Managing and Understanding MAS500 User Accounts with Sage...

© Sage Software, Inc. All rights reserved. The Sage logo and the Sage product and service names mentioned herein are

registered trademarks or trademarks of Sage Software, Inc., or its affiliated entities. All other trademarks are the property of their

respective owners.

Managing and Understanding MAS500 User Accounts

with Sage MAS 500

Product: MAS 500 ERP

Description

This course is intended to provide you with information on how to manage and understand

MAS500 user accounts. Overview of maintaining user accounts, security groups, permissions,

license use, and logins are discussed. Topics that will be covered include:

Creating, Removing, and Modifying User Accounts

Enabling Security Groups for users and permissions

Understanding User License Consumption

Difference Between SQL and Windows NT Authentication Login process

Application Role and Its Purpose

Common Troubleshooting Tips for user accounts

Learning Objectives

At the end of today‟s session, you will be able to:

Add / Remove / Modify User Accounts

Learn to work in Security Group(s)

Understand User License Validation

Learn the differences between the SQL and Windows NT Authentication Login

Review Application Role and Its Purpose


2 of 14

Creating New MAS500 User

Adding a new user for SQL and Windows account

System Manager, Maintenance, Maintain Users,

Type the name of an existing SQL Server or Windows user

If the user is in the current domain, the field adds the domain automatically when you

leave the field.

Assign Default Security Group, Task Menu, and Company

Save and Exit

Instruct new user to login and set password in User Preference (if using SQL login)

User Preference is applicable to SQL user login. System Manager, Tools, Users

Preferences


3 of 14

Note: „SysAdmin‟ or System Manager user security group membership is required to

perform the tasks

Tip: Requiring Password can be enabled at Maintain Site “Require Password” in Option Tab

To create a logon for a user in a different domain, first create a SQL Server logon for the

user, then specify the user name with the domain in this format: domain\ login name.


4 of 14

Removing /Deactivating Existing User Account

In order to remove existing user, user performing the task must have administrative rights to

SQL database and MAS500

System Manager, Maintenance, Maintain Users

Type or Lookup User Account

Use the Delete “X” button or CTRL-D (short key)Accounts Payable, Maintenance, Maintain

Vendors

Confirm the deletion by clicking OK

Permanently removing user name from database Delete user from MAS 500

(Maintain User task). Then open SQL Studio Management and delete the user from the

MAS 500 database and from the SQL server Security\Login folder.


5 of 14

Note: Deleting the user from MAS500 will not affect the transactions history created by the

deleted user account. The user will remain in the user list but will have No status under “Is

Sage MAS 500 User” column.

Modifying Existing User Account

User can be assigned to multiple security groups for one or more companies; however, if the

user is assigned to more than one security group within the same company, the system grants the

user access permissions of the security group with the highest access permissions level.

Changing User Name

Once the user name is established, it cannot be changed. But can be added after removing the

user name from SQL database.

Reason : Editing the name in Active Directory does not assign a new SID (Security

Identifier). Thus, adding the new user name in MAS 500 uses values already in use in SQL.


6 of 14

How to Set, Change, and Clear User Password (applicable for SQL login

users)

User can create password during initial login prompt screen

Admin can clear the user password from Maintain Users > clear Password button

SQL admin can clear password from SQL Server

UPDATE tsmUser SET DBPassword = NULL,

Password = NULL WHERE UserID = '<username>„

After executing the script above,

go to Server ROOT > Security (LOGIN) and clear out the password under Properties.


7 of 14

Security Group(s) Assignment and Setting

Note: „SysAdmin‟ or „System Manager‟ user security group membership is required to perform

the tasks

Security Group(s) can be created to assign users to specific tasks, permissions, and roles. Benefit

of using security group includes time saving administration, global security settings, and efficient

user account management

System Manager, Maintenance, Maintain Security Groups

Type new security group name and description

Select Module ID from dropdown menu and assign appropriate permission level

To locate the permission tasks, use Display Tracker to identify the task

Levels of permissions are Excluded, Display Only, Normal, and Supervisory

Excluded - Prevent users in the security group to view the task. Task may be bypassed,

button not visible, or dialog box not display

Display Only – Allow users to view the data only. Users cannot change values or use buttons

Normal – Allow users to enter or change data. Buttons and Dialog boxes are available to

users

Supervisory – Allow users to enter or change data with administrative rights. Example, user

can post private batches. Positional roles dependency

Tips and Tricks for managing Security Group(s)

Identifying the task name using Display Tracker tool. On the Tools menu, click Display

Tracker. Look for Task Description from the tool.

Also can simply right-mouse click on task and select properties. Look for MAS500 Task

Name.

