/
System Security

System Security

Owned by Robin Rodrigue
Last updated: Jan 14, 2022 by Nora Kinal
9 min read





Overview

This section demonstrates how to add users, change passwords, assign and create roles, and set permissions within the system.

Users

The User section allows you to change passwords, attach users, indicate the type of user, and inactivate a user when necessary.

From the Admin & Maintenance tab, locate and click Users.

Attach Users

The list of users comes from the MCS Admin Console. A new user must first be added into Admin Console before it is available to attach in Edison.

  1. Select Attach User(s).

  2. Select the Username from the list or use the search function to locate a particular User. Then, click Ok.

  3. Scroll to the bottom of the User Maintenance window to locate the new user and establish User information. Then, click Save Changes.

    1. Full Name - Enter the user's full name.

    2. Email Address - Enter the user's email address.

    3. Inactive - If a user no longer requires access to the system, place a checkmark in the inactive box.

    4. Default Site - Use the magnifier icon to locate and select a default site for the user or click Add Site Role (if applicable). e.g. An area supervisor may be a cafeteria manager for a specific site as well).

    5. Report Menu Configuration - Use the drop-down menu to select a report menu configuration (allowing access to certain reports).

    6. Checklist - Use the drop-down menu to select the appropriate checklist (if applicable).

    7. System Administrator - If the user will take on an administrator role, place a checkmark in the System Administrator column.

    8. Normal User - If the user will take on a normal role, place a checkmark in the Normal User column.

    9. User-Defined Roles - If the user will take on any user-defined roles, place a checkmark in the Area Supervisor column. You can create new roles here.

  4. Select the user and click Add Site Role. Next, select a Site Scope and Role for the user's role. Then, click Ok.

  5. Click Save Changes when you are done.

Change Password

  1. Highlight the user from the list and select Change Password.

  2. Enter the New Password and then Confirm Password. Then, click Ok to save the new password.

As an administrator, you have the ability to reset User passwords without entering the old passwords. Non-administrators will need to enter old passwords before changing.

Passwords must contain at least one (1) letter and one (1) digit or punctuation and must be at least six (6) characters. e.g. Edison1

Roles

Roles are comprised of two groups in order to maintain better security of the system - Database Roles and Site Roles. Roles match the users with Permission in the system.

Database Roles

Database Roles can be created for various job descriptions within the District. The system default roles are System Administrator, Normal User, and Area Supervisor.

Default Database Role Security Levels

Default Database Role Security Levels

System Administrator

Highest Security Level

Normal User

Lowest Security Level

User-Defined Database Role(s)

User-Defined Security Level

  1. From the Admin & Maintenance tab, select Roles. Then, choose Database Roles.

  2. Create a new Database Role. Then, click Save Changes.

    1. Role Description - Enter a description of the new role in the blank space with the asterisk * (typically the last row).

    2. Template - Select a permissions template from the drop-down menu that closely matches the new role or leave at none. Once a new role is created, the role will appear in permissions and can be established.

Default Database Roles have established templates and may not be changed with the drop-down menu.

Site Roles

Site Roles can be created for various job descriptions within the District. The system default roles are Full Control and Manager. Additional roles may be added.

Default Site Role Security Level

Default Site Role Security Level

Full Control

Highest Security Level

Manager

Lowest Security Level

User-Defined Site Role(s)

User-Defined Security Level

  1. From the Admin & Maintenance tab, select Roles. Then, choose Site Roles.

  2. Create a new Site Role. Then, click Save Changes.

    1. Description - Enter a description of the new role in the blank space with the asterisk * (typically the last row).

    2. Template - Select a permissions template from the drop-down menu that closely matches the new role or leave at none. Once a new role is created, the role will appear in permissions and can be established.

Full Control and Manager roles have established templates and may not be changed with the drop-down menu.

Permissions

Permissions are comprised of two groups for ease of maintaining security levels of the system - Database Role Permissions and Site Role Permissions. Permissions are designated by Roles within the system. You can review additional permission information by clicking on a permission and reading the details at the bottom of the screen.

Database Role Permissions

  1. From the Admin & Maintenance tab, select Permissions. Then, choose Database Role Permissions.

  2. Establish security levels for each permission and role. Then, click Save Changes.

    1. Highlight a permission from the list.
      Note: Information about each permission is given at the bottom of the window to further explain each in better detail.

    2. Choose a setting for the permission under the relevant role.

None 

Users assigned to only one role will not have the ability to perform this function (see below for more details).

Allow 

Users will have the ability to perform this function.

Deny

Users will not have the ability to perform the function.

Read-Only

Users will not have the ability to perform the function, but will be able to view.
Note: This option is only available for menu and recipe maintenance, item maintenance, and price contract maintenance

 

If a user has been set to Deny a function and a user attempts to perform the denied task, the option of performing an override MAY be available depending on the nature of the operation. If the user requests an override, an administrator or additional higher level role has the ability to accept or reject the override attempt. For more information on releasing override attempts, refer to Release Override Requests in the Utilities section.

