webERP Manual
 ☜ Table of Contents
⬇Go to Bottom

Security Schema

The webERP security scheme consists of the following parts:

  1. Users:
    A separate account should be created for each user.
    User accounts may be added or removed by an administrator at:
    Main Menu > Setup > User Accounts (WWW_Users.php)
    +++
    Each user is assigned a 'Security Role' by selecting a choice
    from the drop down list labeled 'Security Role'.
    See below for a list of the default Security Roles available.
    +++
  2. Security Roles:
    Security Roles may be added or removed by an administrator at:
    Main Menu > Setup > Role Permissions (WWW_Access.php)
    +++
    Each 'Security Role' is assigned one or more 'Security Tokens'.
    The 'Security Tokens' assigned to a particular 'Security Role' can be
    changed at: Main Menu > Setup > Role Permissions (WWW_Access.php)
    +++
    See below for a list of the default 'Security Roles' and the
    'Security Tokens' assigned to each.

  3. Security Tokens:
    15 'Security Token' choices are available by default.
    See below for a list of the default 'Security Tokens'.
    Each 'Security Token' allows access to one or more webERP pages.
    +++
    There is no webERP tool to add, remove or edit 'Security Tokens'.
    However, an administrator can edit the underlying table (securitytokens).

  4. PageSecurity values:
    Each webERP page is given a Page Security value from 1 to 15 in the table scripts. The system reads all the scripts and the PageSecurity value for each into a SESSION array - $_SESSION['PageSecurityArray'] - the key for each element is the script name and the value is the PageSecurity value for that script. The key - the script name is retrieved from the $_SERVER['SCRIPT_NAME'] variable. In this way every time a script is called, the PageSecurity is retrieved from the array. +++
    There is a webERP tool to change PageSecurity values, for each script which is accessible from the Setup menu.

These parts work together as follows. The user name and password combination entered at log on enables the system to identify the 'Security Role' for the User. The User's 'Security Role' determines what 'Security Tokens' are available to the User. The User is allowed access to any page with a 'PageSecurity' value equal to the 'Security Token' values available to that User.

⬆ Top

A more comprehensive description of the security scheme follows:

Each webERP page (script) is assigned a specific PageSecurity value. This page security value is stored in the scripts table of the database and read into a SESSION array on login (from the GetConfig.php script). At the time of writing this is a number between 1 and 15. If more levels of security are necessary then this can be expanded by an administrator or developer. The default PageSecurity values for each page can be inspected by browsing the scripts table

The user is allowed access to a page if the PageSecurity value of the page/script is a number contained in the SESSION AllowedPageSecurityTokens array as determined from the users access level (Security Role). The user access level Security Role) is an integer that represents the Security Role assigned to the user in the user set up page (WWW_users.php).

Access authority is checked in the session.inc script for all pages (or PDF_Starter.inc for PDF pages). The variable $_SESSION['AccessLevel'] is retrieved from the database when the user logs on - in session.inc. This variable refers to the Security Role of the user. The SESSION['AllowedPageSecurityTokens'] array of numbers is retrieved from the database based on the users AccessLevel - or Security Role. Any page that has a $PageSecurity value equal to any value in this array is deemed to be an authorised page.

If you wish to add more Security Roles then you must use the Role Permissions script (WWW.Access.php). You must also specify the Security Tokens for the new Security Role. Users assigned to the new Security Role will have access to any page where the Page Security value is equal to a Security Token value assigned to the new Security Role. This mechanism allows the system administrator to control who can access what.