The task names on the grid can be sorted alphabetically by clicking on column header with

mouse


8 of 14

Clicking on top left corner cell will highlight all task for master change

Use the Security List and User List Reports from System Manger

User License Consumption

There are two types of MAS500 User Desktop Licenses. First is called Standard MAS500 user

license and second is known as Business Insights (BI) user license. Both Licenses are consumed

or validated according to the task/application launch

Business Insights license consumed when following applications are launched:

– Business Insights Explorer

– Business Insights Analyzer

– Business Insights Dashboard

Example: A company purchases five (5) standard Sage MAS 500 application user licenses

and two (2) Business Insights user licenses. Seven sessions can be started with active tasks,

five standard application tasks and two Business Insights tasks.

User License Release

Both Standard MAS500 User license and Business Insights User license are released when user log outs of the MAS500 desktop.

Simply closing task(s) or view(s) will not release the license(s).

Changes for how MAS500 releases Licenses will be in 7.40 version

The license consumption will release when All tasks/application window close. Users will

NOT have to completely log out of the desktop.


9 of 14

Understanding Windows Vs. SQL Authentication Login

MAS500 currently supports two types of login credential validation. Windows and SQL

Authentication method are used for MAS500 login. SQL Authentication is also known as Mixed

Mode.

Windows Authentication - Enables Windows Authentication and Disables SQL

Server Authentication

SQL Server performs the authentication itself by checking to see if a SQL Server login

account has been set up and if the specified password matches the one previously recorded

If SQL Server does not have a login account set, authentication fails and the user receives an

error message stating Login failed for user „xxxx‟

SQL Authentication (Mixed Mode) - Enables both Windows Authentication and SQL

Server Authentication. Windows Authentication is always available and cannot be disabled

SQL Authentication is the environment that all of your users are part of a Windows domain

In SQL Authentication, access to SQL Server is controlled by Windows account or group,

which is authenticated when you log on to the Windows operating system on the client.


10 of 14


11 of 14

Enabling Windows Authenication for MAS500 Desktop

Client Configuration Utility is required for the following task. Windows authentication can bet

setup in two areas for MAS500 desktop.

Launch MAS500 desktop, Login window

Check „Use Windows Authenication‟ option box for current user

Alternately, setting can be set for individual or all MAS500 user using the Client

Configuration Utility.

All Programs, Sage Software, Utilities, Client Configuration Utility

Select Current User or All Users and check the “Use Windows Authentication” option.

Click OK

Note: The client configuration utility will apply changes to the the machine user only if “Current

User” is selected. The machine user must have MAS500 Database access


12 of 14

Understanding Application Role Setting

Application role allows users to access Sage MAS 500 databases through the Sage MAS 500 client

software, but not other applications.

Application Role - database principal that enables an application to run with its own,user-

like permissions. You can use application roles to enable access to specific data to only those

users who connect through a particular application (MAS500).

User can perform normal processing against the data while in Sage MAS 500; however, this

user has no permissions against the database objects when using other applications such as

Query Analyzer, Crystal Reports, etc.

Important: If Credit Card is installed, you must select this check box for each user to

process credit card transactions.

„Allow Read Access‟ Option - Select this check box to grant users read-only access to Sage

MAS 500 databases from other programs. This check box is available only if the User

Application Role check box is selected.


13 of 14

Common Troubleshooting Tips and Frequently Asked Questions

For additional information, please reference the following Knowledgebase Resolution IDs

via Sage InfoSource:

“Unable to set the application role - either the approle does not exist or incorrect

password”

When two database sets exist, the passwords must be the same for SQL Server logins and the

AppRole. The error mostly relates to some kind of data corruption of Role Password. Run

Maintain Site to re-set password for Application Role usually resolves the issue.

Knowledgebase Resolution ID: 1978

How to clear user passwords in Sage MAS 500

As an administrator, you can use the Clear Password function in System Manager / Maintenance

/ Maintain Users. If the Clear Password button is disabled, a password does not exist, you do not

have the necessary permissions in Sage MAS 500 or SQL Server to reset the password, or the

user is a Windows Authenticated login. Windows Authenticated logins are maintained at the

domain, not SQL Server or Sage MAS 500; however the login does need exist in SQL Server

and Sage MAS 500.


How to find the task description for a task to maintain security in Sage MAS 500

There may be instances where the task description to set the security for the task is not evident or

do not belong in the module that it is found. To figure out the task description and which module

it belongs, simply go to the task itself, right click and select 'Properties'.

Also can locate task description name by using Display Tracker tool



14 of 14

How to produce a list that displays security and access permissions

There are two reports to list all MAS500 users security group information for administrative

purpose. The report will display security group codes, descriptions, and the assigned access

permissions


How to require password entry when loggin on to Sage MAS500

By default, password is not required for SQL user login accounts. However administrator can

enable the password requirement. "Require Password" box in Maintain Site needs to be checked

in order to require the password when logging in Sage MAS 500


Summary

You have learned how to:

Add / Remove / Modify User Accounts

Create and Change User Security Group(s)

Understand User License Validation

Learn the Difference the SQL VS. Windows NT Authentication Login

Enable the Application Role and how it affects MAS50

Managing and Understanding MAS500 User Accounts with Sage...

Documents

Transcript of Managing and Understanding MAS500 User Accounts with Sage...