With the new GDPR law in action, everyone is looking at the security and encryption of their current system. This is a good time to bring up the security features available in Sage 300 and Sage 300cloud. Any business owner requires at least a basic level of security - who can access it? what can be accessed? when can it be accessed?. In addition to these, the ability to track "who did what when" is crucial in order to keep an audit of all changes of your database.
When setting up your database, we have the ability to force users to enter their credentials in order to access the database they need. A Sage username and password is then given to you which is used to gain access to the database but also to identify who is logged in.
By default users can view the companies that exists in Sage but this can be further configured so that only users that have access to a particular database can see the existence of this company when login in.
Sage 300 can enforce a complex password with a combination of letters and numbers and set a minimum length for the password. This will make their passwords harder to guess and avoid easily compromised passwords.
By setting passwords to expire, users will need to change their passwords regularly which makes it more secure against other people who may have seen or acquired the existing password.
Users are locked out for a preset amount of time if they have entered the wrong password too many times (the number of wrong passwords allowed is also configurable). This prevents unauthorised users to "try" passwords by limiting the number of attempts allowed. Note that an admin user can always unlock a user if required.
Security groups can be created in Sage 300 to grant users access to different screens and features in the system. Authorisations can then be assigned by user and by module to get total control over what each user can do in the software. The UI can also be configured by user or user group to hide fields from the users based their access levels.
Last but not the least, Sage 300 possess a full audit log of changes from which the last user that made changes to each entity or each document can be tracked along with date and time stamps. This gives you an auditability on your records to improve security.
Contact us today on firstname.lastname@example.org to review the security features of your database and ensure the safety of your data.