Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Security is based on user ID. In order to access Circulation, a user ID must be set up for the user in User Profile. Once user IDs are defined, they can be assigned to one or more user groups. Each user group can be linked to one or more security IDs. The security ID is then linked to a menu item (menu, submenu, and/or menu option) or transaction type.
Access to menu items is restricted by security ID. This means that if a menu item has been assigned a security ID, only users in user groups linked to that security ID may access the menu item. Only one security ID may be assigned to a menu item, and if a menu item is not assigned a security ID, all users may access it. The same basic rules apply to transaction types.
You may also set up field level security for devices, companies, publications, and reason codes. And, security thresholds can be defined to limit the number of days or dollars entered in complaints, expire changes, extend grace transactions, grace writeoffs, and subscription payment adjustments.
One other area that is protected by security is spool files. Reports that are saved to spool must have a security setting (i.e. a security ID). This is specified in the View & Print Options window (see Viewing and Printing Reports in the User Manual). If a user ID does not belong to a user group (or their user groups are not linked to a security ID), the user will not be able to run reports in Circulation. So, you should have at least one security ID that is valid for all users.
The diagram below is an example of how security might be set up.
In this example, Dick is the accounting manager. He is part of user group ACCTMGR, which is linked to security ID ACCT. This allows Dick access to options on the Accounting menu. He occasionally enters Customer Service, so he is also part of user group SERVICES. However, he cannot access the Setup menu.
Jane is the system administrator. She is linked to user group SYSADMIN. Since the system administrator might need access to Circulation at any level, SYSADMIN is linked to all security IDs, and is thus able to access all menu items and transactions.
Mike is a Customer Service associate. He is linked to user group SERVICES. The diagram shows that he has access to Customer Service, and may modify payments.
Jim is a district manager. He is part of user group DM, which means he is linked to security ID ALL. At this site, security ID ALL is used for spool security. Jim cannot access the Setup or Accounting menus or Customer Service, but he can access all other menu items (because there is no security on them). Note that all other user groups are also linked to security ID ALL—that is because all users will use ALL for spool security.
Now let’s say we have a new employee, Alice. She will be a Customer Service associate. To add Alice as a user and give her appropriate security clearance, we would first set up a user ID for her in User Profile. Then we would select Specifics | User Group and add her to the group SERVICE and, of course, to ALL.
When planning security, it is a good idea to start by determining which menu items and transactions need to be secured. Look at the combinations of users that can access these items: for each different combination, you will need a different security ID. Once you have determined the security IDs, try to organize the users that need access to the same security IDs into functional groups (such as Customer Service, Accounting, and Publishing). Once you know the menu items/transactions that need to be secured, and the users, user groups and security IDs that will need to be set up, follow the steps below to define security.
Define user groups (described below).
Define individual users (see User Profile) and set up Customer Service preferences for them (see User Profile - CR).
Link the users to the user groups (see Specifics, User Group)
Define security IDs (see Security ID).
Link security IDs to user groups (see Specifics, Security Group).
Enter the menu security, if you will use it (see Menu Security).
Enter the transaction security, if you will use it (see Transaction Security).
Enter field security, if you will use it (see Field Security).
Enter security thresholds, if you will use them (see Security Threshold).
Note: The Security Report can be a useful tool in planning and updating security.
User groups are defined using the Group option; users are then assigned to certain users groups in User Profile. When planning your user groups, you must consider both functionality and security.
Select Group from the Security menu to display the Group window.
Click Add and enter a group name and description.
GROUP
open (8)
Enter a user-defined name for this group.
DESCRIPTION
open (30)
Enter a description of this group.
Click OK to save the group.
The Services menu is where Customer Service associates do most of their work (starts, moves, draw changes, etc.). Some Service defaults can be set up for individual users using this option.
Select User Profile - CR from the Security menu to display the User Profile CR screen.
Click Add and complete the following fields.
USER NAME
open (8)
Enter the User ID of the user that you are setting up defaults for.
SIGNON PRODUCT
setup
Enter the default publication to be used when the user logs in to Circulation. Leave this field blank if there should be no default.
SEARCH MODE
predefined
Enter the default search mode for the user when locating customers. This determines what field the search starts in. Press F2 for a list of choices.
SEARCH TYPE
predefined
Enter the default for the Search Type field when locating customers. Search Type indicates the subscription status of the customer and can be set to active subscribers, all subscribers (active or inactive), non subscribers, or all households (both subscribers and non subscribers).
DEFAULT TAB
predefined
Indicate whether the user should see the Transaction or the Subscription tab as the default in the Customer Service window. The default can be temporarily changed in Services | Signon.
DISPATCH METHOD
predefined
Indicate the primary dispatch method for this user (District, Route, Service Area, Truck, or Zone). Dispatch (service) drivers may be responsible for delivering products, publications, and/or messages to certain geographic areas. These service drivers may be assigned to a zone, district, route, truck, or service area which indicates the method for dispatching. For example, you may have set up two service areas to which all of your routes have been assigned for dispatching purposes.
DISPATCH ORDER
predefined
Indicate the primary dispatch order for this user (Number Calls, Complaint Total, Shortage Total, Urgent Total).
Click OK to enter the default information into the database.
Security ID Change allows you to change the name of a security ID.
Note: Be advised that any reports created under an old security ID will no longer be accessible through Circulation. Before changing a security ID, be sure users no longer require access to these reports. The reports will still be accessible in the spool folder, however, and can be viewed using other programs.
In character Circulation, select Security ID Change from the Security menu to display the Security ID Change screen.
Select Add and complete the following fields.
OLD SECURITY ID
open (8)
Enter the name of the security ID whose name you want to change.
NEW SECURITY ID
open (8)
Enter the new name for the security ID.
NEW SECURITY DESCRIPTION
open (30)
Enter a description of the security ID.
Select Continue to change the security ID.
