SECTION 7.1.2 - PASSWORDS
USAGE: To change passwords and other user attributes.
DISCUSSION: Note that this option will appear as SETUP USERS & PASSWORDS, if you login as SUPERVISOR and CHANGE YOUR PASSWORD, is you login as a normal user.
Pipeline contains a high-level security password system. Each user must log-in under their assigned user-code. Each user-code has an associated password. This password is encrypted by Pipeline via non-reversible algorithm and stored on disk along with its respective user-code. Both items must be known before the user may successful log-in to Pipeline. Each user may change their password, and are in fact encouraged to do so, to maintain security. The audit trail prints the user-code on each line so that it is possible to track any entry back to a specific user as well as the time and date that it was created. Furthermore, each time a user logs-on or logs-off, an entry is made in the audit trail. This gives the system supervisor an overview of computer usage, even for the users who have logged-in without entering any transactions or modifications, eg. just enquiries.
Pipeline creates a special USER-CODE. This is the supervisory, or top-level, log-in code. It always has the name SUPERVISOR. Only SUPERVISOR may create, deleted or, modify user-codes. Once a user has been assigned a code, they may change their own password. SUPERVISOR can change anyone's password, as well as its own. SUPERVISOR also has facilities to allow or disallow access to any menu option for any user, accept SUPERVISOR itself. SUPERVISOR always has access to all facilities.
SUPERVISOR has absolute discretion to change and rearrange facilities on the system. It is thus imperative to keep SUPERVISOR's password secret. It is also necessary to change it regularly if you suspect that it is known and is being used by unauthorised personnel.
There are no facilities to change or recover SUPERVISOR's password if it has been forgotten.
It is recommended that you always use Pipeline via a user-code other than SUPERVISOR. Keep the supervisory log-in for special system maintenance only and keep SUPERVISOR's password in a safe place, in case it is forgotten.
The PASSWORD MAINTENANCE option is accessed by pressing 3 on the SYSTEM PARAMETERS MENU.
CHANGING YOUR PASSWORD
Upon choosing this option you will first be asked for your existing password. This stops unauthorised persons from changing your password if you forget to log-off when you leave your terminal. The screen will display as follows:
Note that at no stage will the password be display. All that ever appears is a string of asterisks. This stops anyone else seeing your password over your shoulder. However, it also means that you must enter your password blind. If your password requires upper- and lower-case characters, enter it carefully, otherwise it will be rejected. If you do not enter the correct password (including case) you will be returned to the SYSTEM OPTIONS MENU.
Having entered your current password, if you are not SUPERVISOR, you will be asked to enter your new password. As a check, the computer will ask you to re-enter your new password. The screen looks as follows:
Once you have entered, and verified, the new password, the files are updated. Your new password becomes effective immediately.
Changing passwords as SUPERVISOR.
As with other user-codes, SUPERVISOR is first asked for its existing password. This precaution is vital in case you have already logged-in and have left your terminal unattended. Any unauthorised person attempting to use the password routine would then be blocked because they would not know SUPERVISORS's password.
Having entered SUPERVISOR's password, the screen will ask two questions. The screen will appear as follows:
If you answer Y to the first question, the computer will ask:
Enter the user-code of the user whose password you wish to change. As SUPERVISOR, you do not need to know the user's existing password. (This is very useful if the user has forgotten their password or you wish to temporarily lock out a user.) The computer will then ask you to enter and confirm the new password. After this you will be returned to the SYSTEM UTILITIES MENU.
If you had entered N to both questions (above) you will be able to change SUPERVISOR's password. The procedure is the same as for any other user, see above.
Maintaining user attributes
This facility only exists if you log-in as SUPERVISOR. To enter the function, you must answer Y to the second question, above. You will be transferred to the USER MAINTENANCE program where the first thing you will be asked for is a user-code. This is the user-code of the user you wish to set attributes for. It must not be SUPERVISOR itself as the supervisor always has all options available. If you enter a user-code that does not currently exits, you will be asked if you wish to create the new user. When you create a new code, you will need to also supply an initial password, eg. PASS. The user can then change their password to one they might prefer, if required.
