TRAVERSE System Security

TRAVERSE uses MS Access® security features. Principle among these is the strategy of organizing users into groups, making it easier to manage a secure database. Rather than assigning permissions individually to each user for each object in the database, permissions are assigned to a few groups and users are assigned to an appropriate group. When users log on to TRAVERSE they inherit the permissions from any groups they belong to. Note: only user accounts can log on to TRAVERSE - group accounts can not.

Setting up security in TRAVERSE consists of four steps. First, you build the groups to which everyone will belong. Then you add all the users to the appropriate groups. Next, you add the users to TRAVERSE, to tell the system what companies they are allowed to access. Finally, you decide which permissions each group will be allowed.

Adding Groups

The first step in setting up security is establishing groups. To do this, you must be logged on to TRAVERSE as a member of the ADMINS group. By default, Access97 sets up two groups, ADMINS and USERS during installation.

1. On the TOOLS menu in TRAVERSE, click on User and Group Accounts.
2. Select the Groups tab.
3. Click on the New button to add a new group.
4. Type the Group Name and the Personal ID for the group. The group name should be descriptive - i.e. "Accounts Payable" for all the accounts payable clerks. Access requires a unique Personal ID for each group to keep the Group Name unique. You can use the Group name as the Personal ID, but Microsoft recommends that you use something else.
5. Select OK.
6. Repeat steps 3-5 for each group you wish to set up (Accounts Payable, Accounts Receivable, managers, etc.).
7. To remove a group, select the Group Name and click on the Delete button.

Adding Users to Groups

By default, all users are automatically a member of the USERS group. This group should only be allowed the minimum security - for instance, be allowed only to see inquiry screens in each module. Each user is then assigned to the appropriate groups, which will have access only to what they need to get their jobs done.

1. On the Tools menu in TRAVERSE, click on User and Group Accounts.
2. Select the Users tab.
3. Enter the User ID of the person to be added to the group in the Name field. The User ID can be 1-20 characters in length; special characters such as @, & etc. are not allowed. In the Available Groups list box, highlight the group to which you wish to add the user, then click the add button.
4. Add a Personal ID to the user being added. The Personal ID is not a password - it's used to keep the User unique in case there are two people with similar names (two John Smiths, for instance). The Personal ID can be the same as the User name, in which case every user will have to have a unique User name (example: JohnS and Jsmith if there are two John Smiths).
5. The selected group is now displayed in the Member of list box.
6. Repeat steps 3 and 4 as necessary until all users are added to the proper groups.
7. Click OK to exit.

Note: After you create the user and group accounts, you can view the relationships between them by clicking User and Group Accounts on the Security submenu of the Tools drop-down menu in TRAVERSE. Click on the Print Users and Groups button to print a report of the accounts in the overall workgroup. This will show groups to which each user belongs and the users that belong to each group.

Adding Users to TRAVERSE

1. Select User Setup from the Security menu in TRAVERSE System Manager. Select New Record from the toolbar. In the combo box that appears select the user you set up in the User and Group Accounts.
2. In the company list box grant the user access rights to companies. Select each company whose data the user will need to work with and click the Add button to grant permissions.
3. Complete steps 1 and 2 for each user.
4. To take permissions for a company away from a user, select the user, highlight the company and click the Delete button.

Granting Permissions

In this step you determine the levels of access each group will have. For instance, you may want all the payables clerks to be able to do every function in Accounts Payable except month end processing and purging transactions, and not be able to view the General Ledger at all. The Accounts Payable group would be given full rights to AP (minus the specific functions you decided on) and nothing else. As members of the Users group, the payables clerks would not have rights to General Ledger (if that's how you set up the basic level of security for all users). When this step is complete, each user will only be able to see menu choices corresponding to areas to which they have access.

1. In TRAVERSE System Manager select Security and then Menu Security.
2. The list box labeled Group Names contains a list of the groups you set up under the Adding Groups section. Select the group to which you desire to add permissions by highlighting the group name.
3. The Applications list box displays all the applications (AP,AR,GL, etc.) you have installed. Highlight the application to which you want to assign permissions for the chosen group. Note: A special entry for the main menu is also listed.
4. The SubMenu box lists sub-menus from the application main menu. Highlight the sub-menu items for which to allow the group permissions. The Menu Item listbox lists the menu items and whether or not they are hidden under the permissions section. If the box next to the menu item has an "X" the user has rights to use that function. Highlight the menu item and either click SHOW (to grant permission to that function) or HIDE (to deny permission). You may SHOW all or HIDE ALL to grant or deny rights to sub-menu functions in one step.
5. Repeat steps 2-6 until you have granted permissions for all groups.

NOTES:

You should deny all permissions - or at least grant the barest minimum - to the group USERS. Remember, by default every user is a member of this group. Whatever permissions you give this group everyone has - if you grant all everyone will have access to every menu item > If the user is a member of multiple groups they will get permissions for all groups combined.

When you deny or revoke permissions to a menu item, that menu item is not displayed on the menus for all persons in that particular group. For example - A user logs on as a member of the Training group. If the Training group doe not have permissions to Accounts Payable, Transactions, Transactions, the function Transactions will not display on the users menu (unless that user is a member of a group that does have permissions to that particular function).

Workgroup File

If you plan to use the TRAVERSE Workgroup file you will need to join the file Traverse97.mdw. To do this:

1. Start Windows Explorer. Go to the \Windows\System directory and double-click on the file wrkgadm.exe.
2. Click the Join button.
3. Select the file Traverse97.mdw. By default the path is C:\Program Files\Traverse97\ - if TRAVERSE is installed somewhere else, use the Browse button to locate it.
4. Select OK and Exit.
5. If you are joined properly you will be prompted for a logon and password when you go into TRAVERSE or Access 97. The logon name is admin and the password = password (this is case sensitive).

Changing LOGON Password

Use this tab to add or change the passwords for the users you added on the User tab. When you add a user the password is initially set as a blank. You must manually add a password for each user. Passwords are case sensitive. Only members of the ADMINS group can add or change passwords for other users. This is one of the reasons you will want to keep members of the ADMINS group to a minimum.

To clear a password select the Users tab, select an existing User ID and click the Clear Password button.