By changing the Security Role assigned to each users and the Security Tokens assigned to each Security Role the security access can be tailored for all users. When making these changes reference the default values in the tables below. PageSecurity values must also be known. The value of the default settings can be modified as needed from the Page Security script accessible from the Setup module

⬆ Top

Security Scheme Tables:

Table.Field Example Data Comment
www_user.userid
www_user.fullaccess
demo
8
These fields are updated by
WWW_Users.php.
securityroles.secroleid
securityroles.secrolename
8
System Administrator
These fields are changed when a
'Security Role' is created or deleted
at WWW_Access.php.
securitygroups.secroleid
securitygroups.tokenid
8
1
These fields are updated when
'Security Tokens' are assigned or
removed from 'Security Roles'.
at WWW_Access.php.
securitytokens.tokenid
securitytokens.tokenname
1
Menu and Order Entry Only
15 default security tokens are defined.
This data can not be edited using any
webERP tool.
webERP page CustomerInquiry.php
$PageSecurity = 1;
The PageSecurity value for each page
is pre-defined and can not be edited
using any webERP tool.
⬆ Top

Changes in Later Versions

Below the default security roles and page security values are set out. However, be aware that all these settings are now modifiable in the database. The roles can be defined choosing which security tokens will be allowed. Also, as of version 4.0 it is now possible to change the PageSecurity of each script to allow access to be more tightly defined. The PageSecurity value for a particular script is mapped to the security token that is either available to a particular user or not. Without the security token being in the users list of allowed security tokens then the script will not be available to that user.

Security Roles: Defaults for webERP version 3.0.5:

1 - Inquiries/Order Entry
2 - Manufac/Stock Admin
3 - Purchasing officer
4 - AP Clerk
5 - AR Clerk
6 - Accountant
7 - Customer logon only
8 - System Administrator

Security Token assignments: Defaults for webERP version 3.0.5:,

1 - Inquiries/Order Entry tokens = 1, 2
2 - Manufac/Stock Admin tokens = 1, 2, 11
3 - Purchasing officer tokens = 1, 2, 3, 4, 5, 11
4 - AP Clerk tokens = 1, 2, 5
5 - AR Clerk tokens = 1, 2, 5, 11
6 - Accountant tokens = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
7 - Customer logon only token = 1
8 - System Administrator = All the currently defined security tokens

Security Tokens: Defaults for webERP version 3.0.5:

1 - Menu and order entry only
2 - Inventory, AR & AP inquiries & reports
3 - AR setup customers, areas, receipts, allocations, credit notes, salesfolk, credit status
4 - PO Entry, Purchasing data & reorder levels
5 - AP Invoice, Credit, Payment entry. Supplier maintenance
6 - Not used
7 - Bank reconciliations
8 - GL Journals, COA, sales/COGS GL postings, terms, cost update, company prefs
9 - Ledger Maintenance and Manufacturing
10 - GL Journals, COA, sales/COGS GL postings, terms, cost update, company prefs
11 - Pricing & Inventory locations, categories, receiving & adjustments
12 - No Used
13 - Not Used
14 - Not Used
15 - User management, System Admin setup & utilities

PageSecurity values: Defaults for webERP version 3.05:

