Security Management

OBJECTIVE

The Security Management option is used to define access for each maestro* user.

 

It is possible to create access rights by user groups, to allow easier configuration of users that will be assigned the same access and permissions.

A list of access permissions to groups of projects is also available by clicking the drop-down menu of the Print icon.

 

PREREQUISITES

 

ICONS

ClosedSecurity Management Icons

Icon

Title

Used to

Cube

View access given to all users for projects, employees, options or restrictions.

See the appendix for more information.

Contact Management

Allows to access the Contact Management maestro* option. The contact linked to the user is automatically displayed, if applicable.

User Group Management

Define security groups to limit user access.

Area Management

Allow to control access to maestro* by groups of companies and to restrict access by certain administrators to companies belonging to the same group of companies. Please read the Security by area document for more information.

Access Configuration Table

View users connected to maestro* and reserve licenses for some users.

Copy security settings from one user to another

Create a user’s security settings based on another user’s settings.

See the Copy Security Settings from One User to Another section for more information.

Configuration

Select the default settings applicable when creating a user.

See the Configure a User's Default Settings for more information.

Only the icons specific to this window are defined in the table below.

 

Summary

 

STEPS

  maestro* > Maintenance > General Maintenance > Processing > Security Management

 

Create a User

  1. Enter the required information in the Identification tab:

Field

Description

Number

Number that identifies the user.

NOTES: If no code is entered, maestro* assigns a default code.

If the code already exists, maestro* displays the data already entered for the code.

Name

User's name.

NOTE: If the user is identified as the reference for his group in Define User Groups, a note reading "Reference user for XXX group" is displayed.

  1. Enter the required information in the Description tab:
    1. ClosedUser Information section:
    1. User Under Responsibility section:This section is used to view all of the users who report to the selected user.
    2. ClosedModify Password section:
    1. ClosedStatistics about this user section:
    1. User's signature section: this section allows indicating the name of the file representing the user's signature. Click on the icon to select and load the signature image file. .bmp, .jpg, .gif, and .psd files are accepted. The user signature can be printed on various maestro* forms and, if applicable, will be used in the hours worked approval option in maestro*MOBILE.
    2. ClosedMailing Configuration section:

    Champ

    Description

    Mailing Mode

    Specifies the mailing mode used for sending standard emails (i.e. all emails that are not mass mailings, dispatch emails, or emails from maestro*MOBILE). Available values:

    • Same as General Settings
    • Microsoft Outlook
    • Office 365 - Modern Authentication
    • SMTP - Other
    • Other Email Software

    NOTES: The value selected by default is Same as General Settings; in this case, the mailing mode set in the General Settings (Communication tab, Mailing Configuration section, Default Mailing Mode for Users field) is displayed below.

    The values other than Same as General Settings are quivalent to configurations specific to this user.

    The Microsoft Outlook value is not available with maestro*CLOUD.

    Server Name

    SMTP email server name. By default, the information is retrieved from the General Settings (Communication tab, Configuration - Mass Mailings and Emails from maestro*MOBILE section).

    NOTES: This field is displayed when the Mailing Mode is one of the following:

    • Same as General Settings, with SMTP - Other other configured in the General Settings. In this case, the Server Name field cannot be modified.
    • SMTP - Other. In this case, the Server Name field can be modified to indicate configurations specific to this user.

    Port

    SMTP email server port. By default, the information is retrieved from the General Settings, (Communication tab, Configuration - Mass Mailings and Emails from maestro*MOBILE section).

    NOTES: This field is displayed when the Mailing Mode is one of the following:

    • Same as General Settings, with SMTP - Other other configured in the General Settings. In this case, the Port field cannot be modified.
    • SMTP - Other. In this case, the Port field can be modified to indicate configurations specific to this user.

    SSL Encoding

    If the box is checked, emails will be encoded with the SSL technology (encryption). By default, the information is retrieved from the General Settings (Communication tab, Configuration - Mass Mailings and Emails from maestro*MOBILE section).

    NOTES: This field is displayed when the Mailing Mode is one of the following:

    • Same as General Settings, with SMTP - Other other configured in the General Settings. In this case, the SSL Encoding field cannot be modified.
    • SMTP - Other. In this case, the SSL Encoding field can be modified to indicate configurations specific to this user.