Permission Matrix

If a user is only assigned to one role, the None setting acts the same as the Deny setting. If a second role is assigned to the user and places an Allow setting for a function already set as None, the user will be allowed access. None will always be treated as Deny unless overwritten by an Allow. This allows secondary roles to be created that explicitly Allow or Deny a single function without having to reset every other function.

Function

Role 1

Role 2

Results

Override Lock

Allow

None

Allow

Item Maintenance

Deny

None

Deny

Ordering Setup

None

Deny

Deny

Send Orders to Vendor

Allow

Deny

Deny

Tax Rate Maintenance

None

None

Deny



  • Alert maintenance

  • Checklist maintenance

  • Export maintenance

  • Inventory period maintenance

  • Ordering setup

  • Peripheral device setup

  • Report menu configuration maintenance

  • Scheduled-job maintenance

  • Security and user maintenance

  • Site maintenance

  • System setup

  • Tax-rate maintenance

  • Test database maintenance

  • Upgrade application

  • User-defined report maintenance



  • Advanced catalog number change

  • Advanced item merge

  • Item maintenance

  • Partial-use unit maintenance

  • UPC code maintenance



  • Menu and recipe maintenance

  • Menu count types and nutrient standards





  • Bid analysis

  • Bid analysis setup

  • Bid quote entry

  • Price contract maintenance



  • Edit inventory without opening days

  • Edit my comments

  • Edit other's comments

  • Login to Edison

  • Override order locks

  • View news and announcements



  • Connect to prior-year database

  • Edit inventory tags

  • Export data

  • External utility

  • Mark an order as not sent

  • Release permission override requests

  • Review inventory tags

  • Send orders to vendors

  • Shrink database

  • View alert details

Site Role Permissions

  1. From the Admin & Maintenance tab, select Permissions. Then, choose Site Role Permissions.

  2. Establish security levels for each permission and role. Then, click Save Changes.

    1. Highlight a permission from the list.
      Note: Information about each permission is given at the bottom of the window to further explain each in better detail.

    2. Choose a setting for the permission under the relevant role.

None 

Users assigned to only one role will not have the ability to perform this function (see below for more details).

Allow 

Users will have the ability to perform this function.

Deny

Users will not have the ability to perform the function.

 

If a user has been set to Deny a function and a user attempts to perform the denied task, the option of performing an override MAY be available depending on the nature of the operation. If the user requests an override attempt, an administrator or additional higher level role has the ability to accept or reject the override attempt. For more information on releasing override attempts, refer to Release Override Requests in the Utilities section.

Permission Matrix

If a user is only assigned one role, the None setting acts the same as the Deny setting. If a second role is assigned to the user and places an Allow setting for a function already set as None, the user will be allowed access. None will always be treated as Deny unless overwritten by an Allow. This allows secondary roles to be created that explicitly Allow or Deny a single function without having to reset every other function.

Function

Role 1

Role 2

Results

Commit Physical Inventory

Allow

None

Allow

Order

Deny

None

Deny

Receive

None

Deny

Deny

Edit Inventory After Physical Inventory

Allow

Deny

Deny

Edit Completed Order

None

None

Deny

 

  • Close day

  • Close day with unproduced recipes

  • Open day

  • Reopen day

  • Select site

  • View site reports



  • Add/remove menus on meal plan

  • Add/remove recipes for Extra Sales menus

  • Add/remove recipes for Other menus

  • Add/remove recipes for Reimbursable Meal menus

  • Edit MV Display Groups Assignments

  • Ignore menu planning date restrictions

  • Meal planning



  • Add item ad hoc when editing an order

  • Approve order (Central Office)

  • Approve orders (Site)

  • Approve orders below vendor minimums

  • Complete an order with worksheet problems

  • Create an order for a no-service day

  • Create order

  • Edit an approved order

  • Edit an unapproved order

  • Edit delivery date on an order

  • Edit open quantities on sent orders

  • Mark an order as incomplete

  • Unapprove an order



  • Add/edit items when receiving transfer

  • Create receiving

  • Edit receiving

  • Override prices on restricted contracts

  • Receive items not on order list

  • Remove items and change quantities when receiving transfer



  • Create issuing

  • Edit issuing



  • Attach/detach receiving to/from transfers

  • Edit inventory in a locked period

  • Negative inventory reconciliation



  • Add inventory tags to physical without price contract

  • Cancel committed physical inventory

  • Cancel in-progress inventory

  • Commit physical inventory

  • Edit inventory after committing physical inventory

  • Edit inventory before committing previous physical inventory

  • Enter physical inventory counts

  • Prefill physical inventory from ordering list

  • Start physical inventory



  • Edit order par-levels

  • Edit storage layout



  • Attach or detach serving records in production

  • Create production record

  • Delete production record

  • Edit production record

 

When selecting a Permission, take note of the Permission Information in the yellow box at the bottom of the window.
Full control, Manager, and Supervisor site security roles are the default roles. Any other roles that appear in your Site Security are User-Defined. 

Related content