access to the [Assign Cash Drawer] button can use it. Authorize/Perform Assignment & Changes of Cashiers Select this option to allow employees associated with this class to assign themselves a cashier link or change their cashier link with the [Assign Cashier] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Keyboard Select] Key Select this option to allow employees associated with this class to change keyboards using one of the [Keyboard Select] keys and to authorize nonprivileged employees to do so as well. Authorize/Use the [Direct Tips] and [Indirect Tips] Keys for Another Employee Select this option to allow employees associated with this class to use these keys to declare cash tips received by another employee and to authorize non-privileged employees to do so as well. Authorize/Perform UWS Download New Revenue Center Select this option to allow employees associated with this class to download a new Revenue Center to a workstation and to authorize nonprivileged employees to do so as well. Authorize Cash Drawer Reconnection Select this option to allow employees associated with this class to authorize a cash drawer cable reconnection on a workstation. If an operator has the option bit enabled to Require Authorization for Cash Drawer Reconnection, the operator will need an authorization before performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization. Authorize Power Cycle of Workstation during Operations Select this option to allow employees associated with this class to authorize a Power Cycle of a workstation. If an operator has the option bit enabled to Require Authorization for Power Cycle of UWS during Operations, the operator will need an authorization before performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization. 9700 3.x Security Guide 41

Authorize SAR Workstation to Enter Offline Mode Select this option to allow employees in this class to enter offline mode on a SAR workstation. When an operation is attempted that normally causes the workstation to contact the 9700 Server, if contact cannot be established, the client will display a prompt to retry the operation or work offline. If the user chooses to work offline, the operator needs to have an authorization, which is represented by this option bit. Authorize SAR workstation to Exit Offline Mode Select this option to allow employees in this class to enter online mode (while in offline mode) on a SAR workstation. While offline, if communication with the 9700 Server is detected, a prompt will be displayed to work in online mode. If the user chooses to work online, the operator needs to have an authorization, which is represented by this option bit. Authorize Running of Offline Reports Select this option to allow employees associated with this class to generate Offline Reports when the workstation is offline. Authorize/Perform Manual Entry of Stored Value Card Number Select this option to allow employees associated with this class to manually enter the stored value card account number and to authorize non-privileged employees to do so as well. Authorize/Perform Issue Stored Value Function Select this option to allow employees associated with this class to issue a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Entry Select this option to allow employees associated with this class to void an issued card and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Issue Stored Value Batch Function Select this option to allow employees associated with this class to issue a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Batch Entry Select this option to allow employees associated with this class to void a batch of stored value cards and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. 42 MD0006-090

Authorize/Perform Activate Stored Value Function Select this option to allow employees associated with this class to activate a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Activate Stored Value Entry Select this option to allow employees associated with this class to void the activation of a stored value card and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Activate Stored Value Batch Function Select this option to allow employees associated with this class to activate a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Void Activate Stored Value Batch Entry Select this option to allow employees associated with this class to void the activation of a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Reload Stored Value Function Select this option to allow employees associated with this class to Reload (add credit) a dollar amount to an existing stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Reload Stored Value Entry Select this option to allow employees associated with this class to void a Reload transaction and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Redeem Authorization Stored Value Function Select this option to allow employees associated with this class to perform a redemption authorization and to authorize non-privileged employees to do so as well. Authorize/Perform Void Redeem Authorization Stored Value Entry Select this option to allow employees associated with this class to void a redemption authorization and to authorize non-privileged employees to do so as well. 9700 3.x Security Guide 43

Authorize/Perform Redeem Stored Value Function Select this option to allow employees associated with this class to perform a redemption transaction (a stored value card is used to make a purchase and a dollar amount is deducted from the account) and to authorize nonprivileged employees to do so as well. Authorize/Perform Void Redeem Stored Value Entry Select this option to allow employees associated with this class to void a redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Manual Redemption Stored Value Function Select this option to allow employees associated with this class to perform a manual redemption and to authorize non-privileged employees to do so as well. Authorize/Perform Void Manual Redemption Stored Value Entry Select this option to allow employees associated with this class to void a manual redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Issue Stored Value Points Function Select this option to allow employees associated with this class to issue points to a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Points Entry Select this option to allow employees associated with this class to void issued points on a stored value card and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Redeem Stored Value Points Function Select this option to allow employees associated with this class to perform a points redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Void Redeem Stored Value Points Entry Select this option to allow employees associated with this class to void a points redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Cash Out Function Select this option to allow employees associated with this class to debit some or all of the remaining balance on a stored value card and to authorize non-privileged employees to do so as well. 44 MD0006-090