    User or Email

    Contains the code or email address for the user account. By default, this field is automatically filled in from the user's email address specified in the Email field of the User information section.

    NOTES:

    • The User field is displayed when the Mailing Mode is SMTP - Other (or Same as General Settings, with SMTP - Other configured in the General Settings).
    • The Email field is displayed when the Mailing Mode is Office 365 - Modern Authentication (or Same as General Settings, with Office 365 - Modern Authentication configured in the General Settings).

    Password

    Password used for the SMTP account.

    NOTES: This field is displayed when the Mailing Mode is SMTP - Other (or Same as General Settings, with SMTP - Other configured in the General Settings).

    Users can use their application password, if it has been configured and if multifactor authentication is enabled for the email account. For more information, refer to the Appendix - Creating the Application Password.

    "From" Address

    Displays the email address of the sender that will be used to send a standard email "as" or "on behalf" (based on the configurations set for the email account).

    By default, this field is automatically filled in from the user's email address specified in the Email field of the User Information section.

    NOTE: This field is displayed when the Mailing Mode is one of the following: Office 365 - Modern Authentication, or SMTP - Other (or Same as General Settings, with Office 365 - Modern Authentication or SMTP - Other configured in the General Settings).

    Authentication

    Allows the user to connect using multifactor authentication.

    The authentication status is indicated by a label to the right of the button:

    • "Authenticated", if the authentication was successful. Maestro* maintains authentication by storing a token, i.e. a string of characters (which does not correspond to the user's password), allowing the user to send emails without having to authenticate again.
    • “Non-Authenticated”, if authentication has not yet been performed by the user or if it has not worked.

    NOTES: The Authentication field is displayed when the Mailing Mode is one of the following: Office 365 - Modern Authentication (or Same as General Settings, with Office 365 - Modern Authentication configured in the General Settings).

    The authentication performed in Security Management will be maintained in the Preferences window; the authentication performed in the Preferences window will also be maintained in Security Management.

    When connecting for the first time, the user is asked to authorize the application to access their information.

    It is important to note that if the user changes their authentication information (e.g. their password), they will need to authenticate again, even if “Authenticated” is displayed.

    Send Test Email

    Used to send an email with maestro* in order to test configurations.

    NOTES: The changes must be saved before sending a test email.

    For the Office 365 - Modern Authentication and SMTP - Other mailing modes, the email account indicated in the User or Email field must have permission to send emails as this address.

    Select Email Signature

    Used to configure email signature.

    NOTE: The Microsoft Outlook option is not available with maestro*CLOUD.

    1. Roles in the company section: this section displays the roles assigned to the user in the Role Management option and concerns the various processes in which they can intervene.
  1. Click on Save.
  2. Enter the required information in the ClosedAccess to Projects tab:

Field

Description

User will have access to all projects

Provides access to all projects.

User will have access to some types of projects

Provides access to certain types of projects only.

NOTE: The types are created in Define Project Types and are assigned to the project when opened in Project Management.

User will have access to some categories of projects

Provides access to certain project categories only.

NOTE: The categories are created in Define Project Categories and are assigned to the project when opened in Project Management.

User will have access to some projects

Provides access to the projects selected usingthe the project selection tool, which offers several choices for selecting projects (by project type, by category, etc.) from the Template dropdown menu.

NOTES: The Configuration icon, on the right of the Template field, can be used to create new templates. For more information, refer to the How To - Project Selection Tool.

In the Security Management option, when the user changes the Template, the selection of projects made is retained.

The Template chosen, as well as the projects selected by the user, will be retained for the next time the Security Management option is used.

In multidimensional mode, if accesses to projects have been defined according to the prefix, the Template will be the same regardless of the prefix.

Group Access Section

Field

Description

User will have access to all groups

Provides access to all expense and income groups configured in Define Cost Groups.

User will have access to some groups

Provides access to the group selected in the Individual Access to Groups section only.

 

Access restriction sections are displayed only if the corresponding options are installed.

This restriction is applied in Project Inquiry for the detailed expense report and dynamic vector-based analysis for projects.

