QAT SECURITY FAQ

Is duplicating the database for each system that requires security necessary?
Duplicating the database for each system that requires security is no longer necessary. QAT Security supports multiple systems. Users and user groups can also be shared across multiple systems.

Is user validation flexible?
The user validation routine included in the system is extremely powerful and flexible. When a Secured Data Value is defined for a Window function, it can be qualified to require user validation. In this case, the Window Function is associated with a User Group Secured Data Value or Function Group Secured Data Value. There are 2 types of validations.

• Static Validation — The Secured Data value is compared against the User Profile for the current user to determine the security authorization. For example, to approve a purchase order the current user must be a Manager. The Window Function Secured Data element, Authorization = Manager is associated to a User Group Secured Data element, Role. For security to be authorized in this case, the current user must belong to a User Group and have the Secured Data element Role = Manager. The above case also applies to Function Group Secured Data, as long as the Function Group in question is associated to a User Group.
  
• Dynamic Validation — The Secured Data value is compared against a runtime value provided by the secured application. This value is then compared against the associated Secured Data element.

How much control do we have over security functions?
The developer and security administrator have complete control to secure the functions that a window will use. Your application will have more functions than the standard create, read, update, and delete functions. For example, your application could have a copy, approve, and even a hidepay function. The functions can be shared across windows and systems. As you build your functions, you can categorize them as a read-only function or a function that modifies the database. Utilizing a special feature in the validation routine, you can then set a flag on the user entity that will only allow that user security to the read-only functions on all windows.

Is the only way to secure windows by functions?
In addition to securing your windows by functions, you can also secure them with values within your application or by User Group and / or Function Group characteristics. This moves the security logic from the developer's code to the Security Application. The developer does not need to understand the security rules.

Examples of Secured Data Values are Role (Manager, Supervisor, etc.) or Purchase Limit ($10,000)

We support:

• = Equals
  
• <> Not equal
  
• > Greater Than
  
• >= Greater or equal than
  
• < Less than
  
• <= Less or equal than
  
• Contains (text string)
  
• Between (number or date range)
  
• In a Group

Can we track security administration?
A complete audit log tracks all security administration on the system. The date, time, security administrator, and a statement of the change are captured. For example, you will see a statement “User 12345” added to user group Payroll Group. The log view window allows the log records to be archived.

Every table change made in the QAT Security system is audited. Table changes can be viewed on SEC015 Security Change Log. The audit records are written in an English statement. Each audit record is stamped with the time, date, user making the change, and the keys to all data records involved (even if the key is not built into the statement).