The User Access screen enables
Store Administrators to set-up users access rights to the various application
screens and features. Access Control is implemented at the menu item-level and
is granted or revoked with a click of the mouse. Unauthorized menu items
are not visible to users. Administrators can always see all available menu
items. Menu items pertaining to higher-feature contents packages (such as
Silver or Gold) are displayed grayed-out and link to an upgrade page. Upgrade
items are visible only to Store Administrators.
Important Notes:
1. Unless a
dedicated server is used, the Service Provider Administrator only (not the
Merchant) can set-up login accounts since administrative authority on the
server is required to do so. Merchants can only use already defined logins
when defining Admin Center access rights.
Renaming login accounts may cause one of the following situations to
occur:
- Locking the user out
of the store until the correct login name is restored.
-
Transferring control to the store to another user if a matching login
exists for the same domain.
2. The security module is not available to Bronze packages. All users of
Bronze packages have Store Administrator status by default. Full upgrade to at least the Silver package is required to enable user access
control.
Store Security Architecture:
ezStore123/MerchantComplete relies on the server's Operating System
security. In other words, an Administration Center user must be declared as a server user first. This philosophy
gives all latitude to Service Providers to set-up user security and grouping as they see
fit in the context of their network environment.
In Windows NT/2000/XP Server, users are authenticated when they log on to the
Administration Center using one of the following methods:
- Basic Authentication: The user is presented with a 'Log-on' box, requesting
user name and password.
- Integrated Authentication: The server authenticates the user by matching
workstation user name and password. This assumes the user log-on and
password are identical on the workstation and on the server (or domain server).
In this case, the 'Log-on' box is by-passed.
When a user successfully logs-in using either of the methods described above,
the Administration Center looks up the user login ID in its internal
security table and derives the specific access rights for this user. Since the
Administration Center trusts the Operating System security, there is no need for
the e-commerce system to maintain a copy of the user passwords, which further enhances
security. This screen is the interface to the Store Administration Center security system.
Service Providers & Integrators:
Setting up a store administrator: Initially, the system database is empty and therefore no Store
Administrator exists. In order to allow set-up of an Store Administrator,
user access control to the Administration Center must be set-up as
'Anonymous'. This will grant administrative rights to anyone accessing the
store Administration Center and will allow set-up of a Store Administrator
record (see below).
We cannot stress enough the importance of 'locking up' the Administration Center
as soon as the Store Administrator is created. We strongly recommend to
log-on to the Administration Center immediately after user authentication
has been enabled to verify that the users set-up in the ezStore123/MerchantComplete security
database are consistent with the planned application. A malicious user
could have set-up an Administrative account as the security set-up was being
performed, since the site was 'wide-open' during that time.
| Field Name | Description |
| User Login |
Enter the user's local login ID on the server (or //domain/login ID if a domain controller is used). |
| Administrator | Click the checkbox to grant this user access to all functions in the system. Multiple administrators can be set up as the system tracks user activity by login ID. |
| Menu Item Selection List | The list will
display 'Granted' and 'Denied' menu items as follows: 1. List of menu items that the user is authorized to access. Special markers indicated the various menu sections. 2. List of menu items for which access is currently not authorized. Granting access to menu items: Hold the 'Ctrl' key and click ON items from the list of items currently denied. The items will be added to the list of authorized items when you save the record. Revoking access to menu items: Hold the 'Ctrl' key and click OFF items from the list of items currently authorized. The items will be removed from the list of authorized items when you save the record. All changes are effective immediately and will automatically apply next time the user clicks on any of the main menu items or refreshes the browser. When revoking Store Admin rights, the system will wait until the former administrator's browser is closed to apply the security changes. This addresses situations where changes in access rights could cause a user task to be interrupted and create inconsistencies in results or data entry. |
Plug-Ins Menu Items &
Security:
Menu items belonging to the 'Plug-Ins' section (if available) are not controlled
by the security system and are always available to all users. The
'Plug-Ins' section typically contains application plug-ins and/or custom
functions that may not have been developed by //digital things. If
security control for the 'Plug-Ins' section is necessary, please contact your
Service Provider.
| Command Button | Action |
| Save | Save the changes and exit. |
| Cancel | Exit the screen without saving changes. |