System Security

Overview
This section demonstrates how to add users, change passwords, assign and create roles, and set permissions within the system.

Users

Newton Users are comprised of two groups - Normal Users and Serving Line Users. The User section allows you to change passwords, attach users, indicate the type of user, and inactivate a user when necessary.

Locate and click on the Administration and Maintenance tab. Next, click on the Users.

Normal Users

Normal Users are defined by Database Roles (System Administrator, Normal User, Cafeteria User, User-Defined Role) and may have limited access to functions in the program dependent upon allowed permissions.

From the Administration and Maintenance tab, select Users. Then, choose Normal Users.

Change Password

Highlight the user from the list and select Change Password.
Enter the New Password and then Confirm Password. Then, click Ok to save the new password. Passwords must contain at least one (1) letter and one (1) digit or punctuation and must be at least six (6) characters. e.g. Newton1
Note: Administrators have the ability to reset user passwords without entering the old passwords. Non-administrators will need to enter old password before changing.

Attach Users

The list of users comes from the MCS Admin Console. A new user must first be added into Admin Console before it is available to attach in Newton.

Select Attach User.
Select the Username from the list or use the search function to locate a particular User. Then, click Ok.
Scroll to the bottom of the User Maintenance window to locate the new user and establish User information.
1. User Name - Shows the username.
2. Full Name - Enter the user's full name.
3. Email Address - Enter the user's email address.
4. Inactive - If a user no longer requires access to the system, place a check mark in the Inactive check box.
5. Report Menu Configuration - Click into the field and select a default Report Menu Configuration for the user from the drop-down menu.
6. Roles (System Administrator / Normal User / Cafeteria User / Office Users) - Select the proper check box to assign a role to the user.

Add Role

Highlight the user from the list and select Add Role.
Establish a Role Scope for the user.
1. Cafeteria - Typically assigned to Cafeteria Operators and Line Operators.
2. Category and Cluster - Assigned to users responsible for a category and cluster of schools.
3. Entire District - Assigned to System Managers. This option may also be assigned to a user who moves around the District regularly. (e.g. A substitute line operator that fills in for other users at any cafeteria in the District.)
4. Role - Select the Role you would like to give to the new user.
Use the drop-down menu to establish the Cafeteria Role (Full Control, Supervisor, Cafeteria Manager, Line Operator, User-defined).
Click Save to save changes if you wish to attach or edit other users. If you are done, click Save & Close.

Serving-Line-Only Users

Serving-Line-Only Users have access to Newton POS only and may have limited access to functions in the program dependent upon allowed permissions.

Serving-Line-Only Users do not need to be added to MCS Admin Console. The ability to add a serving-line-only user, the username, and password can be performed as low as the cafeteria level.

From the Admin and Maintenance tab, select Users. Then, choose Serving-Line-Only Users.
Use the drop-down menu to select a Cafeteria. Then, click Ok.
Create a new Cafeteria POS-only user.
1. Enter a username.
2. Enter the full name of the user.
3. Use the drop-down menu to select a role for the user.
4. If a user no longer has access, place a checkmark in the Inactive column.
5. Click Change Password.
Allow the user to create the password or create the password. Then, click Ok.
1. Change the password.
2. Confirm the password.
Click Save & Close once you are done creating new users and passwords.

Roles

Roles are comprised of two groups in order to maintain better security of the system - Cafeteria Roles and Database Roles. Roles match the users with Permissions in the system.

Locate and click on the Admin and Maintenance tab. Next, click on the Roles.

Cafeteria Roles

Cafeteria Roles can be created for various job descriptions within a cafeteria. The system default roles are Full Control, Supervisor, Cafeteria Manager, and Line Operator. Additional roles may be added.