A user-code can be any string of letters and/or numbers in upper- or lower-case. The user-code may be up to 10 characters long. It must not contain embedded spaces or start with a space.
A password can be any string of up to 8 characters. The password cannot be left blank but may include embedded spaces. For maximum security, passwords should ideally be at least 5 characters long and be a mixture of upper- and lower-case letters, and numbers. Passwords should not be your date-of-birth, a personís name spelt forwards or backwards, etc. as these can be guessed easily. To protect sensitive information, passwords should be changed regularly. Note that Pipeline has the facility to make passwords case-insensitive. This defeats the security aspect of the password system somewhat but makes the system more compatible with the feel of DOS or NOVELL, which always ignore case. Case-sensitivity is not user-definable, that is, your installation must be set-up in the desired configuration, from the start, by your dealer.
If you require assistance with this facility, contact your dealer for advice. The concept of security and passwords is not intuitive.
If you are creating a new user, the program will ask you if you wish to duplicate an existing user. If you answer Y, Pipeline will copy all the permissions and attributes from the existing user across to the new user. This is particularly useful if you are setting-up a series of user-codes with similar attributes, eg. for a series of accounts personnel or Secretaries.
The screen now appears as follows:
Note that the current user-code is displayed at the top of the screen.
You are now in the DISPLAY MODE. In this mode you can move around the menu structure. This program mimics the menu program in that all the menu options appear, but unlike the real menu program, pressing a number will not actually initiate the option. Instead, the program displays the menu and also displays a Y or N against each option. Those that have an N, are not available to the current user.
To exit from this screen, press <ESC>. The user will have been created and any attributes set will become effective immediately.
If you wish to delete this user press <F3>. This will completely delete the user from the system. Make sure that the user is not currently logged-on. Once a user-code is deleted, the user will not have access to Pipeline. The user can only be reinstated by totally recreating their code.
A special function is available for the SUPERVISOR only. This is a useful option, designed to allow you to report on the current list of users defined in the system. Sometimes this is used when you wish to cleanup the list, ie remove old users, etc. No passwords are revealed by this report.
The screen appears as follows:
Press <F7> to start the report. There are no options in this report. The report lists all users on the password master-file. You can, however, choose to print or display the report, in the same way any other report can.
Setting User Options
The first step to customising a userís attributes is to set-up the options for the user. Press <F4>. The following questions will be asked:
ASK TO PRINT AUDIT-TRAIL ON EXIT? .............. (Y+/N-) [ ]
This question is only relevant if you have chosen to print the audit trail, SECTION 7.1.2. New users are flagged with an N here. This means that, by default, they will not be offered the opportunity to print the audit trail when they exit the MAIN MENU. It will still possible for such a user to print the audit trail via the UTILITIES MENU unless you separately lock out this option from them. To be asked for the audit trail print on exit, enter Y here. Usually, only senior operators will be given the option to print the audit trail.
NUMBER OF SECONDS BEFORE DISPLAYING MENU? .............. (0-9) [ ]
This function does not work with all versions of Windows. The purpose of this function is the flash the option chosen (in the MAIN MENU) before moving to the actual function. This can sometimes assist with newer users because it is more obvious which option you chose. If the value is set to zero, no flashing will occur, ie the program will be started immediately.
RESTRICT USER TO SITE MENU? ................... (Y+/N-) [ ]
This option is stops certain users from being available for the normal menu. If you enter Y here, the USERCODE can only be used for entering daysheets. Normally codes corresponding to Site Numbers are set to Y and everyone else is set to N.
SUPPRESS BEEP IN AUTO-SEARCH? .................. (Y+/N-) [ ]
Before Pipeline goes into an auto-search it beeps to warn you that you have not entered a correct code. (Auto-search can be turned on or off in the SYSTEM OPTIONS, see SECTION 7.1.1.) Some users find this beep useful and some find it annoying. You can choose here whether an individual user will get a beep or not. If you are using Telnet, the beep will never occur.
