QAT SECURITY
Learn more -> Benefits - FAQ - Brochure- Features

QAT Security is a component that is used to implement full security authorization services into applications and SOA Frameworks. Developers can use this system to quickly secure any Window, Service, Function, Field or Control in combination with any value of data in an application.

Multiple System Support
Duplicating the database for each system that requires security is no longer necessary. QAT Security supports multiple systems. Users and user groups can also be shared across multiple systems.

High Performance Validation Routines
All validations are run against a set of high performance, de-normalized tables. The validation tables and administration tables are kept in-synch at all times. You no longer need to be concerned with updating the validation tables.

Automatic Window Identification
The window entity supports tran-id that can be set from the TRANID function in your procedures. This will help the developer to implement security without hard coding authorization codes.

New Ways to Validate with Secured Data – User Group Qualified Flag
When a Secured Data Value is defined for a Window function, it can be qualified to require user validation. In this case, the Window Function is associated with a User Group Secured Data Value or Function Group Secured Data Value. There are 2 types of validations.

• Static Validation – The Secured Data value is compared against the User Profile for the current user to determine the security authorization. For example, to approve a purchase order the current user must be a Manager. The Window Function Secured Data element, Authorization = Manager is associated to a User Group Secured Data element, Role. For security to be authorized in this case, the current user must belong to a User Group and have the Secured Data element Role = Manager. The above case also applies to Function Group Secured Data, as long as the Function Group in question is associated to a User Group.
  
• Dynamic Validation – The Secured Data value is compared against a runtime value provided by the secured application. This value is then compared against the associated Secured Data element.

User Defined Functions
The developer and security administrator have complete control to secure the functions that a window will use. Your application will have more functions than the standard create, read, update, and delete functions. For example, your application could have a copy, approve, and even a hidepay function. The functions can be shared across windows and systems. As you build your functions, you can categorize them as a read-only function or a function that modifies the database. Utilizing a special feature in the validation routine, you can then set a flag on the user entity that will only allow that user security to the read-only functions on all windows.

Secured Data Values
In addition to securing your windows by functions, you can also secure them with values within your application or by User Group and / or Function Group characteristics. This moves the security logic from the developer's code to the Security Application. The developer does not need to understand the security rules.

Examples of Secured Data Values are Role (Manager, Supervisor, etc.) or Purchase Limit ($10,000)

We support:

• = Equals
  
• <> Not equal
  
• > Greater Than
  
• >= Greater or equal than
  
• < Less than
  
• <= Less or equal than
  
• Contains (text string)
  
• Between (number or date range)
  
• In a Group

Complete Audit Log
A complete audit log tracks all security administration on the system. The date, time, security administrator, and a statement of the change are captured. For example, you will see a statement “User 12345” added to user group Payroll Group. The log view window allows the log records to be archived.

Every table change made in the QAT Security system is audited. Table changes can be viewed on SEC015 Security Change Log. The audit records are written in an English statement. Each audit record is stamped with the time, date, user making the change, and the keys to all data records involved (even if the key is not built into the statement).

Troubleshooting Tool
The system provides a powerful troubleshooting window that allows the administrator to trace a user's activity. This will help an administrator determine why a user cannot access a particular function on a window.

Developer Trace Utility
The application developers have the responsibility of implementing code into applications. This requires significant testing. A utility is provided for the developer to test scenarios without viewing all the windows in the security system during testing. For example, if a developer is having trouble with security on a particular window, the trace utility will be run to determine exactly what the security system is returning for the user on a particular system window.