Objective

In the RedSky, security or access control is one of the most important features in the system especially when it’s catering to a multi-company hosted application like RedSky. This document lists the security features included in RedSky.  

Server Security

Only system administrators have access to the Servers.  This access is used to apply patches to the Operating System, deploy new RedSky versions and DBMS administration or scripts.  The System Administrator also runs backups and restorations using this access.  

Network Security

Our network security and monitoring techniques are designed to provide multiple layers of protection and defence. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Our systems are segmented into separate networks to protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting our production infrastructure.  

Application Security or Access Control

All users are granted named access, e.g. corporate users such as Agents, Accounts, etc. are all given named individual access. The user ids are segmented by 2 groups:

  • Internal Users – Move Managers, Billing, Warehouse Managers, Sales, etc.

  • External Users – Customers, Agents, Accounts and partners.

The naming conventions for user ids are “first character of first name” + “last name”.  In case of duplicates, a sequential numerical suffix is attached

Password Expiry Date: All user ids have a company default for password expiry date, this date can be different for internal and external users. The current system default is 6 months for internal users and 3 months for external.

Inactivity Time-out: There is an application wide time-out which is set for all users as 30 minutes of inactivity.

Unsuccessful Log-in attempts: The default value can be set for each RedSky company, default is 4.

 Access logging: We login the external user login and logout accesses along with the IP address. We have a switch to enable internal user access login if a company desires but do not recommend this.

Password Prompts: When users change their password for the first time, they are given a choice of password prompt questions to select.  These are used when users want to reset their passwords.

Passwords

  • The new users are assigned a password that is forced to be changed on successful login.

  • The passwords are fully encrypted so when users forget their passwords, we need to reset them, we cannot retrieve the old passwords.

  • We can implement a company-specific masking for passwords, e.g. minimum and maximum length, character requirements, etc.

Roles

  • Each user id can be provided with multiple roles based on requirements.  A manager needs to authorize access and roles to be granted.

  • Roles generally provide access to menus, sections and tabs.  A section is a grouping within a page; e.g. we may put address details in a customer file section.

  • For roles with common menu access or conflicts, the system works off a superset of privileges with the highest access prevailing.

Field Level Security

We have implemented access control at field levels for specific fields.  We also offer audit-trail features which can be turned on for any field in the system. This is configurable at company level.

Data Level Security

CORPID:    Since the RedSky application is shared by multiple companies, all transaction and reference tables have a field called CORPID which allows records of one company to be restricted to its users only. This field is hidden to the users but the system applies a hard filter for all users registered under 1 company. Currently, there are 2 COPRIDs for production customers.

Further, External users are limited to the rows or records they have access to within a COPRID. To implement this, use rids are assigned data-filters which can be based on combinations of various control elements, e.g. billing code, agent code, job-types, etc.  Thus an Overseas Agent will only be able to see all records where they are assigned as a booking agents, destination agent and/or origin agent role.  

For Customer Portal Access, a customer can only view his/her own record.

Portal Security Grid

RedSky has a unique design that allows different types of users to access the same shipment data but via use of security filters are restricted to relevant views and edit capabilities.  There are currently five portals and the table below provides a summary of what access limits are in place and who manages the same.

Portal

Corpid

Creator

Filter

User/Company

{          }

Sysadmin

n/a

Customer

{          }

Move Manger/

Sales Person

CF#

Account

{          }

System Administrator

SO BILL TO code

Partner

{          }

RedSky

various

Agent

TSFT

RedSky

Agt Roles


Managing User Ids

This access is limited to System Administrators who will be authorized to create user ids, disable user ids (when employees) leave the company, assign roles and privileges, etc.  We recommend that a simple authorization and de-authorization form be implemented so that all access requests to the system are formally recorded.

Creating User Ids and Assigning Roles

All user ids for accessing the system are created by going to Security Admin --> View Users menu.

Click Add to create a new user-id



User Profile

General Info: To enter the general information regarding the new user

  • First Name: Enter first name of the user.

  • Initial: Enter the initials.

  • Last Name: Enter last name.

  • Username: Enter a user name; the user will be required to logon to the application.

  • Supervisor: Enter name of the supervisor to whom the user will report.

  • Password: Enter a password.

  • Confirm Password: Re-enter the password for confirmation purpose.

  • Forced Password Reset: Select the check box, the user to be forced for changing his/her default password when he/she will initially logon to the system.

  • Password Hint Question: Select a password hint question from the drop-down list box.

  • Password Hint: Enter answer of the password hint. User can use this information to recover or reset his/her forgotten password.

  • Job Title: Enter the title name for the new user.

  • Job Type: Enter the user's job type.

  • Signature: Enter signature for the new user.

  • Upload Digital Signature: User can add the digital signature by uploading an image.

Contact Info: To enter the contact details of the user

  • Address/City/State/Country/Zip: Enter the complete address of the user including city, state, zip code, and country in the respective fields.

  • Email: Enter office email id of the user.

  • Website: Enter the website URL.

  • Office Phone/Fax/Rank: Enter the office phone, fax, and rank number in the respective fields.

  • Skype Id: Enter the skype Id of the user

  • Upload Photograph: Click the browse button and select the photograph of the user to upload it. 

