Security Methods - How They Work
Database Security
If you use MS SQL Server as your database in Calibration Control (our Calibration Management Software), then the built-in SQL Server and Windows authentication will keep your database protected. Otherwise, if you use MS Access the database file (apecal.mdb) must use a database password.
Activating User-Authentication (sign-in mode)
Any user can activate User-Authentication mode after ensuring at least one Active User has Administrative privileges. Only a User with Administrative privileges can deactivate User-Authentication.
What Can an Administrator Do?
Administrators have full access to all parts of the application that require any level of security. An Admin can create Users and change the privileges of any other, including other Admins.
What Can't an Administrator Do?
Admins cannot remove themselves from being an Admin while User-Authentication mode is activated; one Admin must remove the Admin privileges of another. This is a safety feature to ensure at least one Admin exists while the application is in UA mode.
Admins and Passwords
When an Admin creates or changes the password for any user, other than him/herself, that user will be required to change their password the next time they sign in. Use the Password Security Dialog page for help in implementing and adjusting Password Security methods.
Pre-Defined Roles
There are seven pre-defined security roles, which are: Administrator, Super User, Supervisor, Technician, Production, and Layout. Although these Roles cannot be changed, Admins and Super Users can change which Role have access to which Permission.
Hierarchy of Roles
A user with no Roles assigned can see, print, or export any information. Each of the other Roles has the privileges of a user with no Role in addition to:
-
Administrator: Can do anything that requires security.
-
Super User: Can do anything an Administrator can do except
add or edit Users.
-
Supervisor: Same authority as Technician and Production
except that by default can edit Technician Name and Status of calibration records
and can remove relationships between Equipment and Jobs.
- Technician: Can create and edit most equipment records. By default cannot edit the Technician Name (added automatically) or the Status of calibration records.
- Production: Can add Job records that record which jobs equipment is used on. By default cannot remove Job records.
- Layout: Has the authority to make most application layout changes relating to look and feel.
-
Supervisor: Same authority as Technician and Production
except that by default can edit Technician Name and Status of calibration records
and can remove relationships between Equipment and Jobs.
-
Super User: Can do anything an Administrator can do except
add or edit Users.
Permissions
There are a few hundred pre-defined Permissions for the various areas of the applications that require a given level of security. Although each Permission has a default minimum Role, Administrators can change the Role of any of the Permissions.
Change Management (Audit Log)
All field and label changes are tracked in the 'Activity Data' tab. It records time/date, user (if UA mode is activated), screen where the changes were made, machine (computer) name, and the detail of the change. The change detail includes field names and before/after data.
Last updated: 18 April 2019