Circulation options can have security at the menu level, submenu level, and/or option level. To assign security, you must first set up user profiles, user groups, and security IDs. Then you can use this option to limit options to one certain security ID.
If a menu, option or item has no security ID associated with it, everyone has access to it. If a menu or option has a security ID, then only those groups associated with that security ID have access to that menu or option. To change security on a menu that is security protected, you must log in with an appropriate user ID (i.e. as a user that has the right security ID for that option). You can then use MENU SECURITY to assign a different security ID.
Note: Do not assign a security ID to a menu option unless the security ID is linked to one or more user groups, and users are assigned to the user groups. If an unlinked security ID is placed on a menu item, no one will be able to access the menu item.
In character Circulation, select Menu Security from the Security menu.
Select the area of Circulation (such as Setup) for which you want to establish security.
Press F1 (or Ctrl-X) when the menu you want to establish security for is highlighted. To access submenus and menu options, press Enter as you normally would, and then highlight the submenu or menu option.
Enter the appropriate menu security ID and write security ID. Menu security controls whether the menu option can be used at all. Write security affects the Add, Copy, Delete, Default, Enter, and Modify options.
Continue applying security to menu options, or press F4 to exit to the Setup menu.
The Group Change option allows you to change the name of a user group.
In character Circulation, select Group Change from the Security menu to display the Group Change screen.
Select Add and complete the following fields.
Select Continue to change the group name.
This section guides the user through the menu options that are available under the Security menu.
OLD GROUP
open (8)
Enter the name of the user group whose name you want to change.
NEW GROUP
open (8)
Enter the new name for the group.
NEW GROUP DESCRIPTION
open (30)
Enter a description of the group.
The Security Report, a listing of the current security setup, can be useful when defining or updating security settings. For example, if you have a new user and want to make sure the individual has access to the right options, you can run the report and see all of the user groups to which the new user belongs, and all of the menu options those groups have security for.
In character Circulation, select Setup | System | Security | Security Report to display the Security Report screen.
Select Add and complete the following fields.
SECTION
predefined
The report has different sections, one or all of which can be included:
Fields. Security IDs and user group access are shown for each deliverable, company, device, reason code, district or miscellaneous charge that has security attached.
Items. Security IDs and user group access are shown for each security transaction type.
Menus. Security IDs and user group access are shown for each menu option.
Users. Each user is listed, with the user groups to which he or she belongs.
To include all of the above sections on the report, enter “*”.
MENU AREA
predefined
If Section is set to “menus” or “*”, you can specify which area should be shown in the report, for example “Main” or “Customer Service”. Press F2 for a lookup of all areas.
USER STATUS
predefined
If Section is set to “Users”, you can specify whether to include the users with status as either Active, Inactive, or Both to be shown in the report.
CREATE TEMPLATE
yes/no
If you want to create a template, rather than report current security settings, enter “y” here. A template will list items and/or menus with 36 generic columns (A-Z and 0-9). You can use this as a grid to plan your security layout.
EXPORT FILENAME
open (30)
Enter the name of the file to be created.
Select Continue to create the report. The standard view/print options will be available.
Select this option to enter user ID information for Circulation users, and assign users to one or more user groups. User IDs must be set up for all Circulation users.
Note: Some user IDs, such as “admin” and “DTI”, may be pre-loaded in the system. Do not delete these user IDs.
When adding or modifying user profiles, you can automatically have Circulation create a Unix login and directory for the user. Circulation will create a file in the /app/cron/newuser directory (if it exists). The file will be named “newuser.[YYYYMMDD][hhmmss].[PID]”, where [YYYYMMDD] is the year, month and day, [hhmmss] is the hour, minute, and second, and [PID] is a Unix process ID. The file will contain the user name, system name, and requesting user (the user who added the user profile record). It will be picked up by a cron job that creates a Unix login and directory for the new user. Contact the Naviga Support Center for more information.
In character Circulation, select User Profile from the Security menu to display the User Profile Setup screen.
Select Add and complete the following fields.
USER NAME
open (8)
Enter a unique ID for this user (required). This is the name that will show up in history, and it will be used for authentication if there is no system name (see below).
FULL NAME
open (30)
Enter the user’s full name. This name will be printed on the Security report, followed by the user name in parenthesis.
SYSTEM NAME
open (80)
Optionally, enter the Windows user name for this user. If left blank, the user name will be used as the system name. As mentioned, the user name is the name that will show up in history. So, if a user is set up as follows: • User Name = firstl • System Name = first.last@domain.com The user will log in with “first.last@domain.com,” but “firstl” is the name that will appear in the history.
EMAIL ADDRESS
open (60)
Enter the email address of the user.
DAYS OF WEEK
yes/no
For each day of the week, indicate if this user has access to Circulation. This field is not currently used.
START TIME, END TIME
date
These fields are not currently used by Circulation.
PROCESS WHEN
predefined
Indicate the default processing option for viewing and/or printing reports: now, deferred or background.
VIEW OUTPUT
yes/no
Indicate whether the default view option is “yes” or “no”. For more information about the viewing and printing options, see the User Manual.
PRINT OUTPUT
yes/no
Indicate whether the default print option is “yes” or “no”.
PRINTER
setup
Enter the name of the default printer device for this user, or leave blank if there is no default.
COPIES
integer (3)
Enter the default number of copies to be printed.
SAVE OUTPUT
yes/no
Indicate whether the default save option is “yes” or “no”.
SPOOL SECURITY
setup
Enter the default security ID for saving files.
Select Specifics | User Group or Specifics | User Division to assign users to user groups or divisions, respectively (see Specifics, User Group).
Select Accept to enter the user profile, including specifics information, into the Circulation database.
Set up another user profile, or press F4 and select Exit to exit to the Setup menu.
This specific allows you to link user IDs to user groups. A user can be associated with more than one group, and more than one user can be associated with the same group.
Select Specifics | User Group from the User Profile Setup screen to display the User Group Setup screen.
