1) EMPLOYEE CODE
2) Secret PASSWORD uniquely coupled to each Employee Code
Every user should be assigned an Employee Code and a corresponding secret Password. The Employee Code is used to tag transactions entered by the user, such as opening and closing RA's, reservations, cash receipts, etc. The secret Password is used for security, that is, to prevent unauthorized entry into the CARS+ system and to prevent someone from using another employee's code. On stand-alone systems, the Password is easily changed by the manager . When using CARS+ Internet, the Password is easily changed by the employee. For your protection, every user's password should be changed periodically.
Each Employee Code is assigned to a Menu Type. You may assign as many Employee Codes to the same Menu Type as desired. Each Menu Type is given a unique name by the manager and is used to define which CARS+ menu items are accessible and which are not. For example, you may wish to create a Menu Type named COUNTER which provides access to all menu items needed by employees handling customers at the rental counter. All Employee Codes assigned to Menu Type COUNTER will see only those menu items for which access has been approved.
In addition, each Employee Code can be assigned a RealWorld Password. This password behaves just like a CARS+ Menu Type in that it grants access to a predetermined selection of RealWorld accounting programs. See the appropriate appendix at the end of this manual for a complete description on setup and use of RealWorld passwords.
The steps involved in setting up the Security System are as follows:
1) Using the SELECT ITEMS FOR MENUS program, create a Menu Type name and select which menu items are to be accessed.
2) Using the RealWorld PASSWORD MAINTENANCE program, create a Password and select which accounting programs are to be accessed.
3) Using the EDIT USER ACCESS FILE program, create Employee Codes and Passwords and assign to each a Menu Type and RealWorld Password.
ACCESSING THE SECURITY CONTROL RECORDS
The Security System is a sub-menu of the System Operations menu. It is accessed by typing SECURITY (RET) at any menu "OPTION:" field or the appropriate line number on the System Management menu.
The screen will then display:
| SECURITY SYSTEM MENU 1. Select Items for Menus MENUSEL 2. Print Menu Type File PRTMTYP 3. Edit User Access File EDITUAF 4. Print User Access File PRTUAF 5. Employee Audit Report UAFRPT 6. De-activate Users EXPUAF 7. Print Menus MNUPRT 8. Clone Menus CLONEMNU 9. Add a New User ADDUSER 10. Change System Password CHGPWD 11. Edit Feature Edit Profile EDITFEP 12. Print Feature Edt Profile PRTFEP 13. Edit Notes Type Codes EDITNTS 14. Global Edits to Users SETUAF 15. Update Users Expire Date UAFEXP |
MULTI-TIERED SECURITY FEATURE
The following notes cover the "multi-tiered" feature of the CARS+ security system. This feature is designed to:
1. Limit the ability of middle management to grant or change the access level of subordinates.
2. Limit which users can move vehicles into and out of certain Status Codes.
3. Optionally, impose "Hold Codes" on vehicles - a more detailed way to control vehicle usage.
1. LIMITING ABILITY TO CHANGE ACCESS LEVELS
As mentioned earlier, the Edit User Access File program (EDITUAF) is used to grant an employee access to the CARS+ programs. Therefore, if local managers hire employees, they must have access to this program. But obviously, local managers should not be able to use that program to increase their own access level. The multi-tiered feature of the security system prevents a user from either changing their own access level or granting to a subordinate a higher level of access than their own.
This is accomplished by assigning a Type Number to each Menu Type created. The smaller the Type Number, the higher the Menu Type is in the tiered hierarchy of menus. For example, a Menu Type level of "ALL" has a Type Number of 1. This is the first or highest level of access. A user with menu type "ALL" is able to assign any menu type to any other user. Therefore, the smaller the Type Number, the higher the priority is of the assigned menu.
The following three rules apply to the tiered security feature of the Edit User Access File program:
1. Only users who have been granted access to the Security System Menu can grant or withhold access to CARS+ programs.
2. Users having access, cannot examine, edit or create User Access Records which have a Type Number equal to or of a higher priority than their own number. This means that users cannot change their own access template.
3. Users having access, may examine, edit, create or delete User Access Records which have a lower priority Type Number than their own.
To get a better picture of this feature, the security system of a fictional business will be used. This operation has three rental offices whose managers all have the authority to hire. The organizational chart appears below:
SYSTEM ADMINISTRATOR
|
____________________|___________________
| |
| |
OPERATIONS MANAGER ACCOUNTING MANAGER
| |
_____________|_____________ ______________|__________________
| | | | | | |
| | | | | | |
LOC A LOC B LOC C A/R A/P P/R FLEET
MGR MGR MGR CLERK CLERK CLERK CLERK
| | |
| | |
RENTAL RENTAL RENTAL
AGENTS AGENTS AGENTS
The following Menu Types exist in their system:
Menu Type Can this position
Name change access levels?
