Security by Area

OBJECTIVE

Security by Area makes it possible to control access to maestro* by groups of companies and to restrict access by certain administrators to companies belonging to the same group of companies.

With Security by Area, you can add a new administrator access setting -- the local administrator. Users with this level of security have rights similar to those of an administrator, but they are limited to companies that belong to the industry identified in their user group. This allows the regular system administrator to delegate security management to managers selected for each area, without providing access to companies that are not part of the area for which they are responsible to these managers.

 

An area is a group of companies defined in maestro*. It is associated with a user group.

  • The area may include companies defined in several different directories.
  • In multidimensional mode, all companies defined in a given directory automatically belong to the same area.

 

 

In the rest of this document, Administrators (with full access to the system) were designated as regular administrators to distinguish them from local administrators.

 

PREREQUISITEs

 

Étapes

Create and Associate Areas to Companies and/or Users

To create areas and associate them with companies and users, you must follow this procedure in the order listed below.

 

To perform these steps, you must log on to maestro* with a regular administrator level user.

Identify an AREA for each of the companies created in maestro*

 

To determine which areas are already associated with companies, click the Help icon in the main menu and select About. At the bottom of the screen, click Properties and then the Companies tab. The areas are displayed by company.

  1. Access the Modify Company Settings option in the main menu by clicking the Configuration icon.
  2. From the Modify Settings screen, click the Area Management icon.

 

This option is not available in the menu and is only visible to administrators.

The Area Management option will open.

  1. Enter a code and description to create a name for this area. Then Save and Quit.

 

This code will be used to identify the area in the following options: Modify Company Settings, Security Management and User Group Management.

  1. Under Modify Settings screen, select the area that is to be associated with the company.

 

In multidimensional mode, all company prefixes saved in the same directory will share the same area automatically.

You can use the same area for companies saved in different directories. Users can access all companies belonging to the area to which they are linked.

Difference between an administrator and a local administrator

Although the administrator and local administrator share most of the functions that are specific to administrators, there are differences between the two types of administrators.

Administrator

Local Administrator

Has access to all companies, regardless of the area.

Has access to companies in his area only.

No area is specified in the user group.

Its user group is associated with an area.

Can create new companies in all areas.

You can create new companies within the area with which it is associated.

Can create users and user groups in all areas.

Can create users and user groups for its area.

Can change the area for a user group.

You cannot change the area of a user group.

Creating a Local Administrator

To create a local administrator and allow him to create and manage the users in his area, the maestro* administrator must first create a user group for this purpose and link it to an area. Afterward, the local administrator of the area can be created and associated with this user group.

 

Local administrators can create additional local administrators if they like, but they must belong to the same area. Only a regular administrator can select the area to be assigned to a user group.

A user group can only be associated with one area.

  1. Access the Security Management option in the main menu by clicking the Configuration icon.
  2. Create or select the user who will be designated as the local administrator.
  3. Create a user group by clicking the User Groups Management icon.
  4. Complete the following fields: Code, description.
  5. Select the Local Administrator access level.
  6. Identify the area.
  7. Complete the access to options.
  8. Click Save and Exit.

 

 

A local administrator must have access to all of the companies defined in the area to which he belongs. You cannot restrict access, even by clearing some companies in the Access to Companies tab.

A local administrator must have access to all projects and all employees existing in companies to which he has access. You cannot restrict access.

You cannot specify an industry in Administrator (regular) user groups.

 

If a user has to change his area or user group, we strongly recommend that you create a new user and a new group for the area.

 

IMPLEMENTATION

Security Management

After creating the local administrator, the user can simply log on to maestro*.

The local administrator can create users and user groups in the area to which he has access. However, a local administrator cannot create a group of users at the Administrator (regular) level.

Changes made after Security by Area is applied:

  • Users that are available in the selection of users are only those that belong to the current user’s area.
  • The user in charge field displays all users belonging to the current user’s industry as well as the regular administrators that do not belong to an area.
  • The Access to Companies tab only displays companies that belong to the current user’s area.
  • The History tab lets you selected only users belonging to the current user’s area from the range of users.

 

These changes do not apply to regular administrators who continue to have full access to all users and all companies.

For more information, please refer the Security Management document.

Connecting to maestro*

The Login as another user option, which is accessible in the maestro* login screen under Options, displays the users belonging to his area to the local administrator.

Company selection

Local administrators can only access companies related to their areas. 

 

The regular administrators will continue to have access to all companies, while regular users will continue to have access only to companies selected in the Access to Companies tab in security management.

Entries in maestro*

In all data entry screens where a selection of companies is displayed, the list of companies is displayed based on the area of the user.

Report Generator and Document Management

Only reports and documents identified in the user’s area are accessible.

 

Only regular administrators can access all of the reports and documents.

 

Last modification: November 07, 2024