Select Add and complete the following fields.
GROUP
setup
Enter a group to which this user belongs
USER NAME
display
The user ID from the User Profile Setup screen displays.
Select Accept to accept the user/user group link.
Link the user to other user groups, or press F4 and select Exit to exit to the User Profile Setup screen.
This specific allows you to link user IDs to user divisions, which are used to store user interface preferences in graphical Circulation. A user can be associated with more than one division, and more than one user can be associated with the same division.
Select Specifics | User Division from the User Profile Setup screen to display the User Division Setup screen.
Select Add and complete the following fields.
DIVISION
setup
Enter a user division to which this user belongs.
USER NAME
display
The user ID from the User Profile Setup screen displays.
Select Accept to accept the user/user division link.
Link the user to other user groups, or press F4 and select Exit to exit to the User Profile Setup screen.
Once user groups are set up, the groups must be assigned to at least one (but possibly more) security ID. Certain menu items and transactions can then be limited to a certain security ID.
Continuing with the example started in Group (see User Profile - CR), suppose you have determined the functions that require restriction and have set up user profiles and groups accordingly. You might then set up a security ID called “Dispatch” for all users that should have access only to that function, and so on. Notice that users in “SysAdm” (system administrators) have unrestricted access.
Main Menu
You do not need to assign security to a menu/option/item when everyone has access.
Setup Menu
Setup
Setup, SysAdm
Only members of Setup or SysAdm can access Setup functions
Customer and Route Services Menus
CSR
Setup, SysAdm, Acctg, ActMgr, Admin, CSR, CSR-Temp, Other
Everyone.
Dispatching
Dispatch
Setup, SysAdm, Acctg, ActMgr, Admin, CSR, Dispatch, Other
Everyone except CSR-Temp group.
Sign-On
CSR
Setup, SysAdm, Acctg, ActMgr, Admin, CSR, CSR-Temp, Other
Everyone except for users in the group “Dispatch” have access to Sign-On option.
Accounting
Acctg
Acctg, ActMgr, SysAdm
Only users in Acctg and ActMgr groups (and System Administrator) have access to the Accounting menu/options.
CRControlTotals
ActMgr
ActMgr, SysAdm
Only Accounting Managers (and System Administrator) have access to “modifying payment control totals”.
In character Circulation, select Security ID from the Security menu to display the Security Setup screen.
Select Add and complete the following fields.
SECURITY
open (15)
Enter a unique security ID.
DESCRIPTION
open (30)
Enter a description of this security ID.
Select Specifics | Security Group to link the security ID to one or more user groups (see below).
Select Accept to enter the security information into the database.
Set up more security IDs, or press F4 and select Exit to exit to the Setup menu.
Select this specific to link user groups to the security ID that is being defined.
Select Specifics | Security Group from the Security Setup screen to display the Security Group Setup screen.
Select Add and complete the following fields.
SECURITY
display
The security ID from the Security Setup screen displays.
GROUP
setup
Enter a group that should be included in this security ID.
Select Accept to accept the security ID/user group link.
Link more user groups to the security ID, or press F4 and select Exit to exit to the Security Setup screen.
Access keys, also known as API keys, aid in ensuring the safety and management of API (Application Programming Interface) access. They provide benefits such as:
Access keys provide an effective way to authenticate users or accounts when accessing an API. This ensures that only authorized groups can interact with the API, ensuring the security of the data.
API keys can be revoked or regenerated if they are compromised, which helps minimize security threats.
Publishers who want to give third-party vendors access to the Circulation API can create a user ID and generate an access key through which the third-party vendor can access the database securely.
The users can define whether an access key is required to access the application based on the Business Rule— Should the CIRC API require a valid access key be passed to it? (CircAPI section). The default value of the BR is set to Yes. If the value of this BR is set to Yes, the Access Key must be provided along with the User ID for each Circ API call.
To retrieve the account information using the Distribution API, a client must first create an account and then generate an Access Key for the account. In the URL request to the Distribution API web server, both the Account ID and the Access Key must be provided.
The users can define whether an access key is required to access the application based on the Business Rule— Should the Distribution API require a valid access key be passed to it? (Distribution - API: General section (CMO)). The default value of the BR is set to No. If the value of this BR is set to Yes, the Access Key must be provided along with the account ID for each Distribution API call.
If the access key has not been provided and the above-mentioned BRs have been set to Yes, an authentication failed error message will be displayed.
Note:
To revoke access for a particular user, create a new access key for that user and do not share the key. Because only one access key is valid/stored at a time, this will disable access to the system using the previous access key.
In character Circulation, select Generate Access Key from the Security menu to display the Generate Access Key screen.
Select Add and complete the following fields.
APPLICATION
setup
Enter the application name as either Circulation API or Distribution API. For help, press F2.
USER ID
open
If the Application selected is the Circulation API, this field will be displayed.
Enter a valid user ID or press F2 for help.
ACCOUNT ID
open
If the Application selected is the Distribution API, this field will be displayed.
Enter a valid account ID or press F2 for help.
ACCESS KEY
display
This will be generated automatically and displayed on the screen.
START DATE END DATE
date
Enter the date range for which the user will be able to access the application.
Note:
The Start Date will be set to Today by default.
Enter a date that is later than Today as the End Date. For help, press F2.
Select Accept to provide access to the specified user or account.
Application: Circulation API
Application: Distribution API
To successfully access the database through the CircAPI or the account details through the Distribution API, either of the below options can be followed:
The value of the BR has been set to Yes, and a valid access key has been provided in the request URL. Or
The value of BR has been set to No.
Application: Circulation API
Application: Distribution API
You can set up security for some specific transactions (such as adding addresses) within the Circulation Services menu. First, you must establish user IDs, user groups, and security IDs. Then, using this option, you can limit specific transactions to only those users with a specific security ID. Only one security ID can be assigned to a transaction type. If you want to change who has access to this transaction, you may have to set up a new security ID with different groups associated with it.