  1. Enter the required information in the ClosedAccess to Employees tab:
  1. ClosedAccess to Employee file maintenance section:

Field

Description

Options

Corresponds to each tab in the Employee Management; if a box corresponding to a tab is checked, the user has access to it.

  • Employee ID
  • Payroll Information
  • Project Time
  • Other Modules
  • Bonuses and Deductions
  • Income Tax
  • Additional Fields
  • History
  • YTD Inquiry
  • YTD Modification
  • Accumulators
  • Human Resources File
  • Trades and Unions
  • Events

NOTES: Users with a “limited access to all employees” can access the Employee ID tab in Employee Management if the option is checked here and the employee’s contact information is visible (i.e. the Hide Employee’s contact information option in the For employees with limited access section is not checked).

See Employee Management for a description of each tab’s content.

 

If the user must create employees using the Employee Management option in Time Management, or Employee Management in the Service Management module, the Other Modules option must be checked.

If lists are created with the List Generator, the lists consulted by the user only display the information allowed by the security settings.

  1. ClosedFor inaccessible employees section:

Field

Description

Must not see project expenses for these employees

Used to hide expense amounts associated with employees in Project Inquiry and on the various reports of maestro*.

  1. ClosedFor employees with limited access section:

Field

Description

Hide Employee’s contact information

Hides all information related to an employee, except his name and some information required for time entry (trade code, union code, equipment code)

NOTE: If this box is checked, the user doesn’t have access to the Identification tab in Employee Management.

Allow access to Document Management

Allows the user with a limited access to employees to access their documents.

In report and inquiries

Field

Description

Hide employee ID

Hides the number, name of the employee, social insurance number, and any other fields that identify the employee in reports.

Hide the salary

Hides the rates and amounts of the employee's salary.

  1. On the Access to Companies tab, check the companies to which the user has access. This tab allows you to select companies to which the user has access when starting a work session in maestro*.
  2. View the information in the History tab. The user can filter the historyinformation by Date (of access), User or Option to display only the wanted information.

To ensure this tab contains information, the Keep a log file of the system usage for this user and Save History fields must be completed in the Statistics about this user section under the Description tab.

  1. Enter the required information in the ClosedAccess Restrictions tab:
 

If the user is considered the reference user of a user group, the tag Reference user of group X pops up in the upper right corner of the window.

If the parameters and selections of a reference user are modified, a message will appear to know if these changes should be applied, or not, to all other users of the group.

 

For this tab, click on the [+] in front of each item in the menu on the left, then on each sub-item below. Afterwards, check the appropriate elements.

  1. ClosedAccounting element:

Financial Statements sub-element:

Field

Description

The user has access to all financial statements.

Provides access to the financial statements accessible to the user.

NOTE: The user only sees the financial statements for which the Accessible column is checked.

  1. ClosedAccounts Receivable element:

ClosedInvoicing sub-element:

ClosedCustomer Order sub-element:

  1. Click ClosedProjects in the menu on the left, then on:

ClosedProject Management sub-element

ClosedTime Sheets sub-element

ClosedWork Orders sub-element

ClosedIn Work Order Entry sub-element

ClosedWork Orders – Counters sub-element

ClosedWork Order – Inquiry sub-element

This section corresponds with the various Work Order Inquiry tabs in the Work Order module (refer to this option for the content of each of the tabs).

It allows the user to configure user access to the various tabs in Work Order Inquiry. The user has access to the tab if the box is checked.

By default, all of the tabs are checked. At least one tab must be checked.

ClosedChange Order sub-element

ClosedMiscellaneous Reports sub-element

  1. Click on ClosedPayroll in the menu on the left:

ClosedPayroll sub-element

ClosedMiscellaneous Report sub-element

  1. Click on ClosedPurchasing in the menu on the left:

ClosedAccess to order statuses sub-element

ClosedOrders sub-element

ClosedSubcontractor Contract sub-element

ClosedRequisitions sub-element

ClosedPurchases sub-element

  1. Click on ClosedQuotations in the menu on the left:

ClosedConcrete and Quarry Quotations sub-element

ClosedDistribution Estimates sub-element

ClosedConstruction Quotations sub-element

  1. Click on ClosedService Calls in the menu on the left:

ClosedReturn from a Service Call sub-element

ClosedContract Management sub-element

This section allows the user to define the level of security applicable to Contract Management.

