Setting up Security in Sage 300 ERP (formerly known as "Sage Accpac") may seem like a daunting task. First, you need to set up the Users... then, the Security Groups... and then, assign the Security Group by module to the User. If you have more than one Company in your System, then the task goes from daunting to overwhelming. The secret to monitoring and managing the security setup is to develop a process that allows for segregation of duties (recording function, authorization function, and custody).
We recommend creating a template for each user to determine the security group you will add them to (or create specifically for the user). This would be what the user would fill out (recording). It would be approved by the supervisor (authorization) and be implemented by IT (custody). This allows for the segregation of duties.
To setup employee security, follow these steps (in the Administrative Services Module):
Please note: Users are populated throughout the system and not only by database. Therefore, if you have multiple companies you'll only need to create a User once, but would need to assign their authorizations by Company.
Set up the User. Note that you'll need to create a password for them. You can set it up so that the User will need to create their own password upon the 1st login.
Set Up the Security Groups. Each module can be assigned numerous Security Groups.
Once the Security Group and the User has been created, you will link them via the User Authorization form.
It's also important for managing the Security System from IT's point of view to make efficient and effective changes as quickly as possible. Below are some tips & tricks to assist with setting up security.
When an employee is no longer with the Company, disable their Sage 300 account immediately. See below on how to disable an employee's account.
To find out what Security Groups are assigned by individuals, you can export the User Authorization List. If you need to make a lot of changes via excel (for example to set up User Authorizations for a new Company) you can populate the info in excel and then import it back into Sage 300 (formerly "Sage Accpac").
You can remove particular buttons by individual (for example, if you dont want to make it possible for anyone to be able to delete an item) by setting up a UI Profile and customizing individual forms within the modules. Then assign the users that you don't want to be able to delete items to the UI Profile ID. See below for the screenshots to guide you.
We hope that this guidance will make it easier to manage your User Security. Please feel free to Contact Us with any other questions on setting up security for your organization.