You can also implement data masking using transaction security.
Note: You cannot add or delete transaction security items. Also, when modifying an item, only the security ID can be changed.
Select Transaction Security from the Security menu to display the Transaction Security window.
Select a security item in the list and click the Modify icon.
Select a security ID from the Security combo box. Only users that have this security ID will be able to carry out this transaction.
Click OK to apply this security ID to the transaction.
Data masking is used to allow only selected Circulation users to view and print private information, while preventing all other users from doing so. Users without security rights will see “masked” information, which means that most digits of a number are replaced with asterisks. A masked credit card number, for example, will be displayed as ************0123, with only the last four digits visible to the user. Users with security rights will see the whole number. The diagram below shows the level of security that data masking provides.
Note that, when using data masking alone, information is not masked in any way within the database. Any person who can access the database directly, such as a Naviga Support analyst or a developer who runs custom programs, ad hoc queries, Results queries, etc., will see the full data. Unauthorized users (i.e., “hackers”) who are able to gain access to the database will also see full data. To protect private information within the database, you must use database encryption.
Data masking is set up within Transaction Security (Setup | System | Security | Transaction Security). By default, these items are marked NOT ACTIVATED, which means that the data for these items will be masked for all users until you “activate” access to an item for a security group.
Four security items in Transaction Security control the masking of private data:
ShowCreditCard determines which security group can view and print full credit card numbers. All other security groups will see only the last four digits of credit card numbers.
ShowPayPal determines which security group can view the full PayPal VaultID and Email Address. All other security groups will see only masked data in these fields.
ShowBankAccount determines which security group can view and print full bank numbers and bank account numbers. All other security groups will see only the last 2 digits of the bank number and the last 4 digits of the bank account number.
ShowAcctTaxInfo determines which security group can view and print the full social security number and Tax ID of accounts. All other security groups will see only the last 4 digits of the social security number and Tax ID.
Remember, all data will be masked until you perform this setup.
Database encryption is used to hide private information from people who gain direct access to the database (i.e., developers, Naviga Support analysts, and “hackers”—people other than Circulation users). When encrypted, private data is stored in separate tables and fields. When the database is accessed directly, private information is masked and is not discernible. This includes running Results reports/queries, custom programs and ad hoc queries—in all of these situations, the data will be masked.
Circulation users, on the other hand, will be able to see full private information because the Circulation interfaces decrypt it for display and printing.
Note: If you require access to private data from Results queries or custom programs you have developed, please contact Naviga Support for assistance.
The figure below shows the level of security that database encryption provides. Note that all private data will be visible by all Circulation users, unless you also use .
The table below shows the fields that can be encrypted in the database.
Circulation supports two different methods of encryption:
FFW uses FreeFrameWork’s “shingle” encryption. It is a symmetric encryption system that was specifically developed for the Progress 4GL environment. FFW uses a pass phrase and a private key that you define in Setup. Because encryption is done entirely within Progress, it is the faster of these two methods.
GPG (Gnu Privacy Guard) is a freely available encryption tool for secure communication and data storage that supports a number of industry standard encryption algorithms, both symmetric and asymmetric, of various strengths. Circulation uses the default symmetric encryption algorithm for your GPG installation.
Note: GPG is a standard feature of the Red Hat Linux platform. Circulation administrators who use other platforms may need to download and install GPG before setting up encryption. For more information about GPG, see GNUPG.ORG or contact your platform vendor or Naviga Technical Support.
The table below compares some key attributes of the FFW and GPG encryption methods.
Follow the procedure below to set up database encryption.
If you are going to use GPG, you must download and install it if it is not already installed on your system.
Set the Business Rule, Should private information such as credit card numbers and bank account info be encrypted when stored in the database? (General section), to “yes”.
Use the Encryption Control option (Setup | System | Security | Encryption Control) to define your encryption method, pass phrase, and other information. Private information entered through new starts, payments, and other transactions will automatically be encrypted once an encryption control record is set up. See below.
Like security masking, encryption is not enabled by default: you must set it up using this procedure before data will be encrypted.
Two other menu options in Circulation are related to encryption:
Encryption Control setup determines the encryption method to be used, as well as the private key and pass phrase to be used in database encryption. If you use GPG, you must also enter the location of the encrypting program executable file. We highly recommend limiting access to this option to a few users via menu security.
Select Encryption Control from the Setup | System | Security menu. The Encryption Control screen displays.
Click the Add icon and enter encryption information in the fields described in the table below.
Click the OK button to add the encryption control, or click Add Another to accept the record and add another encryption control.
This option is used to purge the credit card number, bank number, and bank account number from the system, up through a cutoff (“purge to”) date. This information will be deleted, and any masked characters will be changed from “*” to “x”. An export option is available to export the private information to a secure directory before purging it, as a backup measure.
In character Circulation, select Purge Private Info from the System | Security menu.
Select Add and complete the fields described in the table below.
Select Continue to purge the data. The private information will be removed from the system.
Encrypt Private Info is used to encrypt private information that already exists in the database. After setting up an encryption control record, use this option to encrypt your existing data. See for more information.
Decrypt Private Info is used to decrypt information in the database that has been encrypted. For example, you may need to use this feature for testing (to compare pre-encryption and post-encryption data), exporting data (e.g., to move carrier tax information from Circulation to an external AR system), or when changing encryption methods (e.g., going from FFW to GPG). See for more information.