Authorize/Perform Stored Value Balance Inquiry Function Select this option to allow employees associated with this class to check a stored value card balance and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Balance Transfer Function Select this option to allow employees associated with this class to transfer the balance from one stored value card to another and to authorize nonprivileged employees to do so as well. Authorize/Perform Stored Value Point Inquiry Function Select this option to allow employees associated with this class to check a stored value card point balance and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Report Generation Function Select this option to allow employees associated with this class to generate stored value card reports and to authorize non-privileged employees to do so as well. Authorize/Perform Accept Coupon Stored Value Function Select this option to allow employees in this class to perform the Accept Coupon Stored Value Function and to allow non-privileged employees to do so as well. Authorize/Perform Void Accept Coupon Stored Value Function Select this option to allow employees in this class to perform the Void Accept Coupon Stored Value Function and to allow non-privileged employees to do so as well. Authorize/Perform Stored Value Reprint Chit Function Select this option to allow employees in this class to reprint Stored Value chits and to allow non-privileged employees to do so as well. Workstation Privileges Workstation Privileges are configured in the EMC within the System Hardware Device Table <Select Workstation> Options Tab. 9700 3.x Security Guide 45

Enabling Enable Rear Display Select this option to enable output to a rear customer display attached to this workstation. Do Not Clear Screen After Transaction Select this option to cause the last screen of a transaction to remain on the display after the transaction is complete. This option is enabled for workstations in Revenue Centers who want to use the Print Customer Receipt function key to print receipts after the close of a transaction. Assign Cash Drawer By User Workstation If this option is enabled, operators must assign themselves to a cash drawer by using the one of the Function Keys 848, 839, or 840 (Assign Cash Drawer, Assign Cash Drawer 1, Assign Cash Drawer 2). Then, only the operator assigned to the drawer will be able to open it (or a privileged manager, who can unassign a drawer from a user). If this option is disabled, the Operator Cash Drawer field determines if an operator can access a cash drawer or not. In this scenario, all operators with the Cash Drawer field set to 1 will be able to open Cash Drawer 1. Note: Giving multiple employees access to a single cash drawer is not as secure as requiring employees to be assigned to a Cash Drawer. 46 MD0006-090

Require Cash Drawer to be Closed Before New Transaction Select this option to require that cash drawers attached to this workstation are closed before a new transaction may be begun. Do NOT select this option to allow transactions to begin while a cash drawer is open. Use Cash Drawer Number 2 for Other Currency This option is used only if two cash drawers are in use for this workstation and one is dedicated to foreign currency. Select this option to cause the second cash drawer (not the drawer currently assigned) to open, when using a tendering key that opens the cash drawer and that is used with currency conversion. In addition, the foreign currency must allow change to be made in that currency. Disable Employee Auto Sign Out Select this option to disable the Automatic Operator Popup Interval programmed in Revenue Center Parameters. Do NOT select this option to cause operators to be signed out of this workstation after the Automatic Operator Popup Interval expires. Mag Card Entry Required for Employee ID Select this option to require that all employee ID entries at this workstation are made using a magnetic employee ID card. This applies to signing in and authorizing privileged operations. If this option is selected, the workstation will not accept an employee ID number entered through the keyboard or touchscreen. Do not select this option to allow the employee ID to be entered by either a magnetic card or by the keyboard or touchscreen. Enable UWS Activity Log Select this option to activate logging on this workstation. This option applies to PCWS, SAR, and Mobile MICROS clients only. Enable Scale Interface Select this option to enable communication between this workstation and a scale. Enable Signature Capture Select this option to enable communication between this workstation and a Signature Capture pad. 9700 3.x Security Guide 47