Page (script) File NamePageSecurity value
CustomerInquiry.php1
GetStockImage.php1
index.php1
Logout.php1
MailInventoryValuation.php1
PDFStockLocTransfer.php1
PDFStockNegatives.php1
PrintCustTrans.php1
PrintCustTransPortrait.php1
reportwriter/FormMaker.php1
reportwriter/ReportMaker.php1
SelectCompletedOrder.php1
SelectOrderItems.php1
AgedDebtors.php2
AgedSuppliers.php2
BOMInquiry.php2
BOMListing.php2
ConfirmDispatch_Invoice.php2
CustomerTransInquiry.php2
CustWhereAlloc.php2
DebtorsAtPeriodEnd.php2
EmailCustTrans.php2
FTP_RadioBeacon.php2
InventoryPlanning.php2
InventoryValuation.php2
OrderDetails.php2
OutstandingGRNs.php2
PDFCustomerList.php2
PDFLowGP.php2
PDFPriceList.php2
PDFQuotation.php2
PDFStockCheckComparison.php2
PeriodsInquiry.php2
PO_OrderDetails.php2
PO_PDFPurchOrder.php2
PO_SelectOSPurchOrder.php2
PO_SelectPurchOrder.php2
Prices.php2
PrintCustOrder_generic.php2
PrintCustOrder.php2
PrintCustStatements.php2
reportwriter/admin/ReportCreator.php2
SalesAnalReptCols.php2
SalesAnalRepts.php2
SalesAnalysis_UserDefined.php2
SelectCustomer.php2
SelectProduct.php2
SelectRecurringSalesOrder.php2
SelectSalesOrder.php2
SelectSupplier.php2
ShiptsList.php2
StockCheck.php2
StockCostUpdate.php2
StockCounts.php2
StockLocMovements.php2
StockLocStatus.php2
StockMovements.php2
StockQuantityByDate.php2
StockSerialItems.php2
StockStatus.php2
StockUsage.php2
StockUsageGraph.php2
SupplierBalsAtPeriodEnd.php2
SupplierTransInquiry.php2
Tax.php2
WhereUsedInquiry.php2
Z_CheckAllocs.php2
Areas.php3
Credit_Invoice.php3
CreditItemsControlled.php3
CreditStatus.php3
CustomerAllocations.php3
CustomerBranches.php3
CustomerReceipt.php3
Customers.php3
PDFBankingSummary.php3
PDFChequeListing.php3
PDFDeliveryDifferences.php3
PDFDIFOT.php3
PDFOrdersInvoiced.php3
PDFOrderStatus.php3
SalesPeople.php3
SelectCreditItems.php3
StockSerialItemResearch.php3
PO_Header.php4
PO_Items.php4
PurchData.php4
SpecialOrder.php4
StockReorderLevel.php4
Payments.php5
PrintCheque.php5
StockQties_csv.php5
SuppCreditGRNs.php5
SuppInvGRNs.php5
SupplierAllocations.php5
SupplierCredit.php5
SupplierInvoice.php5
Suppliers.php5
SuppPaymentRun.php5
SuppShiptChgs.php5
SuppTransGLAnalysis.php5
SalesGraph.php6
BankMatching.php7
BankReconciliation.php7
GLAccountInquiry.php8
GLBalanceSheet.php8
GLCodesInquiry.php8
GLProfit_Loss.php8
GLTransInquiry.php8
GLTrialBalance.php8
SelectGLAccount.php8
BOMs.php9
Currencies.php9
Z_CreateChartDetails.php9
AccountGroups.php10
AccountSections.php10
BankAccounts.php10
COGSGLPostings.php10
CompanyPreferences.php10
EDIMessageFormat.php10
GLAccounts.php10
GLJournal.php10
PaymentTerms.php10
SalesGLPostings.php10
WorkOrderEntry.php10
WorkOrderIssue.php10
ConfirmDispatchControlled_Invoice.php11
CustEDISetup.php11
DiscountCategories.php11
DiscountMatrix.php11
EDIProcessOrders.php11
FreightCosts.php11
GoodsReceived.php11
GoodsReceivedControlled.php11
Locations.php11
Prices_Customer.php11
ReverseGRN.php11
SalesCategories.php11
ShipmentCosting.php11
Shipments.php11
Shipt_Select.php11
StockAdjustments.php11
StockAdjustmentsControlled.php11
StockCategories.php11
StockLocTransfer.php11
StockLocTransferReceive.php11
Stocks.php11
StockTransferControlled.php11
StockTransfers.php11
TaxAuthorityRates.php11
EDISendInvoices.php15
PaymentMethods.php15
SalesTypes.php15
Shippers.php15
SystemParameters.php15
TaxCategories.php15
TaxProvinces.php15
UnitsOfMeasure.php15
Z_CheckAllocationsFrom.php15
Z_index.php15
Z_MakeNewCompany.php15
Z_poAddLanguage.php15
Z_poAdmin.php15
Z_poEditLangHeader.php15
Z_poEditLangModule.php15
Z_poRebuildDefault.php15
Z_Upgrade_3.01-3.02.php15
Z_Upgrade_3.04-3.05.php15
 ⬆ Go to Top