AAMHistDrawAdj
Use the draw adjust code for AAM history adj
ACBatAccountPmt
Accept account payment batch
ACBatMiscCharge
Accept misc. charge batch
ACBatRefund
Accept refund batch
ACBatReject
Account Payment Accept
ACBatRtDrawAdj
Accept route draw adjust batch
ACBatRtReturn
Accept route return batch
ACBatSCDrawAdj
Accept draw adjust batch
ACBatSCReturn
Accept return batch
ACBatSubscrPmt
Accept subscriber payment batch
AcctRateImpEdit
Account Rate Import edit
AcctWrittenOff
Allow accounts to be written off
AddressAdd
Add an address
AddressDigitMod
Modify - Address (Digital)
AddressMod
Modify - Address (Physical)
AllowDrwChgOvrd
Override Setup field for draw changes
APCollectorPmt
Create collector payment
APInvoiceApply
Select the “invoice” application method
ARS-Add
Allow add in Account Rate Setup
ARS-Delete
Allow delete in Account Rate Setup
ARS-Modify
Allow modify in Account Rate Setup
AS-Account
Allow accounts to be updated in Account Services
AS-Change
Allow accounts to be changed in Account Services
ASDisputeInv
Allow account invoices to be disputed
AS-Distribution
Allow distribution to be added/modified in Account Services
ASInvResolve
Allow invoice disputes to be resolved
AS-Levy
Allow levies to be updated in Account Services
AS-Notification
Allow notifications to be updated in Account Services
AS-Recurring
Allow recurring charges to be updated in Account Services
AS-Terminate
Allow accounts to be terminated in Account Services
ASViewAcctPmts
View monetary amounts for accounts in Route Service
AuthNumEntry
Enter credit card authorization numbers
AutoAccptBatch
Override auto-accept batch setting
BusRuleEncrypt
View encrypted Business Rule settings
CanSendEmail
Can Send Emails
CanUseCredCard
Enter CC payment and auto-renew
CCSurchargeOvrd
Allow subscriber credit card surcharge to be waived
ChargeAccount
Charge account in Dispatching
Chg GUI Labels
Change component labels in graphical
Chg GUI Layout
Change Graphical Layout
CRControlTotals
Modify payment control totals
CSABankDPayment
Add bank draft payment
CSACashPayment
Add cash payments
CSACheckPayment
Add check payments
CSACreditStatus
Add a subscriber credit status
CSACredPayment
Add credit card payments
CSAFormalCmplt
Add formal complaints
CSAGraceWO
Write off grace
CSAltAccount
Allow updating alternate accts
CSARefund
Add refund if refund available=0
CSBBillingChg
BackDate - Billing Method Change
CSBCSendInvRnwl
Modify Invoice Subscriber and Renew After This Term fields in billing change
CSBDelivSched
BackDate - Deliv Sched Change
CSBExpireChange
BackDate - Expire Change
CSBGraceWOff
Back Date - Grace Writeoff
CSBMoveIn
BackDate - Move In
CSBMoveOut
BackDate - Move Out
CSBNote
BackDate - Note
CSBPayment
BackDate - Subscriber Payment
CSBPymtCancel
BackDate - Payment Cancel
CSBRefund
Back Date - Refund
CSBRefundWOff
Back Date - Refund Writeoff
CSBRenewal
BackDate - Renewal
CSBReroute
BackDate - Route Reassignment
CSBRestart
BackDate - Restart
CSBStart
BackDate - Start
CSBStop
BackDate - Stop
CSBTempAddrEnd
BackDate - End Temp Add
CSBTempAddress
BackDate - Temporary Address
CSBTransferOut
Back Date - TransferOut
CSCancelGrpPymt
Cancel Group Payment
CSDBillingChg
Delete - Billing Method Change
CSDBonusDay
Delete - Bonus Days
CSDComplaint
Delete - Complaint
CSDContact
Delete - Contact
CSDDelivSched
Delete - Delivery Sched Change
CSDFComplaint
Delete - Formal Complaint
CSDMoveIn
Delete - Move In
CSDMoveOut
Delete - Move Out
CSDPayment
Delete - Subscriber Payment
CSDReroute
Delete - Route Reassignment
CSDRestart
Delete - Restart
CSDReward
Delete - Reward
CSDStart
Delete - Start
CSDStop
Delete - Stop
CSDTempAddrEnd
Delete - End Temp Address
CSDTempAddress
Delete - Temporary Address
CSDTransferOut
Delete - Transfer Out
CSMAAMColumn
Modify - AAM Column
CSMAAMZone
Modify - AAM Zone
CSManualRefund
Allow Manually Issued Refunds
CSMAutoRenew
Modify - Auto Renew
CSMBillingChg
Modify - Billing Method Change
CSMComplaint
Modify - Complaint
CSMContact
Modify - Contact
CSMCreditStatus
Modify - Subscriber Credit Status
CSMDelivSched
Modify - Delivery Sched Change
CSMEndGrace
Modify - End GracePeriod
CSMExpire
Modify - Expire
CSMExtendDays
Modify - Complaint Extension
CSMFeeOptOut
Modify-Printed Bill Fee OptOut
CSMFeeWaiveOff
Modify - Fee Waive Off
CSMFeeWriteOff
Modify - Fee Write Off
CSMFmlComplaint
Modify - Formal Complaint
CSMMerchDate
Modify Merchandise Fulfill Dt
CSMMoveIn
Modify - Move In
CSMMoveOut
Modify - Move Out
CSMNewPswdBtn
Modify - NewPswdBtn
CSMNote
Modify - Note
CSMPayment
Modify - Subscriber Payment
CSMPymtCancel
Modify - Payment Cancel
CSMReqRefund
Modify - RequestedRefund
CSMReroute
Modify - Route Reassignment
CSMRestart
Modify - Restart
CSMReward
Modify - Reward
CSMStart
Modify - Start
CSMStop
Modify - Stop
CSMTempAddrEnd
Modify - End Temp Address
CSMTempAddress
Modify - Temporary Address
CSMTransferOut
Modify - Transfer Out
CSMTrial
Modify - Trial
CSMWriteOffType
Modify - WriteOffType
CSOComplaint
Override Complaint Code after processing
CSPriceQuote
Enable Create Quote button and RENEW flag
CSReasnOverride
Override Reason Codes
CSSBFBBillChg
Show - BalFwd Billing BillChg
CSSComboTransfr
Show - Combo Transfer
CSSGraceAccrual