Configuration

Click this link to define various configuration values for the new user

Default: To set default values for the user

  • Work Begin Hours: Enter working begin hours for the new user.

  • Work End Hours: Enter working end hours for the new user.

  • Active CF/SO by default: If the check box is checked then by default the in CF and SO search screen the status will be active

  • Default Warehouse: Select default warehouse for the user

  • Login Starting URL: Select the login starting URL to set default page for user's login

  •  Default Tab for Service Order: Select default tab for service order. This default tab page will appear to the user when he logs in the application.

  • Default Company Division: Select default company division for the user to set default value of company division while creating files.

  • Service Order View:  Select default service order view for the new user to show the list of service orders

  • Default Move Type: Select default Move type for the new user to set default value of Move Type while creating files

  • Commodity: Select the default commodity for the user to set default value of Commodity while creating files

  • Service: Select the default service for the user to set default value of Service while creating files

  • Default Operation Calendar: Select the default operations calendar for the new user

  • SO Dashboard Search Limit: Select search limit of the Service order search list

Default Sorting: To set the default sorting of the files.

  • Default Sort for Quotation/Customer File, Sort Order: Select default sort order for Customer File and the sorting order for the same.

  • Default Sort for Service Order, Sort Order: Select default sort order for Service Order and the sorting order for the same.

  • Default Sort for Ticket, Sort Order: Select default sort order for Ticket and the sorting order for the same.

  • Default Sort for Claim, Sort Order: Select default sort order for Claim and the sorting order for the same.

Accounting: To set the Accounting values

  • Quote Contract: Select default quote contract for accounting

  • Accounting List: Check the check box which user wants to display under accounting section

  • Pricing/Accounting: Check the check box which user wants to display under Pricing section

Access Rights

Click this link to assign various access rights to the user. These access rights define whether a specific menu/option on the application will be accessible to the user.

  • Enabled: Select the check box to enable the user account.

  • Expired: Select the check box to set the user account status as Expired.

  • Locked: Select the check box lock the new user from accessing the application.

  • Password Expire: Select the check box to set the user account status as password expired.

Assign Roles

This section is used to assign the preferred role(s) from the available Roles list to assign to the user.

All users will get roles:  ROLE_USER and ROLE_EMPLOYEE, the rest is dependent on function.  There are some standard roles described in the table below, custom roles created for the special situations are not listed here.

Role

Assigned to

Remarks

ROLE_USER

Everyone within the company

Gives access to Redsky system

ROLE_EMPLOYEE

Everyone within the company

Gives access to “Move Management” and “Management Info” Menus

ROLE_COORDINATORS

Move Managers

Provides their name in the coordinator drop down list

ROLE_SALES

Sales, Moving Consultant

Provides their name in the sales person and consultant drop down list and gives access to Survey Icon and functionality.

Add Prospects

ROLE_SALES_MGR

Sales Manager

Add non-availability for their sales person in Survey Icon.

ROLE_PRICING

Pricing

Provide names in Pricing person drop down

ROLE_OPS

Operations – dispatch and planning

Give access to Operations Menus

ROLE_OPS_MGR

Operations Manager

Can edit resource controls.

ROLE_ACCOUNTING

Central Finance

Finance Menu, can run Finance Extracts

ROLE_ACCRUAL_MGMT

Finance

Allowed manual override of accrual reversal. xx

ROLE_FINANCE

CFO

Change posting dates

ROLE_BILLING

Billing persons

Generate Invoices, mark billing complete

ROLE_PAYABLE

Payable approvers

Approve vendors Payable

ROLE_ADDPARTNER

Normally one responsible sales or move manager by division

Can add new accounts as drafts

ROLE_CREW_PAYROLL

HR/Accounting

Manage Crew list

ROLE_FORWARDER

Forwarding Person

Manage forwarding functionality

ROLE_EXECUTIVE

Senior Manager

Approve New Accounts

ROLE_AUDITOR

Accounting Person

Responsible for

ROLE_CLAIMS

Claim processor

Will show in Claim Person drop down list

ROLE_CONTRACT_MGMT

Central Accounting

Manage Contracts

ROLE_QC

Operations QC

Will show name in QC list

ROLE_ADMIN

Project Manager/Admin

Manage drop down values

ROLE_SECURITY_ADMIN

System Admin.

Manage Security

ROLE_CUSTOMER_FEEDBACK

Manager

Manage Customer Feedback ( Just Say Yes)



Permissions

This section is used to assign the preferred sets of security sets from the available list to assign to the user.

Home Details

Click this link to enter the new user home details.

  • Address: Enter address of the user.

  • City, Zip: Enter city and zip code of the user's address.

  • Country, State: Select country and state of the user from the corresponding drop-down list box.

  • Cell, Phone: Enter the user's cell/phone number.

  • Home Phone: Enter the user's home phone number.

Security Reports

There are 2 key reports to view all the menus assigned to various Roles and one to see Roles assigned to different user ids:


Editing or deactivating existing user ids

User can edit or deactivate the existing users via going to Security Admin --> View Users

Enter the search criteria, e.g. name of user and/or user id.



Open the user id and update the details and click on save.

In order to deactivate the user, uncheck the 'Enable' check box and save the user detail.














End of Document