Introduction
BusinessCraft provides a range of system security options to ensure that access to the system can be controlled to meet industry standards including ISO27001.
Separate Security Setup guides provide details on all aspects of Security Setup within BusinessCraft including Companies, Groups, Users, Profiles, Remote Users, Access Levels, Workstations, Connections, License Viewer, Registry, Emailing, Saved Reports Purge, Printers, Audit, Menus, Help and Menu Setup Mode. This guide explains the Supervisor Options within Security Setup in BusinessCraft.
There are a range of options available – each will be explained in detail:
Disable User Security
Disable Company Security
Default Company
Supervisor Password
System Lock
End of Period
Setup
Password Rules
Non-Compliance Audit
Please note that access to BusinessCraft Supervisor Options can only be accessed by the Supervisor user login or by a user with access to the Supervisor Options menu.
The Supervisor user login is a special login created when BusinessCraft is installed with a default password that is encrypted in the QSHSYS file using the Password-Based Key Derivation Function (PBKDF). The default password can be changed in Supervisor options.
Passwords must be at least 6 characters long and contain characters from at least 3 of the following 4 Categories: Uppercase, Lowercase, Number and/or Symbol.
Security System Setup Information Screen
To access Supervisor Options, in the Navigator go to Security Setup > General > Supervisor Options and the Security System Setup Information screen is displayed:
Each section of the screen will be covered in the remainder of this document.
Please note Security System Setup Information applies to all datasets for the BusinessCraft installation, not just the one logged in.
Disable User Security
The Disable User Security field is used to indicate whether User Security is disabled () or enabled (no tick). By default, User Security is enabled and the Disable User Security field is not ticked.
Ticking this box provides access to all datasets for the BusinessCraft installation without the need to supply a User Name and Password and is not recommended.
Disable Company Security
The Disable Company Security field is used to indicate whether Company Security is disabled () or enabled (no tick). By default, Company Security is disabled and the Disable User Security field is ticked.
Unticking this box requires users to provide a Company Password in addition to a User Name and Password to access each dataset for the BusinessCraft installation.
Prior to enabling Company Security, it is highly recommended that Company Passwords are set in advance by going to Security Setup > Companies > Company Passwords.
Default Company No
The Default Company Number field provides the option to enter a Company Sequence Number so that when a user logs in the Company field automatically defaults to the dataset for that Company Sequence number.
Supervisor Password
The Supervisor Password Panel provides the option to record a new Supervisor Password (conforming to the password criteria described in the Introduction section of this document) and to set the Password State. An information message shows the duration before the current password expires.
If a new password is entered and it does not meet the minimum password criteria, the password will not be changed and a confirmation message is provided including the criteria not met.
If the new password meets the minimum password criteria, a prompt is provided to re-enter the new password.
If the new password is re-entered correctly, the password is changed, the Password State is set to V and the password is set in accordance with the Password Rules. An information message shows the duration before the new password expires.
If the new password is not re-entered correctly, the password will not be changed and a confirmation message is provided advising the passwords did not match.
The available Password States are:
Valid Password (V) | A new complying password has been created and is required to login. |
Password Required (Y) | A password is required to login. |
Temporary Token Allocated (T) | A Password Reset Token has been created and the existing password has been cleared. |
No Password Required (N) | A password is not required to login. |
Not Set (blank) | A password is not required to login. |
System Locked
The System Locked Panel provides the option to lock access to all datasets for the BusinessCraft installation with a reason for the System Lock.
When a System Lock is active, after a user logs in to BusinessCraft, they are provided with a pop up message advising the System is Locked, including the reason for the lock and will be required to enter the Supervisor password to gain access to the dataset.
End of Period
The End of Period Panel provides the option to determine whether a password is required to access End of Period screens including setting an End of Period password or creating a new End of Period password.
When End of Period is enabled, users accessing End of Period screens will be prompted for the End of Period password before they will be able to proceed.
Setup
The Setup Panel provides the option to determine whether a password is required to Setup screens including setting a Setup password or creating a new Setup password.
When Setup is enabled, users accessing Setup screens will be prompted for the Setup password before they will be able to proceed.
Password Rules
The Password Rules Panel provides options to define Password Expiry Durations (in days), Maximum Number of Failed User Login Attempts and the duration (in Minutes) that an account is locked out after reaching the Maximum Number of Failed Retry Attempts.
Non-Compliance Audit
If a change is made in the Security System Setup Information screen that does not meet the Recommended Minimum Security Settings, a pop up screen alerts the user making the change:
Options are provided to observe the warning and apply the Recommended Minimum Security Settings (Apply Recommendations), to save the changes that have been made (Save) or to Cancel.
If it is determined to save the changes made even though this breaches Recommended Minimum Security Settings, a Non-Compliance Audit record is recorded in the panel.
Revision 1
7th August 2018