Access to Tabs in Service Contracts Management

This section corresponds to the various Contract Management tabs in the Service Call module (refer to this option for the content of each of the tabs). It allowsthe userto configure user access to the different tabs of the contract. The user has access to the tab if its box is checked.

The data in tabs that are not displayed in Contract Management does not become confidential data. It is always accessible to the user through search, list generator, report and view functions.

By default, the tabs listed below are checked. If access to all tabs are cleared, only the contract number, status, document management, printer and navigation icons are visible.

 

Field

Description

Contract Description

Provides access to the Contract Description tab if the box is checked.

NOTES: To have access to the New, Delete and Renew Contract icons, the Contract Description tab must be accessible and the user must have full access to the Invoicing section.

Access to theInvoicing section can be defined more specifically in this tab using the Access to the Invoicing section of Service Contracts Management option.

Access to the Invoicing Section of Service Contracts Management

Determines the security level of the Invoicing section in the Contract Management option.

NOTE: The Contract Description tab must be checked for the section to be displayed and for the selected security level to be applied.

Full access Allows the user to enter, edit and view the information in the Invoicing section.
Read Only Only allows the user to see the information linked to the Invoicing section. The user cannot make corrections.
No Access – Section not displayed Used to make information in the Invoicing section invisible to the user. Th user cannot see the section or make corrections.

The user can modify the material and labour budgets even if the maintenance call has been generated

Allows the user to modify the Material Budget and Labour Budget columns in the Visits tab of the service Contract Management option, even if the call linked to the visit has been generated.

NOTE: The box is not checked by default.

ClosedService Quotation sub-element

  1. Click on ClosedEquipment in the menu on the left:

ClosedEquipment Definition sub-element

This section contains the various tabs in Equipment Management. The user has access to the information if the box is checked.

If lists are created with the List Generator, the lists consulted by the user only display the information allowed by the security settings.

ClosedEquipment Inquiry sub-element

This section contains the various tabs in Equipment Inquiry. The user has accessto the information if the box is checked.

If lists are created with the List Generator, the lists created by the user only display the information allowed by the security settings.

ClosedEquipment Rental sub-element

ClosedTime Management sub-element

  1. Click on ClosedCRM in the menu on the left :

CRM Calls sub-element

Field

Description

The user has access to the ‘Manager’ tab

Allows the user to access the Manager’s Section tab in the Call section of the Customer Relationship Management (CRM) option

User has access to ALL calls

Allows the user to access all CRM calls if the box is checked.

Otherwise, access can be restricted according to the following configurations:

These access levels are cumulative. Therefore, it is possible to activate more than one.

  • User has access to calls they have created.
  • User has access to calls for which he was assigned responsibility.
  • User has access to calls for which he is the assigned salesperson.
  1. Click on ClosedDocuments in the menu on the left:

ClosedAccess to Documents sub-element

ClosedNotifications sub-element

  1. Click on ClosedContact Management:

ClosedAccess to Contacts sub-element

This section allows the user to define the type of access to authorize in Contact Management as it relates to each type of contact.

To provide access based on the contact type, check the appropriate boxes. If not checked, the user does not have access to Contact Management.

 

Field

Description

Type of Contact

Full Provides access to all contacts in edit, create and delete modes.
Modification Allows the user to edit only existing contacts. The user cannot create new contacts.
Insertion Allows the user to add a contact.
Deletion Allows the user to delete a contact.
Read Allows the user to have access to all contacts in view mode only.
Limited read Allows the user to view only the selected types of contacts in restricted read mode.
  1. Click on ClosedGeneral in the menu on the left:

ClosedMiscellaneous sub-element

ClosedUser Group sub-element

ClosedAccess to Master Files sub-element

Customer Management, Supplier Management, Catalogue Management and Chart of Accounts are examples of master files in maestro*.

The expression “file” is used to designate the creation of a new entry. For example, a new customer, a new supplier, etc.

 

Field

Description

The user has the right to add a record

Used to create a new record.

The user has the right to modify a record

Used to modify information in an existing record.

The user has the right to delete a record

Used to delete an existing record.

ClosedAccess to Transfers sub-element

  1. Enter the required information in the ClosedAccess to Fields tab:

The user can specify options in the Options to Which the User Has Access section, whether or not the user can see them, and modify them.

