Introduction. Connection security



Similar documents
TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

Oracle WebCenter Content

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Interwise Connect. Working with Reverse Proxy Version 7.x

FileCloud Security FAQ

Managing Users and Identity Stores

NETASQ ACTIVE DIRECTORY INTEGRATION

Full Compliance Contents

VERALAB LDAP Configuration Guide

Netwrix Auditor. Administrator's Guide. Version: /30/2015

Group Management Server User Guide

Contents Notice to Users

Service Overview & Installation Guide

Océ LDAP Adapter User Guide

Installation and Configuration Guide

Immotec Systems, Inc. SQL Server 2005 Installation Document

OneLogin Integration User Guide

Policy Guide Access Manager 3.1 SP5 January 2013

Sophos Mobile Control Technical guide

Configuration Guide. BES12 Cloud

Manual Password Depot Server 8

qliqdirect Active Directory Guide

EPM Performance Suite Profitability Administration & Security Guide

Audits. Alerts. Procedure

Documentation. CloudAnywhere. Page 1

User's Guide. Product Version: Publication Date: 7/25/2011

StreamServe Persuasion SP5 StreamStudio

for Sage 100 ERP Paperless Office Overview Document

Overview. Edvantage Security

User-ID Best Practices

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Advanced Configuration Steps

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Web Remote Access. User Guide

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

Manage all your Office365 users and licenses

Single Sign-on (SSO) technologies for the Domino Web Server

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Chapter 3 Authenticating Users

Project Title: Judicial Branch Enterprise Document Management System RFP Number: FIN122210CK Appendix D Technical Features List

SchoolBooking SSO Integration Guide

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

NTP Software VFM Administration Web Site for EMC Atmos

Release System Administrator s Guide

User Bulletin Cellular Detection System Analysis Software v4.0. Introduction. 21 CFR Part 11 Software Console - Administrators Guide

Configuration Guide BES12. Version 12.3

PSW Guide. Version 4.7 April 2013

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Jet Data Manager 2012 User Guide

MICROSOFT OFFICE 365 MIGRATION 2013/05/13

Mobile Device Management Version 8. Last updated:

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

SonicWALL PCI 1.1 Implementation Guide

Matrix Logic WirelessDMS Service 2.0

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Best Practices Report

2X ApplicationServer & LoadBalancer Manual

InformationNOW System Preferences

ecopy ShareScan v4.3 Pre-Installation Checklist

Task Management. JobTraQ Core Features

Talk Internet User Guides Controlgate Administrative User Guide

WatchDox Administrator's Guide. Application Version 3.7.5

AVG Business SSO Partner Getting Started Guide

Remote Authentication and Single Sign-on Support in Tk20

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

DCA. Document Control & Archiving USER S GUIDE

GUIDE for Authentication

SysPatrol - Server Security Monitor

OpenScape Business V2

Administering Google Apps & Chromebooks for Education

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Barracuda Spam&Virus Firewall v5.1 a Web Filter v5.0 Nové funkce, pluginy a uživatelská vylepšení. Jiří Blažek, Product Manager

SOA Software: Troubleshooting Guide for Agents

ManageEngine Desktop Central. Mobile Device Management User Guide

How To Export Data From Exchange To A Mailbox On A Pc Or Macintosh (For Free) With A Gpl Or Ipa (For A Free) Or Ipo (For Cheap) With An Outlook 2003 Or Outlook 2007 (For An Ub

Using LDAP Authentication in a PowerCenter Domain

Business Portal for Microsoft Dynamics GP User s Guide Release 5.1

Introducing the FirePass and Microsoft Exchange Server configuration

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Introduction. Editions

Getting Started with Clearlogin A Guide for Administrators V1.01

RSA SecurID Ready Implementation Guide

A Guide to New Features in Propalms OneGate 4.0

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Sophos Mobile Control Installation guide

Configuration Guide BES12. Version 12.2

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

OnCommand Unified Manager

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

WirelessOffice Administrator LDAP/Active Directory Support

ADSelfService Plus Client Software Installation Guide

Pre Sales Communications

OnCommand Performance Manager 1.1

There are more security levels in ARCHIBUS, as described bellow.