View Grace Accruals in Customer Service
CSSMarketTerm
Show marketing terms
CSUComplaintEnd
Can update complaint end date
CVV2Entry
Can override the CVV2 for a payment
DayPassMakeGood
Enter day pass make goods in Customer Service
DidNotOrderOvrd
Override rules for “did not order” reason codes
DigiAccDrawAdj
Create draw adjustment with the adjustment code specified for Digital Access Draw in the Business Rules
DispatchOvrride
Override dispatch cutoff
DistribMaintBkp
Use the Distribution Maintenance Backup option
DistribMaintDte
Allow right click Show Dates
DistribMaintSes
Bypass Distribution Maintenance session backup
DistribMaintUpd
Modify Information in Distribution Maintenance
DrwLockOverride
Override draw change lockouts
DrwToleranceOvr
Override draw change tolerances
FCDComplaint
Modify formal complaint date
FCTComplaint
Modify formal complaint time
FuturePayment
Future-date payments in Customer Service
GDCZeroDraw
Group Draw Change - Zero
GraceWOffDrwAdj
Grace writeoff adjustments using Route Adjust
GraceWOffUnpaid
Is Writeoff Now Unpaid (Grace Writeoff report)
GUIEditToolbar
Edit Graphical Toolbar Setup
IMDeadlineOvrd
Override IM Schedule Deadlines
ImportSubsRates
Import option of Export/Import Sub Rates
MapCSAddress
View the Customer Service address map
MapCSSingleCopy
View the Customer Service single-copy locator
MapRSRouteList
View the Route Service delivery list map
MapRSSingleCopy
View the Route Service single copy map
MapTMCampaign
View the TM campaign results map
MapTMProximity
Use Proximity map in Targeted Marketing
MsgAllEntry
Select “all” when entering messages
MsgBroadcast
Send broadcast messages
MsgDeadlineOver
Add delivery deadline override with message
OptOutVCRSetup
Opt out Vacation Credit Rules
PrintBankAcct
Display full info on the Subscriber Pmt Journal
PrintCreditCard
Display full info on the Subscriber Pmt Journal
PrintPayPal
Display full info on the Subscriber Pmt Journal
Program Stack
Stack Ctrl-G to display program
PurgeCCAudit
Purge credit card audit data
RateCdOverride
Override rating validation setup
RouteRateClass
Update a route’s rate class
RSBatDrawChange
Accept Batch - Route Draw Chg
RSDDrawChangeR
Delete - Draw Chg (Routes)
RSDDrawChangeS
Delete - Draw Chg (SingleCopy)
RSDReverseDrawR
Delete - Draw Rev (Routes)
RSDReverseDrawS
Delete - Draw Rev (SingleCopy)
RSDShortage
Delete - Shortage
RSMDrawChangeR
Modify - Draw Chg (Routes)
RSMDrawChangeS
Modify - Draw Chg (SingleCopy)
RSMReverseDrawR
Modify - Draw Rev (Routes)
RSMReverseDrawS
Modify - Draw Rev (SingleCopy)
RSMShortage
Modify - Shortage
RSShowLevy
Show account levy
ShowAcctTaxInfo
Show account tax information
ShowBankAccount
Show bank draft information
ShowCreateUser
Show Create User
ShowCreditCard
Show credit card information
ShowPayPal
Show PayPal information
SRS-Add
Allow add in Subscriber Rate Setup
SRS-Delete
Allow delete in Subscriber Rate Setup
SRS-Modify
Allow modify in Subscriber Rate Setup
SubRateExpImp
Access to Subscriber Rate Export/Import
Task
Generate Tasks
TaskComplete
Mark a task as complete
TMDrawChangeAdd
Add standing draw in TM
TMDrawChangeDel
Delete standing draw in TM
TMDrawChangeMod
Modify standing draw in TM
TMDrawChangePro
Process standing draw in TM
TrnLeadTimeOvrd
Override min. number of future-dated days
UnauthRetrnOvrd
Unauthorized Returns Override
UpdAcctActive
Change account’s bill source information
UpdateCollector
Modify the collector in account setup
UpdateCreateGL
Create GL in Unearned Revenue and Grace Due
UpdSubPayTerm
Update term for subscriber payment
VacationPack
Control vacation pack updating
WebCampaign
Access Web Campaign module
WebDrawChgOvrd
Override/reject web draw changes
WebDrawChgRvw
Accept/refuse web draw changes
WebRtrnOverride
Override/reject web returns
WebRtrnReview
Accept/send back web returns
Website Admin
Access to iServices Subscriber Admin module
Social Security number
carrier/dealer
All but the last 4 digits
Tax ID
carrier/dealer
All but the last 4 digits
Bank number
carrier/dealer and subscriber
All but the last 2 digits
Bank account number
carrier/dealer and subscriber
All but the last 4 digits
Credit card number
carrier/dealer and subscriber
All but the first digit and last 4 digits
Requires additional software
no
yes, for non-Linux platforms
Utilizes external tools
no
yes
Encryption algorithm
proprietary
3DES, CAST5, BLOWFISH*, AES, AES192, AES256, TWOFISH
Throughput
400-500k per hour**
65-80k per hour**
Keys utilized
private key and pass phrase
pass phrase
* BLOWFISH is the default GPG symmetric encryption algorithm. ** Based on Newscycle’ testing on Linux and Solaris systems. Your results may vary depending on platform, operating system, system configuration and load, and other factors.
CONTROL ID
integer (8)
Specify a numeric ID for this encryption record, or keep the default.
START DATE END DATE
date
Enter the date range during which this encryption information should be used. Note that you may only have one Encryption Control record with a blank end date (i.e. one active record). Also, if there are previous records, the start date must be one day after the end date of the last record, and two records may not overlap date ranges.