----------------------------------------------
ALL YES
OP MGR YES
ACCT MGR YES
LOC MGR YES
A/R NO
A/P NO
P/R NO
FLEET NO
RENTAL AGENT NO
Because the first four positions all have the ability to hire, they all have access to the Edit User Access File program (EDITUAF). But local managers are restricted to only changing the access of rental agents. This is accomplished through the use of the Type Number assigned to each Menu Type. If the chart above was sorted according to the Menu Type Number it would appear as follows:
Menu type Type Number Does menu type have
Name access to EDITUAF?
------------------------------------------------------------
ALL 01 YES
ACCT MGR 03 YES
P/R 10 NO
A/P 13 NO
A/R 15 NO
FLEET 19 NO
OP MGR 20 YES
LOC MGR 25 YES
RENTAL AGENT 30 NO
From the previous chart, the following things can be observed:
1. Individuals assigned Menu Type ALL can change the access of all other users. This is because they have Type Number 1 and access to EDITUAF.
2. The Accounting Manager can change the access of all users with Menu Types listed below him (Type Number 3 and access to EDITUAF). But he can not give anyone the same access as his own nor can he change his access to menu ALL.
3. The Local Managers are limited to only granting users the access "Rental Agent".
4. Although all the accounting clerks (P/R, A/P, A/R and Fleet) have Access Codes which are higher up on the hierarchy than Local Managers, they do not have access to the EDITUAF program, therefore, they cannot change the access of anyone.
It should be emphasized that having a Type Number that is high on the hierarchy does not necessarily mean you have access to more programs in the system. In the example above a Local Manager will usually have access to over 3 times as many programs as an accounting clerk. The Type Number only determines who can grant or change user access codes at each level.
It is suggested that when assigning Type Numbers it is recommended to skip numbers between the ones that are used. This will allow new Menu Types to be easily added at a later time without redoing previous entries.
Menu Type ALL behaves differently from all others in that users who have been assigned to Menu Type ALL can assign Menu Type ALL to other users.
2. SECURING VEHICLE STATUS CODES
Through the use of the Make Vehicle Available and Vehicle History Update programs, it is relatively easy to change the status of a vehicle from one Status Code to another. This could create problems with certain critical Status Codes, such as the code for a stolen vehicle. Management needs to prevent unauthorized users from changing critical Status Codes. This is accomplished through the "multi-tiered" feature.
Vehicle Status Codes can be assigned Menu Type Numbers (one for moving vehicle TO a status and one for moving vehicles FROM a statusl). This is done to limit which users are allowed to move vehicles into and out of those statuses. Only those users who have been assigned that access level or one with a higher priority are able to change the status. As an example, compare the following chart of Status Codes with the chart of Menu Types and Type Numbers on the previous page.
Description Code Type Menu Type Number Menu Type Number
to move TO to move FROM
this status. this status
---------------------------------------------------------------------------------------------------------
Available A A
Idle on back lot B A
Converted C N 19 (Fleet) 19 (Fleet)
Employee use E N 25 (Loc Mgr)
Grounded due to lease restrictions G N 19 (Fleet)
Maintenance on site M N
On rent O O
Reported as stolen to police P N 19 (Fleet) 03 (Acct Mgr)
Repair at off site garage R N
Sold S S 04 (Acct Mgr) 01 (All)
Transferred to used car sales dept. T N 20 (Op Mgr) 20 (Op Mgr)
Reserved for a specific reservation X A
Assuming that the three accounting clerks do not have access to any of the CARS+ programs that are used to change a vehicle's status, the following observations can be made:
1. Vehicles with Status Codes without a Menu Type Number in either the "TO" or "FROM" fields can be changed by any user.
2. Vehicles with Status Codes C and G can only have their Status Codes changed by users with Menu Types:
ALL
ACCT MGR
FLEET3. Vehicles can be moved TO Status Code P by users with Menu Types:
FLEET
ACCT MGR
ALLAnd they can be moved FROM Status Code P by users with Menu Types:
ACCT MGR
ALL4. Vehicles that have been marked as Sold by error can only be corrected by users with Menu Type "ALL".
3. HOLD CODES
A further refinement of the security involving use of vehicles can be handled through the use of Hold Codes. Hold Codes are optional; that is, CARS+ can operate without using them. However, if Hold Codes are used, they further refine the control of vehicles. Similar to the “Menu Type” number, a “Hold Level” number can also be assigned to each Menu Type. Each Hold Codes is assigned a Hold Level. Therefore, only those users whose User Access File record shows that they have been assigned that Hold Level or one with a higher priority are able to apply a Hold Code to a vehicle or remove it from the vehicle.
Refer to the chapter of this manual titled Introduction to Hold Codes for an overview of the Hold Code logic.