Installation Guide. Qlik Sense 1.1 Copyright QlikTech International AB. All rights reserved.

Transcription:

SECURITY AND AUDITABILITY WITH SAGE ERP X3 Introduction An ERP contains usually a huge set of data concerning all the activities of a company or a group a company. As some of them are sensitive information (accounting, human resources for example), ensuring the security of those critical information is important. Another important point is the traceability of some modifications. This is especially the case for legislations where the accounting regulations require a complete access to the history of the modifications done on data. Another good example of traceability constraint is given by the FDA regulation, and concerns data linked to the BOMs and routings. The SAFE X3 platform, on which Sage ERP X3 is based, integrates a set of tools in order to ensure the security and the traceability of the information stored and the operations performed. This document will give you details on the tools available on the platform. Connection security SAFE X3 platform is based on components that can be installed on secured servers, protected by firewalls, using https secured connections to the client for the Web native client, but also for the Web service layer that can be used by any external software willing to access to application and administration services provided through the platform. The user authentication can be controlled through an access to a centralized LDAP directory, and the identity can be inherited via NTLM over http protocol (in Web mode) or through the Windows login information (in client-server). LDAP means Lightweight Directory Access Protocol. It refers to open structures used to manage identities in a centralized way, and all the authentication information linked to it. Several implementations exist (such as OpenLdap). Active Directory is the corresponding implementation used by Microsoft to store identities and is LDAP compatible. In Sage ERP X3 version V6, a setup allows to declare that an LDAP directory exists somewhere on the network, and to map information usually stored in the user s or parameter s table with LDAP fields. Once this is done, the parameters stored in Sage ERP X3 database can automatically be refreshed according to the values stored in the LDAP directory (setup option): a central user s repository of the users can thus be managed. Since version 6.2, the connection can also be secured by using a token sent by an external Single Sign On system. Sage SSO provides this single sign on procedure, which is used for example by Netvibes, in order to provide a secured access to business data within end-user portals. Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 1/ 6

Organizations The security for Sage ERP X3 can be defined by folders. A folder is a container that stores the data related to several entities as well as parameters and common data. In each folder, Sage ERP X3 permits to describe companies, financial sites, operational sites, and to define hierarchies of sites based on the legal and accounting organization (a warehouse posting entries on a financial site belonging to a company member of the group), but also on any organizational link (all the European warehouses, whenever they belong to the same legal company or not). This is shown in the following screen: Each company belongs to a given legislation; in a group of company, several legislations can be used. The security can be established for each folder by granting rights to users and users groups, based on these organizational levels. Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 2/ 6

Users and profile Associated to a user, the platform allows the description of function profiles managing the access rights at any level of the organization (sites, companies, sites grouping). Different controls can be set up: 1) Access restriction to data and operations for each function by site, by company, or by groups of sites. For example, it is possible to set up that a user will have access to the sales orders : o Those related to a group of sites or companies in creation, and modification, allocation and preparation, but not deletion nor invoicing o Those related to a site only for inquiry o And no access for all the other sites This is shown by the screen copy above: Depending on functions, the operation controlled can be different (for example, on fixed assets, the rights to reevaluate an asset, to revise it, to split it, to issue them, the change the methods can be controlled separately if needed). Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 3/ 6

