Using Security Groups to Establish Internal Controls author avatar

Taking the time to set up effective security groups is important for having good internal controls. These internal controls can make your accounting department more efficient when you have multiple people working in the same dataset.

 

Why Security Groups are Separate and Different than Server Logins

When you access the accounting system I am sure you have noticed you need to use two sets of credentials. You use your server credentials on the blue/green login screen and then your dataset credentials after selecting the company you are logging into (if you need to use the server credentials twice you can click the “remember my credentials” box or call PROCAS Support at 410-730-4011 extension 2).

There are two login screens because certain users have access to multiple company datasets. These users are typically 3rd parties that provide bookkeeping or CPA services. These users may have different levels of access depending on which company’s dataset they are working in. Because of this, access rights in a dataset are determined by your dataset credentials. These credentials are controlled by you, not by PROCAS, through the Security Groups and Users menu items under System > Company Setup.

 

To set up security groups you will want to open both the Security Groups and Users forms under the System menu. The Security Groups form is where you set up access rights for everyone in a group. The Users form is where you establish login credentials and assign them to a group.

 

How to Set Up Security Groups

On the Security Groups form, either navigate to an existing group that you want to modify, or insert a new group and start from scratch. The header information on this screen contains the code for the security group with the description next to it (Red 1). Most of the screen contains a list of forms on the left and the access rights for that form listed next to it (Purple 2).

 

For users that should have edit rights in all parts of the accounting system, you can use the default controller group. This group has access to most parts of the accounting system by default. If you want to establish a group with very restricted access, I recommend starting with a new group. First, find the menu items you want that group to have access to, and then reference Appendix B of the Accounting User’s Manual to find the code for that form. I will set up my Example group with access to everything in the AP menu of the accounting system to show how it works.

 

Appendix B is organized to match the menus in the accounting system. Once you find the menu you want, look for the code of that form in the appendix. Type the code in the form column of the Security Groups screen and select the type. The options are Edit, View, and None. Having a form not listed on the screen is equivalent to having the None option selected.

 

**Note** Access to the GROUPS and USERS forms should be very limited. Anyone with access to these can change access rights and thereby has access to everything in the accounting system.

 

Setting up User Logins

Now that you have established security groups for the different levels of access you want to give people, it is time to establish logins and passwords for your users. There are two ways that people usually set these up, and I will try to give the pros and cons of both. You can set up a separate login for each individual user, or you can set up one login for each access group.

Setting up each individual user with a separate username/password is slightly more work during implementation or employee onboarding. However, this makes it easier to manage changes in access rights and terminations without compromising data access rights. If someone is terminated and they did not have access to the Security Groups or Users screens, you only need to remove their user from the Users table.

Setting up one login for each level of access might seem easier during set up because you can give new employees the credentials for their department without requiring a change in the accounting system. However, this can cause a headache when employees are terminated. When there is a termination you should really change the credentials for that group, and that will inconvenience other users.

 

Third Party Security Groups

Setting up security groups for third parties is especially important. A lot of times, but not always, third parties are given access to most parts of the accounting system. It is possible to copy the default “controller” security group settings and remove the GROUPS and USERS forms from the list. This will allow people in this group to access most of the accounting system without seeing your company’s usernames and passwords. If your third party will be setting up new users for you, then they will need access to these screens.

Giving third parties a separate security group without access to credentials is important because it gives you control to modify their access as needed. Regardless of setting up these credentials, PROCAS Support should always be contacted when a third party no longer requires access to your dataset.

 

Additional Questions?

If you have additional questions about setting up security groups in the accounting system, you can either turn to the PROCAS Accounting User’s Manual, call PROCAS Support, or call your PROCAS Consultant. There is a pdf copy of the manual available under the help menu when you are logged into PROCAS Time & Expense. You can also call PROCAS Support at 410-730-4011 extension 2 or your consultant to discuss more specific questions you may have about this process.