ALLOW ACCESS TO GROUP 99 CREDITORS? .................. (Y+/N-) [ ]
Group 99 is usually reserved for special Creditor, eg Fuel Suppliers. You may not wish certain users to access these Creditors. If you enter a Y here, they will be locked out.
ALLOW THIS USER TO INITIATE AUTO-JOURNALS? ..... (Y+/N-) [ ]
At the beginning of the day, Pipeline checks to see if there are any auto-journals to be applied. This is checked once a day by the first user to log in, if that user is SUPERVISOR or if the current option is set to Y for that user. There is a delay while Pipeline is checking for auto-journals. This delay might confuse certain users, so the option is set to N by default. Then you can set it to Y for any of your more senior employees or just leave it till you log in as SUPERVISOR.
ALLOW THIS USER TO UPDATE PUMP TOTALS? .................. (Y+/N-) [ ]
When modifying a site layout, you can overwrite the pump totals. However, you can only do that if this option is set to Y.
ALLOW SUPERVISOR OVERRIDE RIGHTS? .............. (Y+/N-) [ ]
There are certain functions that can only be entered by SUPERVISOR. These include, overriding stop-payments, re-initialising last-journal dates, etc. You can also allow other trusted employees the right to enter these functions if you reply Y here. Note that only SUPERVISOR can update this field so SUPERVISOR still has ultimate control.
ALLOW DUPLICATE WARNING IN PURCHASES? .............. (Y+/N-) [ ]
When entering a PURCHASE, Pipeline tests for duplicate reference numbers, etc. Normally, this will stop you from entering a PURCHASE. If you enter a Y here, only a warning will be displayed and the PURCHASE can continue. This permission should only be given to managers.
ALLOW THIS USER TO UPDATE NOTES IN ENQUIRIES? .. (Y+/N-) [ ]
Normally, Debtor, Creditor, etc. notes can only be updated in the MODIFY option. If you also wish to allow updates in ENQUIRIES, enter Y here. Note that this can be set user-by-user and that the SUPERVISOR automatically has this feature enabled.
To exit from this screen, press <F10>. If you press <ESC> instead, you will also leave this screen, but no update will have occurred.
Hint: If you have changed attributes of your system, eg you are now using multi-company, the user options can contain values that are incompatible with the new setup. If you have issues with say, banking, enquires to SUNDRY, etc., simply bring up the OPTIONS screen and make sure that each value has something sensible in it. It is also possible that the current information is some leftover rubbish. This will not display on the screen, so you should <Enter> past each field and then update. Try then logging in as the user and make sure that everything works. You will then need to do this to every user.
Locking out an option
You may move around in display mode until you display a screen that contains functions that you wish to lock out. Pressing <F2>. This will change you into the EDIT MODE. In this mode you are able to change the user's access to the displayed menu options.
The screen will appear as follows:
The options are:
Y+/N-††††† Each option has a yes/no switch on the same line. To make the option available choose Y, otherwise choose N. Note that if you choose to lock-out an option which is itself a menu option, the entire branch of the menu becomes unavailable to the user. Eg. locking out DEBTOR REPORTS will lock-out all ledger reports. If you wish to lock-out only some reports, enable DEBTOR REPORTS and then choose DEBTOR REPORTS in DISPLAY MODE, and finally, choose which particular reports you wish to lock-out.
<F4>†††††† This will make all options on this screen available to the user. Any locked options will be unlocked.
<F5>†††††† This will make all options on this screen unavailable to the user. All options will be tagged as locked.
<F10>††††† This will save your changes and return you to the display mode.
<ESC>††††† This will abort any changes you have made and return you to the display mode.
If you wish to lock all options for a whole menu, eg. all report options for DETOR transactions, it is more efficient to lock the option on the previous menu. This will also have the effect of not allowing the user to display the locked menu.
Leaving the User Maintenance Option
Having created the user, their options and permissions, press <ESC> in display mode until you have returned to the ENTER USER-CODE question. From here you may either enter another user-code or press <ESC> to be returned to the SYSTEM UTILITIES MENU.