About security groups

Security groups enable you to control users’ ability to open windows and to perform specific tasks in a window.

You use the 7-2-1 Security Groups window to set up security groups for your company’s employees. The window contains a grid with numbered rows on the left and the following columns:

• Group# (User input is required to save the record.)
• Group Name (User input is required to save the record.)
• Save
• Delete
• Void
• Chg Period
• Print Checks
• GL Transaction Source Security
• Notes

When you set up user groups, you type a group number and group name. Then you determine whether or not that group will have rights to Save, Delete, and Void records, as well as to change the accounting period and print checks. You can use the Notes column to add any pertinent information about each group.

You can create security groups for specific employees, but it is a good idea to create security groups based on the tasks performed by a group of employees. This way, you can add or remove employees from security groups, rather than creating a new security group for each new employee.

As the company grows, the need for additional security groups increases. For example, a large company has an office staff that includes several accounts payable clerks, an accounts receivables clerk, a payroll clerk, a controller, project managers, and estimators. In this company, six different security groups are set up to accommodate the specific needs of the employees engaged in six different task areas.

You can also assign GL Transaction Source Security to security groups, limiting the types of transactions that each group can view in General Ledger. For example, to make sure that accounts payable clerks can't view payroll transactions in General Ledger, when you set up the security group for accounts payable clerks, you specify each type of source transaction that users in this group can view in General Ledger. They will not be able to view transactions from any other sources than what you specify.

In addition to creating task-oriented security groups, it is a good idea to create one security group with full access to the entire program. This allows owners or managers to log in with full access, but prevents unauthorized access to program features that only a company administrator can use.

It is important to consider the scope of tasks performed by users as well as the number of users that access Sage 100 Contractor. Before designing security groups, examine which users need access to specific windows in Sage 100 Contractor. After you set up the security groups, you can set up window and menu-level security.

Consider the following before setting up security groups:

• Do you need to create separate security groups for employees who perform specific tasks? For example, does your company have a payables clerk who only enters payables data?
• Do you need to create separate security groups for accounts payable, accounts receivable, and payroll supervisors, or can you just create one group for the supervisors?
• Do estimators perform different tasks than project managers?
• Do you need to provide differing levels of access to owners, controllers, or managers?
• Are you going to use the Sage 100 Contractor API to integrate with other programs? If so, create a security group named API with a group number such as 51.

• Do you want to prevent employees from viewing transactions in General Ledger that originate in source ledgers to which they have no access? For example, do you want to ensure that accounts payable clerks cannot view transactions from Payroll?