ENCRYPTION METHOD
predefined
Indicate whether the FFW (FreeFrameWork) or GPG (Gnu Privacy Guard) encryption method should be used.
PUBLIC KEY
—
This field is not currently implemented.
PRIVATE KEY
open (50)
If using the FFW encryption method, enter an alpha-numeric character string that should be used as a private key. The private key has a role in encrypting/decrypting the data, and is also used to verify that the encrypted data has not been corrupted.
PASS PHRASE
open (50)
Enter the pass phrase, similar to a password, that should be used to encrypt/decrypt information. The pass phrase is required for both encryption methods. Note the private key and the pass phrase will be themselves stored in encrypted form (a separate, hard coded pass phrase will be used by the system to access them).
EXTERNAL EXE, TEMP DIRECTORY
open (50)
If the encryption method is “GPG”, enter the path and name of the executable program that runs the encryption and the temp directory where encryption-related files should be written. Note: These fields do not apply to FFW encryption.
Security thresholds are maximum amounts or days that can be entered in certain transactions. Thresholds can be defined to limit the amount of money that can be entered for:
A Grace Writeoff
A Subscriber Payment Adjustment (if the adjustment extends the expire date)
Refund Variance (amount difference from the available refund)
An Expire Change
Likewise, security thresholds can be defined to limit the number of days a subscriber’s expiration date or end grace date can be adjusted by:
A Complaint
An Expire Change
An Extend Grace
The security thresholds utilize the same security IDs that Circulation uses for other security. If a user belongs to more than one security ID for which a threshold has been defined, the one with the highest amount/number of days will be used. If security thresholds are defined for one of the transaction types but a user does not belong to any of the security IDs, no amount or number of days may be entered.
For example, say the following thresholds are defined:
ADMIN (Bob)
Complaint
50
CUSTSERV (Bob, Jim, Lydia, all CSRs)
Complaint
2
ACCTG (Bob, Lydia, Denise)
Complaint
50
MGR (Bob, Chuck, Debbie)
Complaint
10
ADMIN (Bob)
Extend Grace
50
ACCTG (Bob, Lydia, Denise)
Extend Grace
20
ACCTG (Bob, Lydia, Denise)
Grace WO
60
MGR (Bob, Chuck, Debbie)
Grace WO
20
Bob could extend a subscriber’s expire date as part of a complaint for up to 50 days, as could Denise, but Jim could only extend it 1 or 2 days. Jim would not be able to enter an Extend Grace at all, and Lydia would only be able to give a subscriber up to 20 extra grace days, while Bob could give up to 50 extra days. And Lydia would be able to write off grace for up to 60.00, but Chuck would only be able to write off grace if it were under 20.00. Anyone would be able to enter expire change for any number of days or amounts, because a threshold has not been defined.
If a transaction exceeds a security threshold, users may be required to change the dollars/days before they can accept the transaction. Alternately, users may be allowed to save the transaction with the current days/dollars, but it will be suspended. To unsuspend a suspended security threshold transaction, a user who does have security for the number of days or amount entered must modify and accept the transaction. A Business Rule, Can a transaction which exceeds a security threshold be suspended? (Customer Services section) determines whether the accept as suspended option is offered.
Select Security Threshold from the Security menu to display the Security Threshold Setup screen.
Click the Add icon and complete the following fields.
SECURITY
setup
Enter the security ID to be used with this threshold, or enter “*” for all. All of the users within this security ID will qualify for the threshold.
DIVISION
setup
Enter the user division to which this threshold applies, or enter “*” for all divisions.
ACTION TYPE
predefined
Indicate whether the threshold is being defined for a complaint (Complain), expire change (ExpChg), extend grace days (ExtGrace), grace writeoff (GraceWO), or subscriber payment adjustment (SubAdj).
DAYS ADJUST
integer (5)
If this is a complaint or expire change, enter the maximum number of days a subscriber’s expire date can be extended by users in this security group. If this is an extend grace days transaction, enter the maximum number of days a subscriber’s grace period can be extended.
AMOUNT ADJUST
decimal (7)
If this is a grace writeoff, enter the maximum amount that can be written off. If this is a subscriber payment adjustment or an expire change, enter the maximum amount by which a subscription can be adjusted.
Click OK enter the threshold into the database.
Once security thresholds are defined for a transaction, if a user attempts to enter a greater number of days or dollars than the threshold allows, a message will appear. In order to accept the transaction, the user can change the days or amount to a value that is equal to or less than the threshold.
Suspended transaction will be skipped by Transaction Processing (a message is written to the Process Log). Subscriber payment batches with a suspended payment adjustment cannot be accepted in Batch Payments until the adjustment is unsuspended. Likewise batches with suspended refunds cannot be accepted in Batch Refunds until the refund is unsuspended.
A task can also be created when the security threshold has been exceeded, using the “Security Threshold” task event. The different transactions that work with security thresholds (complaints, payment adjustments, etc.) can be selected as action types for this task.
ALL TABLES
yes/no
Indicate whether data should be purged in all tables. Enter “n” if you wish to purge only certain tables.
TABLE
predefined
If All Tables is set to “n”, indicate the table that should be decrypted. The choices are: AutoRenewSubscription, AutoRenewTran, Carrier, CashTransaction, SubscriptionPayment and SubscriptionRefund.
PURGE TO DATE
date
Private information on this date and prior will be purged, unless it does not meet the minimum days defined in the Business Rule, What is the minimum number of days private information must be retained before it can be purged? (General section).
EXPORT DATA
yes/no
Indicate whether the private information should be exported to an ASCII file (e.g., as a backup) before being purged.
EXPORT TO
open (50)
If Export Data is set to “y”, enter the directory to which the data will be exported. The default is /dti/exchange/cm/secure. Each table will be exported in a separate *.pur file in this directory.
