Password facilities are granted to high-level passwords only, and provide for the creation, amendment and deletion of subordinate passwords, and for enquiring upon them.
Any subordinate password can only be created/amended with a sub-set of the facilities available to the creating/amending password. Thus, if a password does not have the facility to add a new supplier/customer record to the database, it cannot create a subordinate password which does have that facility.
The new password must be at least as long as the creating password, and must start with the same three characters. The Case of the characters is significant.
Any password created must have a lower priority level than the creating password, but can be assigned to any language selected from the Account Languages list. Assuming the password has the same language as the creating password, it can inherit the current user interface if required. However, passwords assigned a different language inherit a standard interface for that language. Depending on the language chosen, the new password will automatically default to Help files in the directory for that language (i.e. a password assigned to language EN will default to help files in directory /EN/.
As all text presented to a user can be tailored, there is nothing to stop a password assigned to EN having text translated to another language.
If the language assigned to a password does not yet have an available translated version, the text/help will be in EN anyway until the translation becomes available.
New passwords can only access a sub-set of those companies in the Group which were available to the creating password.
Generally, as new passwords are created and the priority level becomes lower, some facilities are automatically withheld from them, password facilities themselves being a case in point.
Initially, each new Account on a Rimsco Server is provided with a master password from which all other passwords stem. This password should be used only once (to set-up the Account Overseer Password) and then locked away securely for emergency use only. The Account Overseer is responsible for maintaining all other passwords (which are subordinate) and is the contact with whom Rimsco corresponds.
The master password will give access to an agreed set of facilities for the Account, although other facilities may be present on the system but unavailable. From time to time, Rimsco may introduce new facilities which will be available to the master password and can, if required, then be conferred on the Account Overseer Password and so on.
Users having passwords without Password Facilities do not see the password facility screen. Similarly, users with access to only one company do not see the company selection screen. This is generally true of all facilities, they are only shown to authorised users.
All passwords created have an expiry date not later than the expiry date of the creating password. It is very much in the interest of the Account Overseer not to allow passwords to exist for long periods, nor to assign facilities to them (such as password creation) which will create a security problem. The entire security of the system depends on maintaining password security!
When a password is created, it is assigned an identification number, usually from 1 to 999,999. This is used for internal system password identification, and is only of use during password maintenance when a password may be assigned to a governing password by entering the governing password’s number as the “governor”. When a non-zero entry is made for a password’s governor, the password is only permitted to sign on when the governing password (identified by its number) is actually signed on.
Any password may be assigned to a single IP address or a range of IP addresses. The password can then be used only from the designated IP address(es).
New passwords may have an initial PIN number of 0000 and the user is expected to supply a PIN number of their own choice. If this is forgotten subsequently, the password is lost. Entry of incorrect PIN numbers to the system result in the password being "locked-out" for increasing time intervals until finally the password is deleted. Meanwhile, these attempted security violations are recorded/reported.
Passwords with an initial PIN of 0000 and with an associated telephone number entered may have a dynamic PIN which varies randomly with each use. The current PIN is communicated to the user after entry of the password by a SMS text message. This is recommended for users with mobile phones who access the systems from roving locations including internet cafes or for demonstration purposes on other peoples' computers.
A user should always be identified uniquely, and in the case where the same user has multiple passwords (i.e. is allowed to run multiple browser windows accessing different parts of the system simultaneously), should be identified separately for each password, e.g. "A. User (1)", "A. User (2)", etc. This allows the user's different persona to be recognised in security reports, logs, etc., and for identifying time usage on the Account.
A password may be assigned to a specific “environment”. If a number from 0001 to 9999 is entered as the password’s environment, then the password (if permitted by password parameters) may only export its environment to and import its environment from that particular environment number. If zero is entered, the password can choose the exported/imported environment. The environment dictates the content and appearance of all text in fields and associated graphics/actions (on click, blur, etc.).
Main Help Document