The Options to Which the User Has Access section does not contain all of the options in maestro*.

  1. Select an option in the left section (Options to which user has access).
  2. In the right section, Fields from Option, indicate the Type of Access for each field by selecting it from the drop-down menu.

OR

Choose the default access to all of the fields of the option by clicking on the drop-down menu Default:

Option

Description

Full access

Allows the user to see and modify the information.

View

Only allows viewing the information.

Invisible

Makes the information invisible to the user.

  1. In the bottom section, Company Identification, indicate the Type of Security.

Security applies to all companies (Global) or only to this company (Local) based on the choice made in the Type of Security field.

  1. Click Save.

When saving a user reference, maestro* asks if the changes should apply to all users within the same group.

 

User Access Using the Cube

When clicking the drop-down menu ofthe Cube, the user can select the following pivotal analysis type:

ClosedPivotal Analysis - Access to Projects

The Pivotal analysis - Access to projects is used to quickly and easily analyze project access rights assigned by user in the form of a dynamic cross-referenced table.

The analysis is based on the security setting in the Access to Projects tab.

 

  1. Click to the right of the Cube icon.
  2. Select Pivotal Analysis - Access to projects.
  3. Select the User code(s) and Projects to be included in the analysis.

It is possible to select projects by Master Project, Individual Project, Project Type or Project Category.

The user can display active projects only by checking Active Projects Only.

  1. Click Accept.

An analysis grid is displayed with the results of the analysis. To exit the grid, click the Quit icon.

ClosedPivotal Analysis - Access to employees

The Pivotal analysis - Access to employees is used to quickly and easily analyze employee access rights assigned by user in the form of a dynamic cross-referenced table.

The analysis is based on the security setting in the Access to Employees tab.

 

  1. Click to the right of the Cube icon.
  2. Select Pivotal Analysis - Access to employees.
  3. Select the User code(s), Employee Group and Employees to be included in the analysis.

It is possible to display active employees only by checking Active Employees Only.

  1. Click Accept.

An analysis grid is displayed with the results of the analysis. To exit the grid, click the Quit icon.

ClosedPivotal Analysis - Access to options

The Pivotal analysis - Access to options is used to quickly and easily analyze option access rights assigned by user in the form of a dynamic cross-referenced table.

The analysis is based on the options in the menu which is accessible throughsecurity groups created in Group.

 

  1. Click to the right of the Cube icon.
  2. Select Pivotal Analysis - Access to options.
  3. Select the User code(s).

To select multiple user numbers, press and hold the Ctrlor Shiftkeys. Otherwise, click All.

  1. Click Accept.

An analysis grid is displayed with the results of the analysis. To exit the grid, click the Quit icon.

ClosedPivotal Analysis – Access Restrictions

The Pivotal analysis - Access restrictions option is used to quickly and easily analyze access restrictions by user in the form of a dynamic cross-referenced table.

The analysis is based on the restrictions to the various options identified in the Access Restrictions tab.

 

  1. Click to the right of the Cube icon.
  2. Select Pivotal Analysis – Access Restrictions.
  3. Select the user code(s).

To select multiple user numbers, press and hold the Ctrl or Shift keys. Otherwise, click All.

  1. Click Accept.

An analysis grid is displayed with the results of the analysis. The displayed table contains information about each section in the Access Restrictions tab, the configuration name and value. The True value indicates that the user has access to a configuration. To exit the grid, click the Quit icon.

 

Copy Security Settings from One User to Another

The Copy security settings from one user to another enables the selection of a user (source user) and identify some aspects of his profilethat will be copied and assigned to other users.

  1. On the Copy security settings from one user to another window, enter the required information in the ClosedSelect source user section:
  1. Fill out the ClosedSelect access rules and settings to copy section:
  1. Select the employees that should have the same access and settings as the source user by checking the corresponding boxes.
  2. Click on Apply to confirm the choices and on Quitto return to the Security Management window.

 

Configure a User's Default Settings

The Configuration icon allows the user to determine default settings when creating a new user. In addition, standard values and project, employee, and group accesses can be defined.

ClosedConfiguration and User Settings

 

See also

 

Last modification: October 24, 2025