You may want to establish security for certain devices, companies, publications, rate codes, source codes, billing methods, auto renew types, districts, reason codes, and miscellaneous charge/credit codes. When a user enters any of these fields, the only valid choices will be the ones for which the user has security clearance. For example, you may have a special “half off” rate linked to a reason code—but only a district manager may be able to enter the code.
District security is also used at the route level in some cases. Only routes in districts for which the user has security can be entered in:
Find for routes in Route Service
Batch draw changes
Group draw changes (the draw change batch will only contain routes in security-accessible districts)
Updating pending draw, when selection type is “route”
Returns
Draw adjustments
Note: Publication security affects not only what publications can be entered in Product fields, but also whether Customer Service transactions for the publication can be deleted or modified.
Select System | Security | Field Security display the Field Security window.
Click the Add Field Security icon and complete the following fields.
FILE NAME
predefined
Indicate the field for which you are setting up security.
FIELD NAME
display
The name of the field selected is displayed.
TRANSACTION TYPE
predefined
If you are setting up security for a reason code, select the transaction type for which the security applies (such as “start”).
FIELD VALUE
setup
Enter the particular field value for which you are setting up security.
PRODUCT
setup
Specify a product or enter “*” for all products.
SECURITY
setup
Enter the security ID for this field value. The value will only be available (and be displayed in lookups) for users who are included in this security ID.
Click OK to apply this security ID to the field.
Click Add Another to set up security for other fields or values, or click Cancel.
This option is used to create user divisions, which are needed in order to store personalization preferences in Circulation’s graphical interface.
Select Division from the Security menu to display the Division window.
Click the Add icon and complete the following fields.
DIVISION
open (8)
Enter a division ID.
DESCRIPTION
open (30)
Enter a description of the division
Click OK to save the division.
This option is used to decrypt information that is encrypted in the database. For example, you may need to use this feature for testing (to compare pre-encryption and post-encryption data), exporting data (e.g., to move carrier tax information from Circulation to an external AR system), or when changing encryption methods (e.g., going from FFW to GPG).
In character Circulation, select Decrypt Private Info from the Setup | System | Security menu.
Select Add and enter decryption information in the fields described in the table below.
ALL TABLES
yes/no
Indicate whether data should be decrypted in all tables. Set this to “n” if you only wish to decrypt certain tables.
TABLE
predefined
If All Tables is set to “n”, indicate the table that should be decrypted. The choices are: AutoRenewSubscription, AutoRenewTran, Carrier, CashTransaction, SubscriptionPayment and SubscriptionRefund.
RESTORE DATA
yes/no
Indicate whether data should be decrypted in the database. If you just wish to export encrypted information in an unencrypted format, set this field to “n”.
EXPORT DATA
yes/no
Indicate whether data should be exported to an ASCII file once it is decrypted (it will be exported in an unencrypted form).
EXPORT TO
open (50)
If Export Data is set to “y”, enter the directory to which the data will be exported. The default is /dti/exchange/cm/secure. Each table will be exported to a separate file. The file names will be the same as the encryption file names, only the file extension will be “dec”. Only private information (credit card number, social security number, etc.) will be exported.
Select Continue to decrypt the data. The encrypted information will be removed from the database, and the original fields will be unmasked.
Several add-on options can be used with Circulation—List MatchPlus software, iServices modules, InSight, credit card authorization interfaces, packaging and stacker interfaces, and APIs, among others. They are activated using this option. A password is necessary for activation; to obtain a password, call the Newscycle Support Center.
Select Add On Activation from the Security menu to display the Add On Activation window.
Click the Add icon and complete the following fields.
ADD ON
predefined
Enter the add-on option that you are activating (press F2 for a list of add-on options).
BUSINESS
open (4)
Enter your business ID.
ACTIVATION DATE
date
Enter the date on which the option should be activated (the current date defaults).
PASSWORD
predefined
Enter the password supplied to you by Newscycle for activating this option.
Click OK to activate the option.
After setting up an encryption control record (see Setting up Database Encryption), all new private data that is entered will be encrypted. However, you must use this option to encrypt your existing data. Once existing data is encrypted, you also have the option to re-encrypt it using a current encryption key.
In character Circulation, select Encrypt Private Info from the Setup | System | Security menu.
Select Add and enter encryption information in the fields described in the table below.
ALL TABLES
yes/no
Indicate whether all private data (credit card numbers, bank account numbers, etc.) should be encrypted in all tables. Set this to “n” if you only wish to encrypt certain tables.
TABLE
predefined
If All Tables is set to “n”, indicate the table that should be encrypted. The choices are: AutoRenewSubscription, AutoRenewTran, Carrier, CashTransaction, SubscriptionPayment and SubscriptionRefund.
UPDATE KEY
yes/no
Enter “y” if you want to re-encrypt previously encrypted data using the current encryption control ID.
OLD CONTROL
setup
If you entered “y” above, enter the old encryption control ID of the data you want to re-encrypt.
EXPORT DATA
yes/no
Indicate whether the private information should be exported to an ASCII file before it is encrypted. This is recommended.
EXPORT TO
open (50)
If Export Data is set to “y”, enter the directory to which the data will be exported. The default is /dti/exchange/cm/secure. Each table will be exported to a separate file named
[table name].[mmddyy].enc, where the table names are “autosub”, “autotran”, “cashtran”, “carrier”, “subpaymt” and “refund”. For example, if encryption is run on the 14th of May, SubscriptionRefund data would be exported to the file “refund.051404.enc”. Only private information (credit card number, social security number, etc.) will be exported.
Select Continue to encrypt the data. The encrypted information will be kept in separate tables and fields, and the original fields will be masked.
Note: You cannot encrypt data unless you’ve completed the Encryption Control setup.
Alternately, the transaction can be accepted with the current number of days or dollars, but suspended (if allowed by the Business Rule mentioned above). When a transaction is suspended due to exceeding the security threshold, a triangular yellow warning icon () displays next to the transaction on the Transactions tabs in Customer Service.