North American LDS Attached to this UWS This option only applies to workstations using a Liquor Dispensing System. Select this option to indicate to the system that the Liquor Dispensing System (LDS) attached to this UWS is a North American LDS. Do NOT select this option to indicate that an ILDS (International Liquor Dispensing System) is in use. Enable RFID PayPass Device Select this option to activate communication between this workstation and an RFID PayPass Device. This device is used for Radio-Frequency Credit Cards. (NOTE: This option is only available on SAR clients.) Enable Error Beeper Select this option to cause the UWS to emit a beep whenever an operator commits an error that causes an error message or prompt to display. Disable this option to suppress the beep when an error message or prompt displays. Auto Begin Chk when Chk Optr ID/# Entered Outside of Trans. This option is active only if the Allow Replacement Sign In Outside Transaction option is disabled. Select this option to allow an operator to begin a guest check transaction by entering an operator ID or employee number. The signed-in operator becomes the transaction operator; the employee whose ID or employee number was entered becomes the check operator. If this option is enabled, sales totals and tenders posting are determined by the setting of the Revenue Center Parameters Posting options Post Totals to Transaction Operator and Post Tender to Transaction Operator. The system will require the use of either the employee ID or the employee number, as determined by the setting of the Operator option Use Employee Number to Open Check for Another Employee. ON = Link Cashier Totals to UWS; OFF = Link to Operator Select this option to allow this workstation to be linked to a single Cashier Record. This option can only be used with a workstation that is assigned to a single Revenue Center (when this is enabled, Revenue Centers 2-8 become disabled on the Revenue Centers tab). Cashiers are linked to a workstation by using the [Assign Cashier] function key on the workstation. When this option is disabled, totals are posted to the operator's Cashier Record, if one exists. Allow SAR Mode This option must be selected to allow this workstation to operate in Offline Mode. 48 MD0006-090

Can Be Offline During Autosequences Select this option to allow this workstation to be offline when autosequences run. If this option is enabled, PC autosequences will still run even if the PC Autosequences option, Do Not Run if Workstations Are Offline option is enabled. Enable Remote Order Printing to Local Printer When Offline This option should be enabled. If this option is enabled, a SAR Client, when offline, will print the Order Output (that should have printed to remote kitchen printers, for example) to the local SAR workstation's printer. Enable Local Guest Check Printing Enable this option to direct guest check printing to a wireless local printer (for Mobile MICROS devices) or to a SAR local printer (for SAR devices). Disable this option to choose the printers for specified print jobs on the Printers tab for this workstation. Enable Local CA Voucher Printer Select this option to cause Credit Card Authorization vouchers to print from this SAR device to the SAR local printer. Disable this option to select a Credit Card Authorization printer from the printers tab of this device. Disable auto-online A workstation will automatically return to Online Mode if communications have been reestablished and the number of transactions rung offline is less than the amount specified in the Property Parameters Automatic Online Transaction Limit field. By enabling this option, the workstation will prompt the user to return online, instead of continuing online automatically. Go Offline Without Prompting When this option is enabled, a workstation will go offline automatically when communication with the server is lost. When this option is disabled, the user will be prompted to work offline. 9700 3.x Security Guide 49

Encryption Encryption Overview Encryption is the reversible transformation of data from the original (plaintext) to a difficult-to-interpret format (ciphertext). Permanent Data Store Encryption Sensitive data in the 9700 database is encrypted using industry standard Triple- DES encryption. Each encrypted piece of data has a link to an entry in the encryption key table, which is also encrypted using Triple-DES encryption. 9700 provides a Encryption Key Management utility to add a new encryption key to the encryption key table. All data that will need to be stored in the database in encrypted format will automatically be encrypted using the latest key. For more information, see the MICROS 9700 Encryption Key Management Utility document. Warning: If the encryption key is lost, the encrypted data in the database is unrecoverable. There are no backdoors! Key Rotation Considerations In order to achieve maximum security, MICROS Systems, Inc. mandates the system administrator regularly rotate your keys, at least annually, and delete any old or comprised encryption keys. 9700 s entire design of data encryption, key generation, and storage is built to facilitate such practice. For more information, please see the MICROS 9700 Encryption Key Management Utility document. 50 MD0006-090

