Compugene Membership System  

Security


When the security feature is enabled (see below on how to enable), the following window appears whenever you start the program or click the Restart button on the Main Window toolbar:



You must then enter your logon id and password. If you must change the password due to your old password expiring, or you desire to change it for improved security, you enter the new password in the third text box after entering the current valid password in the second text box.

The SECURITY features of the Compugene Membership System are controlled via the Secure button on the main window toolbar, which brings up the Security Administration window.



The Security Administration window is where you control which users can read and/or write, or have no access, to the various authorization areas of the system. Also from the Security Administration window, you add/delete/modify user ids and their authorization levels. Use the Password Options menu option of the Security Administration window to set/change the minimum password length, maximum password tries before the system exits, and maximum logons per password before the password must be changed.

Logon ids and passwords can be up to a maximum of 10 characters in length.

Reasons to use the Security features are as follows:


There are three authorization levels that can be granted for six different authorization areas. The three authorization levels are:

N    no access (user cannot view or modify any data in the specified area)
R    read-only access (user can view but not modify data in the specified area)
W   write access and read access (user can view and modify data in the specified area)

The six authorization areas are: 

F       financial information - whether the user can view or modify financial data
S       scheduling information - whether the user can view or modify scheduling data
M     membership information  - whether the user can view or modify membership data
N      notification information  - whether the user can view or modify notification data
A      special arrangements - whether the user can view or modify special arrangements data
P       accounts payable/non-member information - whether the user can view or modify accounts payable or non-member data

The security specifications are represented as: area of authorization followed by access level.

For example, a user who has FR (financial-read) authorization can display financial information but not update it (write to it). A user who has FN (financial-none) authorization cannot display or write financial information, thus protecting sensitive financial data from those who do not need to see it. As indicated above, the Secure button of the toolbar on the main window brings up the Security Administration window, from which you can create new logon ids, assign initial passwords (which the new user needs to change when he/she first logs in). With the Password Options menu option, you can choose the minimum required password length, how many logons a user can do before he must create a new password, and how many tries a user gets to log in if he enters the wrong password. Also, when creating or changing a logon id, authorizations can be assigned as read, write, or none for the six areas as mentioned above. The default authorizations for a user are none for all six categories.

A master-privilege user (also known simply as master) is one who has the master user check box checked on his record display in the Security window. Only a master user can add/modify user ids and change the various other security options.


Enabling and Disabling Security

To disable security checking (this can be done only by a user designated as a Master user; see above), press the Secure button on the Main Window toolbar and then click the Password Options menu item. This will display the Password Options window. If you set the minimum password length to 0 and click the Update button, you will disable security checking.



To enable security checking, set the minimum password length to a value greater than 0 but less than 11. The minimum password length is the minimum length a password can be to be accepted by the system as a valid password. It is recommended to require as long a password as practicable to ensure greater security.

When security checking is enabled, the only logon ids permitted to enter the security window via the Security function to perform security updates are ids who have Master user status, as set via the Security window.

The Password Options window also allows you to control the following two additional values:
Max pswd tries: the number of tries a user can have to logon and enter invalid user or password before the program terminates and must be re-started. Also, if the userid is valid but the password is incorrect, the userid record will be locked and must be unlocked by a Master user following the specified number of incorrect login tries (the invalid login attempts must be consecutive without any successes in between – for example, a 1-time failure followed by successful login does not count towards the maximum password tries. However, if the maximum password tries is 3 and the user fails to login after 3 consecutive attempts without a successful login, the userid will be locked).
Max logons/pswd: the number of times a user can logon with the same password. Once this number is exceeded, the user will be forced to enter a new password.

When changing values on the Password Options window, always click the Update button to have the new values become effective.

When security checking is not enabled, any user can turn it on by changing the minimum password length to a value greater than 0. To obtain the initial master logon id and password, please contact Compugene Software.

Converted from CHM to HTML with chm2web Pro 2.81 (unicode)