Default Cafeteria Role Security Levels
Full Control	Highest Security Level
Supervisor	Medium Security Level
Cafeteria Manager	Medium Security Level
Line Operator	Lowest Security Level

From the Admin and Maintenance tab, select Roles. Then, choose Cafeteria Roles.
Create a new Cafeteria Role. Then, click Save & Close. Default Cafeteria Roles have established templates and may not be changed with the drop-down menu.
1. Role Description - Enter a description of the new role in the blank space with the asterisk * (typically the last row).
2. Template - Select a permissions template from the drop-down menu that closely matches the new role or leave at None. Once a new role is created, the role will appear in permissions and can be established.

Database Roles

Database Roles can be created for various job descriptions within the District. The system default roles are System Administrator, Normal User, and Cafeteria User. Additional roles may be added.

Default Database Role Security Levels
System Administrator	Highest Security Level
Normal User	Medium Security Level
Cafeteria User	Lowest Security Level

From the Admin and Maintenance tab, select Roles. Then, choose Database Roles.
Create a new Database Role. Then, click Save & Close. Default Database Roles have established templates and may not be changed with the drop-down menu.
1. Role Description - Enter a description of the new role in the blank space with the asterisk * (typically the last row).
2. Template - Select a permissions template from the drop-down menu that closely matches the new role or leave at None. Once a new role is created, the role will appear in permissions and can be established.

Permissions

Permissions are comprised of two groups for ease of maintaining security levels of the system - Cafeteria Permissions and Database Permissions. Permissions are designated by Roles within the system.

Locate and click on the Admin and Maintenance tab. Next, click on Permissions.

Cafeteria Permissions

From the Admin and Maintenance tab, select Permissions. Then, choose Cafeteria Permissions.
Establish security levels for each permission and role. Then, click Save & Close to save changes.
Tip: You may now drag and drop permission roles in a different order that is convenient for you to navigate. Then, click Save Layout.
1. Highlight a permission from the list by clicking on the row. Information about each permission is given at the bottom of the window to further explain each in better detail.
2. Choose a setting for the permissions under the relevant role.

None	Users assigned to only one role will not have the ability to perform this function (see below for more details).
Allow	Users will have the ability to perform this function.
Deny	Users will not have the ability to perform the function.

If a user has been set to Deny a function and a user attempts to perform the denied task, the option of performing an override MAY be available depending on the nature of the operation. If the user requests an override attempt, an administrator or additional higher level role has the ability to accept or reject the override attempt. For more information on releasing override attempts, refer to Release Override Requests in the Utilities section.

Permission Matrix

If a user is only assigned to one role, the None setting acts the same as the Deny setting. If a second role is assigned to the user and places an Allow setting for a function already set as None, the user will be allowed access. None will always be treated as Deny unless overwritten by an Allow. This allows secondary roles to be created that explicitly Allow or Deny a single function without having to reset every other function.

Function	Role 1	Role 2	Results
Add Student	Allow	None	Allow
Delete Letters	Deny	None	Deny
Student Lookup	None	Deny	Deny
Merge Students	Allow	Deny	Deny
Review Application	None	None	Deny

Operating Days

Cancel / abandon day
Delete operating day
Edit after-school counts (most recent before today)

Edit operating day (most recent before today)
Edit operating day (not today or previous day)
Edit operating day (today)

Start operating day
Unlock operating day

Serving Line

(POS) Add customer from another school (Guest Sub)
(POS) Add customer from another school (Reg Sub)
(POS) Allow anonymous free or reduced sales
(POS) Automatically release manager approval requests
(POS) Cancel a sale

(POS) Edit or void a sale
(POS) Login to a serving line
(POS) Print receipts
(POS) Send an instant message from the serving line

(POS) Transfer money between customers
(POS) Transfer money to / from principal
(POS) View line totals
(POS) View student info

Transactions

Abort in-progress batch
Create corrections
Create refunds
Create transfer

Double card usage utility: Fix All
Edit / review batch
Edit transaction

Remove batch
Toggle/Skip batch
Void transaction

Posting

Edit blind deposit amount
Edit enrollment counts at posting
Enter income / expenses

