Security

BST11 system security controls the documents, dashboards, inquiries, reports, and data you can access in the system.

When you log on to your network, your network authentication is automatically used to connect seamlessly to BST11 through the use of single sign-on. However, if you are a logging in from a non-domain machine, the system will detect that you cannot log in with these credentials and will prompt you with a dialog box to enter authenticated credentials.

Once you have been authorized to access the system, the User Authorization document allows your login to be associated with an employee record. From this screen, you can be assigned to one or more responsibilities. In addition, this document controls when to show or hide sensitive data, such as Cost or Cost Rates, and further limits data access to one or more selected Companies. For more information, see User and User Authorization.

To ease security maintenance, the User Group document allows you to create groupings of users in the system. Once users are assigned to groups, the User Group Authorization document allows you to assign responsibilities to the group. For more information, see User Group and User Group Authorization.

After you or your user group has been assigned to a responsibility, you have access throughout the system to features and system capabilities defined for the responsibility. When assigned to multiple responsibilities, such as both the Project Manager and Staff responsibilities, security access is granted optimistically, which means that if any of your assigned roles has access to a system feature or capability, you have access.

Responsibilities are used to configure organization roles and their association with any number of packages, which are functional areas in the system such as a document, dashboard, inquiry, report, or dashboard. For each enabled package on the responsibility, you can select one privilege, which defines what actions you can take and what displays on the user interface for layouts, reports, and visualizers for the package. In addition, for each document in the package, you can select one access control, which controls what data you can see. For more information, see Responsibility and Privilege.

Specifically, your responsibilities control your access to the following:

  • Data Access: This includes the documents you can view (read only).
  • Data Modification: This includes the documents you can change (add, edit, delete). Document entry is further controlled by Posting Period and Posting Date using the posting period element, Stage. These controls are declared in the Posting Calendar document.
  • Workflow: This includes the workflow actions you can take (save, submit, approve, etc.).
  • User Interface: This includes the layouts and dashboard visualizers you can view.
  • Reports: This includes the reports you can run and view.

The system includes a default, best practice security configuration that outlines organizational privileges, such as Employee and Reviewer, and responsibilities such as Staff, Project Manager, and Accounting Administrator. These have been preconfigured for the most typical system interactions. You can choose to use and refine the default configuration or create your own distinct configuration that is tailored to best meet the needs of your firm. For more information, see Default Responsibilities and Default Privileges.