Print this page

The Concept of Pericles System Security.

    Each module in Pericles is assigned its own security setting. There are three levels in each module: the system level, the procedure level and the record level. The security setting of each module is independent and will not have effect on each other. The security setting for this module can be system level while it can be record level for the other.

    In system level , you can specify those users who have access to a module. the systems specified are those a user is granted access to.

    In procedure level, you can specify those users who have access to the procedures of a system . Presumably, a user can have access to all procedures except those specified. Therefore, the procedures specified are those a user is denied access to .

    In record level , you can specify those users who have access to the records of a procedure.

    A user who creates a record such as an invoice or a sales order is the owner of the record and the user name will be recorded in each record.

    Users are grouped into different groups with different group access levels assigned . a user can belong to more than one group.

    Users of the same group will have the following restrictions. A user with a higher group access level can read records created by a user with the same or lower group access level. However, a user with a lower group access level cannot read records created by a user with a higher group access level.

    Users of different groups are not allowed to read records created by users of other groups regardless of their group access level.

    With the above access definition, there is a possibility of a conflict of access right as indicated by the following example.

    User A and user B belong to group 1, and user A has a higher group access level than user B. at the same time, user A and user B belong to group 2, and user B has a higher group access level than user A. In other words, in group 1, user A can read records created by user B, but user B cannot read those created by user A. In group 2, user B can read records created by user A but user A cannot read those created by user B.

    To resolve this kind of conflict , the computer will grant access rights to both user A and user B.Both users can read records created by each other in the groups they both belong to.