Post high-variance
Post locked claim period
Post operating day

Post operating day with edit-check warnings
Post to a different day

Misc

Apply external enrollment data
Delete POS customer
Edit menus (local override)
Edit POS customers
Generate letters
Import 3rd-party data

Import photos
POS customers Maintenance
Select cafeteria
Serving-line user maintenance
Setup cafeteria

Use meal eligibility correction utility
View reports for designated cafeteria
View supervisor alerts

Database Permissions

From the Admin and Maintenance tab, select Permissions. Then, choose Database Permissions.
Establish security levels for each permission and role. Then, click Ok to save changes.
Did you know?

You may now drag and drop permission roles in a different order that is convenient for you to navigate. Then, click Save Layout.
1. Highlight a permission from the list.
  
  Information about each permission is given at the bottom of the window to further explain each in better detail.
2. Choose a setting for the permission under the relevant role.

None	Users assigned to only one role will not have the ability to perform this function (see below for more details).
Allow	Users will have the ability to perform this function.
Deny	Users will not have the ability to perform the function.

If a user has been set to Deny a function and a user attempts to perform the denied task, the option of performing an override MAY be available depending on the nature of the operation. If the user requests an override attempt, an administrator or additional higher level role has the ability to accept or reject the override attempt. For more information on releasing override attempts, refer to Release Override Requests in the Utilities section.

Permission Matrix

If a user is only assigned to one role, the None setting acts the same as the Deny setting. If a second role is assigned to the user and places an Allow setting for a function already set as None, the user will be allowed access. None will always be treated as Deny unless overwritten by an Allow. This allows secondary roles to be created that explicitly Allow or Deny a single function without having to reset every other function.

Function	Role 1	Role 2	Results
Add Student	Allow	None	Allow
Delete Letters	Deny	None	Deny
Student Lookup	None	Deny	Deny
Merge Students	Allow	Deny	Deny
Review Application	None	None	Deny

Accounting

Create central-office payments
Create central-office refunds
Create central-office corrections
Create NSF check adjustments

Review online payment exceptions
Claim period maintenance
Claims
Uncommit a claim

Create central-office transfers
Bank reconciliation

Cafeteria Setup

Cafeteria attachment
Region maintenance
Cluster maintenance
Cafeteria and school maintenance

Serving-line maintenance
Cafeteria template maintenance
POS group maintenance
Feeder group maintenance

Income and expense account maintenance
Misc school count maintenance

Customer Maintenance

Edit customer
Set customer temporary status
Edit customer feeder groups
Set customer kind
Add new customers

Edit customer photos
Set customer status to free or reduced
Merge customers
Central-office maintenance
Edit customer see-manager comments

Edit a central-office customer's district POSID
Subscription maintenance
Mass Update POS Customer Groups/Homerooms

General Setup

Price category maintenance
Upgrade database
Upgrade application
Import 3rd-party maintenance
Scheduled-job maintenance
Security and user maintenance
System setup

Export maintenance
Test database maintenance
Vending machine model maintenance
Photo-importer maintenance
Alert maintenance
External plugin maintenance
Report menu config maintenance

User-defined report maintenance
Supervisor alert maintenance
Language maintenance
External enrollment data maintenance
Store maintenance

Item Setup

Item category maintenance
POS item maintenance

Recipe / POS item group maintenance
Allergen maintenance

Special diet maintenance
Menu maintenance

Misc

Show administration and maintenance tab
Show utilities tab

Show central-office tab
Login to Newton

View news and announcements
Show Dashboard

Utilities

Generate letters for all cafeterias
Release permission override requests
WinFSCM convert legacy
Import 3rd party
Export data
End-of-year

Generate central-office letters
View alert details
Housekeeping
Agent monitor
Send broadcast message
External utility

Import bulk changes
Import external enrollment data
Shrink database
Use test-databases
Use prior-year databases