Security Function Maintenance

From Documentation
Jump to navigation Jump to search


Overview of DDI47SET

DDI-Connect allows you to establish security for each module, and in some cases, down to the function and field level. This allows you to customize security for individuals, based on your organization's job duties. Understanding how the security is set up and managed is critical to the overall functionality of your DDI-Connect system. For a complete list of DDI Connect security functions, please reference the Security Function data dictionary, located here: Security Function Data Dictionary. DDI recommends that you establish security levels on the basic functions (such as AP, NA, or IN) rather than assigning individual security functions to your users. While it can be done, it makes troubleshooting security more difficult.


Module/Function Security

NOTE: You must have system administrator security in order to access the Security screens. If you are not able to access these screens, please contact DDI Client Support for assistance.


It is important to note how the security levels work within DDI. The only number that has a set value is 9, which is the administrator level. Otherwise, the values associated with a level are entirely controlled by the organization. See the examples below:


Your organization defines three levels of Finance personnel. The first group has the ability to do inquiries and view all information, but cannot modify anything. The second group has the ability to view all information and modify just certain screens. The third group has the ability to view and edit all screens. Based on these levels, you decide that:

  • Group 1 will be assigned a security level of 1 for the modules/screens they have the ability to view
  • Group 2 will be assigned a security level of 1 for the modules/screens they have the ability to view and a security level of 5 for the modules/screens they have the ability to edit
  • Group 3 will be assigned a security level of 8 for the modules/screens they have the ability to edit


NOTE: If you have system administrator access, you can click Admin on the toolbar and select Security.


  • From the DDI Connect main menu, double-click Supervisor Menu
  • Double-click System Administration. You will now see this screen:


System Administration Overview.png


Double-click the Security icon. You will now see this screen:


Security 1.png


This is the initial security screen. The system defaults to showing you the security for the overall DDI module. If you click the drop down arrow to the right of the Module field, you'll see a list of the different modules:


Security 2.png



Select the module that you wish to review. For example, if you're establishing security for the Name/Address module, that is the one you would select from the list:


Security 3.png


As you can see, there are a number of options available to you. each line has three columns:


Function Description Groups
This is the actual security function name. You will use this name when assigning security to a user, or anywhere else that you wish to establish security The description gives you a brief explanation of what the security function controls Groups establishes who has security access to the function in question. The various settings are described below
  • GroupName/number, as in NA/3, indicates that to use the function, the user’s group list must contain the GroupName (NA in this example) at a security level of the number or higher (3 in this example). The GroupName can also take on the user’s default security level. Where more than one GroupName is listed separated by commas, either is required. For example, if you see NA/3,YB/5 in the Groups column, that means that the user must have either a security level of 3 for the NA function OR a security level of 5 for the YB function


  • !GroupName/number, as in !YB/9, indicates the group must be set up with the exact group name and security level or higher, and it cannot take on the user’s default security level. For example, if you have !NA/8 established as security, only those users with a security level of 8 or 9 can access that function, and the security must be explicitly set up in the user's security levels, rather than just having an 8 or 9 in the default security field
  • #FunctionName, as in #NAUPD, indicates the function takes the same security level as the named function (function NAUPD in this example). The intention is that if the user is given the security level for the named function, he/she also has access to all functions referencing that name.
  • A blank indicates no security level is applied (i.e. a security level of zero).


Editing a Security Function's Levels

  • Double-click on the function. You will see this screen:


Security 4.png


Note that you are not able to change either the function or the description - this is established by DDI developers. The only field that you are able to change is the Group/Level.

To add security to the function, type the group security you wish to use. For example, you might wish to use #NA (to force the security to inherit from the NA security function), !NA/5 (to require that a user have specific security on the NA function of a 5 or higher, or NA/5 (to allow security to inherit from the user's default, as long as the default security is a 5 or higher).


Click OK to save your changes

Retrieved from "https://wiki.ddi.org/ddiconnect/index.php?title=Security_Function_Maintenance&oldid=9028"