Security Methods - How They Work
When using a MS SQL Server database in Calibration Control (our Calibration Management Software), the built-in SQL Server and Windows authentication will keep the database protected. Otherwise, when using MS Access the database file (apecal.mdb) must use a database password. The default MS Access database files that come with Ape Software versions 7.2.5 and later have password encryption by default. When upgrading from a previous version and using MS Access, make sure to manually set the password for the database.
Activating User-Authentication (Sign-In Mode)
Any user can activate User-Authentication mode after ensuring at least one active User has Admin privileges. Only a User with Admin privileges can deactivate User-Authentication.
What Can an Administrator Do?
Administrators have full access to all parts of the application that require any level of security. An Admin can create Users and change the privileges of any other User, including other Admins.
What Can't an Administrator Do?
Administrators cannot remove themselves from being an Admin while User-Authentication mode is activated; one Admin must remove the Admin privileges of another. This is a safety feature to ensure there is at least one Admin while the application is in User-Authentication mode.
Administrators and Passwords
When an Administrator creates or changes the password for any User other than themselves, that User will be required to change their password the next time they sign in. Use the Password Security Dialog page for help in implementing and adjusting Password Security methods.
There are seven pre-defined security roles, which are: Administrator, Super User, Supervisor, Technician, Production, and Layout. Although these Roles cannot be changed, Admins and Super Users can change which Role has access to which Permission.
Hierarchy of Roles
A User with no Roles assigned can see, print, and export any information within the database. Each of the other Roles has the privileges of a User with no Role in addition to:
Administrator: Can do anything that requires security.
Super User: Can do anything an Administrator can do except
add or edit Users.
Supervisor: Same authority as Technician and
Production, can also edit Technician Name and Status of calibration
records, and can remove relationships between Equipment and Jobs.
- Technician: Can create and edit equipment records. Cannot edit the Technician Name (added automatically) or the Status of calibration records.
- Production: Can add Job records that record which equipment is used on which job. Cannot remove Job records.
- Layout: Has the authority to make most application layout changes relating to the look and feel of the database.
- Supervisor: Same authority as Technician and Production, can also edit Technician Name and Status of calibration records, and can remove relationships between Equipment and Jobs.
- Super User: Can do anything an Administrator can do except add or edit Users.
There are pre-defined Permissions for specific areas of the application that require a given level of security. Although each Permission has a default minimum Role, Administrators can change the Role of any of the Permissions.
Change Management (Audit Log)
All field and label changes are tracked in the 'Change Log' found in the Utilities tab of the ribbon menu. It records time/date, user (if User-Authentication mode is activated), screen where the changes were made, machine (computer) name, and the detail of the change. The change detail includes field names and before/after data.
Last Updated: 13 March 2019