2) Authorization management by field, and per transaction, per report through access codes. This will permit to deny for example the access to a given accounting transaction, or disable the modification of the payment term on the customer record. 3) In addition, filter can be added on any field by defining roles and assigning codes related to this role by user. Let s imagine for example that a given user, connected via the Web, is a client with the role of payer. Thus, he will have the right to view the invoices for which he is paying customer. The roles can be freely defined: suppliers, buyers, trade... roles can be set up to secure the filtering of information accessible via the application. 4) Filters can be given on any inquiry, and also for groups of inquiries; access can be given to statistics at a given level. Let s have an example: if a statistical inquiry published on the portal gives the sales detail per area, per sales representative, per item category and customer, a sales representative can have only access to the sales detail for himself (by item category and customer), while the sales director for an area will have access to the detail of his area by sales representative, product line and customer. Parameter setting Transverse security parameters are also defined in the platform. Let s give examples: password policy (length and complexity, renewal period, number of unsuccessful connection attempts ) if the authentication is managed by the platform and not through an external SSO. Automatic time-out for connections Audit constraints and restrictions Administrator identifier, and sub-administrators profile codes These parameters can be set up, depending on the parameters, at global level, at legislation level, at company level, at site level, or at user level. The most local level is used if it exists; otherwise the parameter value is inherited from an upper level. Predefined set of parameter can be registered (for example, having 3 level of security for a given set of parameter, called LOW, MEDIUM, and HIGH). Some global parameters can be locked to a predefined value if given legislations are used for companies belonging to a group. Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 4/ 6

Traceability and audit The SAFE X3 platform includes several traceability and audit functions. The following elements are available: Every login is recorded on the system (whether it is successful or unsuccessful: in case of login failure, the reason why the login could not be done is stored). The information available is: the IP address of the client, the login code, the type of connection, date and time, OS user code. The recording of all critical data stores the date of creation, of last successful modification, and user s identifier who performed the creation and the last modification. Regarding operations performed by users, a first level of audit (user level) allows you to log every successful operation done by users. For each user, a parameter can have the following value: No log, Log of all operations, log of delete and change code operation only. The details stored are date, time, and user code, function and operation performed, and also the key identifying the data. For example, using this function, you will know that John DOE performed a modification on item CD100 the First of December 2008 at 5:31 AM. A more detailed information track can be done through parameter setting (data traceability in dictionary). In that case you will indicate for each database table you want to secure, whether you want to log creation, modification and/or deletion of this table. This level gives you, at the table level, the operation done history. You can also store the details of the modifications done on the fields. In that case, you will get detailed information such as: The First of December 2008 at 5:31 AM, John DOE modified the item (table ITMMASTER) record CD100; the field DEFPOT (default potency) was modified (the previous value was 0.95, and the new value is 0.96). When such a parameter setting is done, a trigger is automatically created in the database. Thus, any modification including a modification through direct access to the database will be tracked. In order to be compliant with regulation such as CFR-21, you can, through a modification, add a control that will force, for modification made on critical fields, the user to sign by entering his password and a reason code for the modification. If the password is not entered, the modification won t be possible. The libraries needed to implement this functionality and the inquiry function are provided, as well as a configuration parameter (a dedicated activity code) and a sequence code for log numbering. The only modification to be done is to add given fields (with a predefined name) on the tables that you want to manage with e- signature, to set up the field traceability on these fields, and finally to add a screen control that will call a dedicated action when modification is done. A technical document describes the methodology to be used for the implementation. Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 5/ 6

Alerts, Workflow and approval In order to trigger dedicated actions based on a given operation done, or to notify and request for approval some modification done, the SAFE X3 platform includes a workflow setup. The workflow engine is able: To send mails. To feed workbenches presented to the users in order to help them to take decisions. To trigger updates, request for approval and manage approval circuits with multiple approvers. To send linked documents to the e-mails; for example, after completion of a batch request, sending a summarized report including the log file generated if errors or warning occurred. Predefined rules are supplied by default, for example: purchase requests and purchase order approval, batch operations notification, modification summary on critical data, approval on sales quotation and orders, password renewals if they are managed by the platform, escalation on signatures Document management The traceability constraints can be requested not only for the ERP data, but also for the documents produced by the ERP or sent to the ERP. The SAFE X3 platform is able to store securely documents in different electronic document management systems, through a standard connector used by several EDM vendors. The documents produced by the ERP (reports, log file, exports, linked documents ) can be securely stored in containers with associated data, and retrieved easily through link established with the data managed in the ERP (for example, linking technical documents to items or BOMS, linking the closing balances reports to a company record, linking simulation Excel spreadsheet exported from a budget entry to the budget definition ). Security, traceability, auditability with SAFE X3 platform Version 1 SAGE 2010 6/ 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information