Audit Trail Audit Trail Overview The Audit Trail keeps a record of all changes made to the 9700 database, as well as the identity of the employee who made the changes. The Audit Trail records the following activity: Configurator Module or Function Activity Add, delete, or edit records in any file, or clear any database totals files UWS Procedures Report Writer PC Autosequences UWS Autosequences Audit Trail Error Log Control Panel Credit Card Settlement Credit Card Editor SQL Operations UWS Reports Edits of records in any file, including time card adjustments Reports taken, reset, and reset without printing Reports reset (Entries for the Error Log, which does not require the entry of a PC Functions ID, print Employee Unknown.) Start or stop the 9700 System; Start or stop the POS Operation module, Start or stop Operations on a UWS, Change Backup PC#, Change PC state (Active/Inactive) Create, Edit, Print, or Transfer Batch File Move to a different batch file, Save and exit the application Add, delete, or edit records in any file Reset All resetting operations, reports taken, and reset 9700 3.x Security Guide 51

Audit Trail Enabling The EMC System Information Parameters option Enable Audit Trail must be enabled for Audit Trail to record activity. For security purposes, MICROS Systems, Inc. mandates this option be enabled. Usage A privileged employee may conduct searches within the Audit Trail of database changes based on a variety of search criteria (e.g., by application, by operation, or by employee). To authorize an employee to run the Audit Trail module, Search tab, the option Run the Audit Trail Program must be enabled within the EMC Employees module, see page 30 for more information (Personnel Employees Maintenance Sort by Class Utilities tab). The Audit Trail file must be reset (erased) periodically in order to prevent the file from becoming very large and consuming too much space on the PC s hard drive. To authorize an employee to manual reset the Audit Trail, the Reset the Audit Trail option must be enabled within the EMC Employees module (Personnel Employees Maintenance Sort by Class Utilities tab), see page 30 for more information. The Audit Trail is manually reset within the Audit Trail Search module, see page 55 for more information. Audit Trail Module The EMC Audit Trail module is used for its Audit Trail report function and to manually reset the Audit Trail. 52 MD0006-090

Audit Trail Audit Trail Search Tab The Audit Trail Search Tab includes a report function that can be used to view the contents of the Audit Trail file, as seen below. The results of an Audit Trail Report can be viewed on the PC Monitor, printed to the PC s network printer, or saved to a file on the PC. Audit Trail reports may be taken for: Each application Each operation (add, clear totals, delete, edit, or login) For a specific module For a specific Revenue Center For a specific employee For a specific time period 9700 3.x Security Guide 53

Audit Trail Each record in the Audit Trail Report includes: The application to which the change was made (e.g., Configurator) The date and time that the change occurred The operation made (e.g., field edit, record deletion, autosequence reset) The identity of the employee who made the change In the case of database changes made in Configurator or UWS Procedures, the Audit Trail record also includes the Previous and Current data entered in the field Enabling Applications Select the application to be included in the search. Operations Select the operation to be included in the search. Module Select the module to be included in the search. Revenue Center Select the Revenue Center, if any, to be included in the search. Employee Select an employee to search. Start Date Select the Start Date to search. Note that the Audit Trail data is automatically purged for data one month prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information. End Date Select the End Date to search. Note that the Audit Trail data is automatically purged for data one month prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information. 54 MD0006-090

Audit Trail Audit Trail Reset Tab The Reset Tab is used to reset (erase) the Audit Trail in order to prevent the file from becoming very large. Enabling Reset Entries Until Select a date. The date selected in this field is the cutoff point all Audit Trail data before this date will be purged from the database. Note that the Audit Trail data is automatically purged for data one month prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information. 9700 3.x Security Guide 55

Security Maintenance Security Maintenance Overview MICROS Systems, Inc. mandates that users abide by the Payment Card Industry s (PCI) Data Security Standards documented in the 9700 PABP Compliance document. To maintain the PCI Data Security Standard, please: 1. Install and maintain a firewall configuration to protect data 2. Do no use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources an cardholder data 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security For more information, please see the 9700 PABP Compliance document specific to the site s software version. 56 MD0006-090