System Controls: Security - Functional Security

Each program in the system can perform what are termed OPERATIONS which fall into one of three categories:

Category	Description
Intents	Such programs can be called with the intention of doing more than one thing. For example, an edit program can be called with the intention of Amending and in this instance Amending is known as an INTENT.
Actions	All foreground programs have an Action Bar at the top of the screen and F-keys at the bottom. The program Operation initiated by these is known as an ACTION. For example a list program will normally have an action of Edit Amend. This Action will cause the list program to call the edit program with an intent of amend.
Functions	A few programs require security over some application functionality which is neither of the above. Examples are amending credit limits and posting to prior periods. These operations are known as FUNCTIONS.

Each user has a Security Group assigned which is used to tell the system which functions he/she is not allowed to access.

The Security Group has attached to it a list of programs which have some or all of their operations marked as denied. This list defined the functions which are denied to users who have the Security Group assigned to them.

Relationships exist between operations on different programs, as explained by the following example and these are handled automatically by the system.

If we consider a list program and its associated edit program, there are Actions on the list program to View, Amend, Insert etc. the data via the edit program. If the edit program has its Insert and Purge operations denied, the system will automatically deny the equivalent actions on the list program. This has the effect of stopping the user even trying to Insert or Purge the data via the list program, rather than letting him/her try and then getting an error saying that the user does not have access to that function.

There are two stages in establishing functional access:

Security Group
Facility Denials

Security Groups are identified by an eight character alphanumeric code. This obviously will allow sufficient permutations of program access rights to define a different security group for use if required. Alternatively a security group may be used to define security access for multiple users. A single user may also have a different security group for each company to which they have access.

NOTE The menu path shown is the default for the system. Your company may have customised menu options, so the path shown may not be accurate. Please contact your system administrator for details.