Fourth Shift™ SQL Security    

     There are 3 levels of Fourth Shift™ SQL security to consider:

• SQL Server: the login credentials determine database objects access
• Windows: The windows login credentials are used to determine file and folder access and permissions to determine tasks that can be performed
• Fourth Shift™ application: Internal security level to determine the screen and modules available to users. This level is separate to Windows and SQL server security

Fourth Shift™ Windows security

     It is advisable to configure a Fourth Shift™ group in Windows Active Directory. This simplifies administration required to add or remove Fourth Shift™ users. The Fourth Shift™ root folder should be configured as a shared folder (right-click-properties). The Fourth Shift™ windows group configured in Windows Active Directory needs to be given permissions to the Fourth Shift™ shared folder. Move to the Sharing  tab, set the share name and click on the permissions button:

     The Fourth Shift™ windows group should be give full control permissions for the Fourth Shift™ shared folder.

     Individual Fourth Shift™ system folder permissions for the Fourth Shift™ User group should be set as follows:

     Each folder should as default inherit the permissions from the folder above it. Confirm the permissions for each folder (right click and properties) and move to security tab. Confirm you have the correct permissions set for the Fourth Shift™ windows group:

Fourth Shift™ SQL Security

     The Fourth Shift™ windows group can be configured as a SQL Server login name:

     Assigning the Fourth Shift™ user role FSUser and FSReportUser to the Fourth Shift™ SQL login name will give the required permissions for all database objects in the SQL database. 

     The main advantage of configuring Fourth Shift™ SQL security in this manner is to manage Fourth Shift™ users in one place effectively by adding or removing users from the Fourth Shift™ windows group in Windows Active Directory.

Fourth Shift™ application security

     The PASS Fourth Shift™ screen is used to manage Fourth Shift™ users and passwords in the application. Simply F6 to add a new user with user id, password, access code and user description.

NOTE: Fourth Shift V7.3 the passwords are case sensitive.

     The access code determines which Fourth Shift™ screens users have access to use. It’s very easy to get messy here. Access codes should be a single alphabetical digit which represents typically a department or part of your business:

• P – Purchasing
• M- Manufacturing
• S – Stores
• E – Engineering
• A – Accounts

     The access codes are assigned to Fourth Shift™ screens on the FCMT screen.

Tips:

• Always configure Fourth Shift™ security on a pilot system initially
• You need to log out of Fourth Shift™ and log back in for security settings to take effect
• It is advisable to put a * which represents full rights for Fourth Shift™ administrators
• It is advisable to put a * for menu and commonly used screens such as BSET and BEXE
• Don’t forget to assign detail screens such as ITM1,ITM2,ITM3 and ITM4

Fourth Shift™ SQL Security advance topics

Using Fourth Shift™ remotely

Fourth Shift™ and Firewalls

Fourth Shift™ data object permissions 

Need help with any of these topics?

Why we can help?

40 years of real-life Fourth Shift™ experience

Fourth Shift™ consultants with Softbrands for 6 years

Quick fixes are FREE

Griff & Jones have been helping for 10 years