Mainsaver Security Permissions

Challenge:

There are hundreds of application security permissions that may be enabled or disabled for a User Group in Mainsaver.  Rather than waiting for an audit or an incident where data in Mainsaver was changed by someone who should not have access, take the time now to review these important security permissions.

Methodology:

User Group security is changed in System Administration under ‘Security and Settings.  Every login ID in Mainsaver must be in at least one user group or all security options will be available.  Below are several application security settings which should be set for each group appropriate to their functional role.

Figure 1: Under Asset module, if user is not authorized to create work orders it must be disabled here as well as the Work Order module.

Figure 2: Under the General section, turn off main menu options as appropriate.  Also, few users should have the ability to create and modify global queries in order to keep the query lists clean.

Figure 3: Under the General section make sure the ‘add on the fly’ options are turned off.  This allows users to add new fields to dropdown lists such as cost center, account and manufacturer.  Results in too many data and erroneous data values.

Figure 4: Under the Work Order module, a user group should have Complete or Close functionality as appropriate but typically not both.  Remove ‘Mass-Close’ from most user groups as this function in intended to quickly close a large number of work orders and if chosen by mistake would be a time consuming endeavor to undo.

Figure 5: In the Work Order module, ‘Table view – Delete’ will grant the user group the delete button on the table view.  ‘Re-open Work Order’ will allow a user to change a closed work order back to Open.  ‘Asset Status Change’ will allow the user to change the asset from in service to out of service which is fine however often times they forget to put the asset back in service.

Figure 6: If work requests are not used, turn off all options.  Inevitably, someone will create a work request thinking they are creating a work order.  Best to remove that probability through security.

Benefit:

Preventing user groups from adding, changing, or deleting records keeps the database cleaner and more secure.  In addition, making menu options invisible simplifies the main menu and ribbon menus.