Security Methods - How They Work

Database Security

If you use MS SQL Server as your database, then the built-in SQL Server and Windows authentication will keep your database protected.  Otherwise, if you use MS Access the database file (apecal.mdb) must use a database password.  The default MS Access database files that come with Ape Software version 7.2.5 and later have password encryption by default.  If you are upgrading from a previous version and use MS Access, you must manually set the password for your database.

Activating User-Authentication (sign-in mode)

Any user can activate User-Authentication mode after ensuring at least one Active User has Administrative privileges.  Only a User with Administrative privileges can deactivate User-Authentication.

What Can an Administrator Do?

Administrator has full access to all parts of the application that require any level of security.  An Admin can create Users and change the privileges of any other, including other Admins.

What Can't an Administrator Do?

Admin cannot remove him/herself from being an Admin while User-Authentication mode is activated; one Admin must remove the Admin privileges of another.  This is a safety feature to ensure there is at least one Admin while the application is in UA mode.

Admins and Passwords

When an Admin creates or changes the password for any user, other than him/herself, that user will be required to change their password the next time they sign in.  Use the Password Security Dialog page for help in implementing and adjusting Password Security methods.

Pre-Defined Roles

There are seven pre-defined security roles, which are: Administrator, Super User, Supervisor, Technician, Production, and Layout.   Although these Roles cannot be changed, Admins and Super Users can change which Role has access to which Permission.

Hierarchy of Roles

A user with no Roles assigned can see, print, or export any information.  Each of the other Roles has the privileges of a user with no Role in addition to:

  • Administrator:  Can do anything that requires security.
    • Super User:  Can do anything an Administrator can do except add or edit Users.
      • Supervisor:  Same authority as Technician and Production except that by default can edit Technician Name and Status of calibration records and can remove relationships between Equipment and Jobs.
        • Technician:  Can create and edit most equipment records.  By default cannot edit the Technician Name (added automatically) or the Status of calibration records.
        • Production:  Can add Job records that record which jobs equipment is used on.  By default cannot remove Job records.
      • Layout:  Has the authority to make most application layout changes relating to look and feel.
Roles / Security

Permissions

There are 63 pre-defined Permissions for 63 areas of the applications that require a given level of security.  Although each Permission has a default minimum Role, Administrators can change the Role of any of the Permissions.

Change Management (Audit Log)

All field and label changes are tracked in the 'Activity Data' tab.  It records time/date, user (if UA mode is activated), screen where the changes were made, machine (computer) name, and the detail of the change.  The change detail includes field names and before/after data.


Last updated:  8 Feb 2017