Implementing User Security


Here we are in our second month of the year! I hope everyone is keeping to their resolutions out there. Even though it is a little after New Years, there is one resolution that you might want to consider adding to the list. That resolution is better user security in ESC. One of the most popular New Year’s resolutions is weight loss, and I will explain to you how to trim the “fat” on what information your users can see. If you think about it, do you want all the people in your office having access to your technicians pay rates, or a technician able to see all your sales data? Probably not, so let’s take a closer look at what you can do to control this.

First, you need to know how to get to the user setup screen. To do this, you will need to click on the Company drop down menu and choose Setup Users.  From here, you can either choose to add a new user or edit an existing one. For this article, we are going to start from scratch, so choose Add New. The first screen that appears gives you the ability to link a user’s Active Directory account with their ESC account.  If you are using our preferred method of connecting to the database, SQL Authentication, you can bypass this step and click Next.  If you are using Windows Authentication, make sure you are creating the user on the server computer and select the domain user using the Find User button. This will make it so that the user will have to be logged into the workstation with their network profile before they can use their ESC login information successfully.

The next step in this process is to create the ESC username and password. You can put in whatever you like for the username. If you used Windows authentication to enter a name on the first page it will automatically appear here, although you can change it at this point if you wish. Use a strong password to achieve maximum security. To create a strong one, use many different types of symbols, numbers and letters. Also avoid using personal information or very simple words like “God” or “Love”. The point of a password is to make it difficult for someone to use your account to access information that they are not supposed to see. The only other thing on this screen to make note of is the “Associate to Tech” field which is only used if you are using one of our mobile/internet add-ons.  This will give the user the ability to be an ESC Mobile, Mobile Web, and/or Front Office user. Now that we have finished this, let’s click “Next” and go to the final step.

Finally, the meat and bones of this whole thing, is the permissions.  As you can see on this screen, we have every module in ESC including some others (Company, Utilities, Mobile, etc.). This is the screen that allows users to see or not see certain information.  For the normal modules, they are broken into three sections which are Screens, Reports, and Utilities (which can be accessed by clicking on the + symbol next to the module in question). Screens gives you the ability to get into the module, see information, and possibly manipulate and delete it if needed. Reports is pretty simple, they allow you to choose which reports for the specific module a user can see. Utilities gives the user the ability to modify defaults and functionality of the module. There are a few special sections that are not exactly modules in ESC; those are Company, Dashboard, Utilities, and Mobile. Company and Utilities give you the ability to manipulate defaults that affect the program as a whole and to import and export information. Dashboard lets you see some financial and sales information when you log into ESC.  Mobile is for the mobile/internet add-ons. Changing the permissions in here will determine if a user can or cannot log into the add-on software.

Now you have all the information to create user roles in your business that will allow you to limit what information users can access.  If done correctly, this will also limit the chances of data being entered or manipulated incorrectly and even if it does happen, it will limit the responsibility to a selected few.  Play with the settings and see what works best for your company.

Written by Vishal Bikhari
Featured in February 2010 Newsletter


0 people found this helpful



Please sign in to leave a comment.