The10 Most Critical Web Application Security VulnerabilitiesDescripción completa
Intelligent Cybersecurity for the Real WorldFull description
Descripción: Guia de seguridad
Security Camera GuideDescripción completa
Introduction to Airport Security procedures, environment.Full description
Descripción: Introduction to Airport Security procedures, environment.
An increased emphasis on ”Vendor Risk Management” has escalated the importance for business process outsourcers to be able to prove they are secure and demonstrate they are compliant (attest…Descripción completa
Descripción completa
Full description
Internet Security guide by the Jolly Roger for use on TOR. Relevant only for early and mid 2015.
Descripción: Security Plus Study Guide
SEC 430 Week 5 Learning Team New Security Employee Guide [Pin It] · Create a 1,750- to 2,100-word document titled the New Security Employee Guide: a. You manage a security team…Full description
This book is designed to provide information about the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam. Every effort has been made to make this book as complete and as accura...
9700 3.x Security Guide In This Document This document describes 9700’s security design, features that monitor actions that employees take on the System, and features that restrict employee access to the database, reports, and operational procedures.
Declarations Warranties Although the best efforts are made to ensure that the information in t his document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but not lim ited to the implied warranties of marketability and fitness for a particular purpose. Information in this guide is subject to change without notice. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information recording and and retrieval systems, for any purpose other than for personal use, without the express written permission of MICROS Systems, Inc. MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this guide.
Trademarks Windows is a registered trademark of Microsoft Corporation. FrameMaker is a registered trademark of Adobe Corporation.
Printing History New editions of this guide incorporate new and changed material since the previous edition. Minor corrections and updates may be incorporated into reprints of the current edition without changing the publication date or the edition number.
2
Edition
Month
Year
Software Version
1st
July
2007
3.x
MD0006-090
Declarations
Declarations Warranties Although the best efforts are made to ensure that the information in t his document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but not lim ited to the implied warranties of marketability and fitness for a particular purpose. Information in this guide is subject to change without notice. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information recording and and retrieval systems, for any purpose other than for personal use, without the express written permission of MICROS Systems, Inc. MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this guide.
Trademarks Windows is a registered trademark of Microsoft Corporation. FrameMaker is a registered trademark of Adobe Corporation.
Printing History New editions of this guide incorporate new and changed material since the previous edition. Minor corrections and updates may be incorporated into reprints of the current edition without changing the publication date or the edition number.
2
Edition
Month
Year
Software Version
1st
July
2007
3.x
MD0006-090
Overview
Overview Security features in 9700 are divided into the following areas:
•
Securing the client’s property with 9700 applications and database servers
•
Keeping servers, Windows® operating systems, and 9700 applications up-todate with security fixes
•
Setting up operating systems and database users with the following security guidelines:
• No master password •
Allow password changes
•
Grant minimal privileges whenever possible
•
Authenticating Authenticating workstations on the Network
•
Protecting data during storage and transmission
•
Monitoring functionality via Audit Trail
•
Enabling Authorizations and Privileges via Employee IDs, IDs, Employee Levels, Levels , Employee Groups, Groups, Access Levels, Levels, Employee Classes, Classes, and Workstation Privileges
What to Protect •
Permanent data stored on the 9700 database server: The database will contain a mix of sensitive information (credit cards, employee social security numbers, employee identification numbers), less sensitive data, configuration information, and sales figures.
•
Temporary data cache: Flat files on the workstation contain a cache of the configuration data needed for the workstation to operate in offline mode and store transaction data during operations. Transaction data can contain sensitive information, such as credit card information.
•
Data that is transmitted between the workstation and the server during normal operations and during data playback.
9700 3.x Security Guide
3
Overview
9700 Technical Design
•
Any Credit Card data is wiped out of memory as soon as it is used
•
Encrypted authorization and transactional transactional data is kept in the database
•
Pathway between WinStation WinStation to OPS is clear
•
Pathway between SAR and POSSRV POSSRV is encrypted using CryptoAPI
•
Pathway from processes to CC driver is encrypted
•
Pathway from CC driver to Agency is beyond MICROS control
Credit Card Settlement
4
•
Retention of Credit Card detail is kept for 6 weeks in the CHECKS table and purged automatically automatically
•
Any Credit Card data available on receipts or check images is masked/ encrypted
MD0006-090
Authentication
Authentication Overview Authentication is the process of ensuring that people on both ends of the connection are who they say they are. Applicable to not only the entity trying to access a service, Authentication is also applicable to the entity providing the service.
EMC Authentication All users’ credentials of the 9700 System are stored in the central database. Anyone who has access to the Enterprise Management Console (EMC) must provide a login of a valid valid username/password. username/password. No two MICROS users can have have the same username. MICROS Systems, Inc. mandates client sites maintain proper configuration and adhere to privilege level restrictions based on a need-to-know basis. For security purposes, each user’s user’s activities are traced via Audit Trail. Trail. To ensure strict access control of the 9700 application, always assign unique usernames and complex passwords to each account. For more information, please see the 9700 PABP Compliance document specific to the site’s site’s software version.
Note
The 9700 System does NOT use the Windows Login.
Workstation Wor kstation Authentication User Authenticat Authentication ion A user must authenticate themselves through the workstation by signing in using a unique employee ID number or an employee magnetic card.
9700 3.x Security Guide
5
Authentication
Database User Management MICROS Systems, Inc. mandates that users create a strong, PCI compliant password for the EMC user account within the EMC’s Personnel | Employees module after initially logging into the EMC for the first time. The password must be PCI compliant, containing at least 8 alphanumeric characters with both letters and numbers. For more information, please see the 9700 PABP Compliance document specific to the site’s software version. During 9700’s installation, the wizard prompts for the creation of a Database Administrator username and password. The Database Administrator is used to log into the SQL Server 2005 database (or the Oracle 10g database, depending on the site’s setup). 9700’s installation wizard also prompts for the creation of a MICROS Database User. 9700’s code uses the MICROS Database User to access the database during communication with services. Before any code can make SQL (or Oracle) statements to the SQL database (or Oracle database), the SQL database requires a username and password in the SQL string. Always assign strong usernames and passwords. When creating the usernames and passwords for the Database Administrator and MICROS Database User during the 9700 installation, users are advised to create a strong password for the user account consisting of at least 8 alphanumeric characters including both letters, numbers, and special characters for all 9700 accounts. Whenever possible, always assign strong application and system passwords. Database credentials are stored in the configuration file on the 9700 application server, which is encrypted. No applications, except for the application server, need access to the database directly. After initial authentication, the application server performs a check of the authorization for the given user to perform the requested action.
6
MD0006-090
Authorization/Privileges
Authorization/Privileges Overview Setting Authorization/Privileges establishes strict access control, explicitly enabling or restricting the ability to do something with a computer resource. User access control for Employees Levels, a way of controlling how employees can view other employee information, is defined within the EMC | Personnel | Employees module. User access control for 9700 System elements is defined within the EMC | Personnel | Access Levels and Report Writer Access Levels modules. User authorization/privileges are configured by Employee Class configured within the EMC | Personnel | Employees module. Workstations also have their own EMC privileges module, Hardware | Device Table module.
Employee IDs
The Employee ID field consists of a ten-digit number that identifies the operator when attempting to sign in to POS Operations on the User Workstation or when attempting to clock in or out at the User Workstation.
9700 3.x Security Guide
7
Authorization/Privileges
Enabling ID Enter an ID number to be used to identify the employee on workstations. If you wish to assign employee IDs from magnetic cards, you must do this though UWS Procedures.
Employee Levels The Employee Levels feature may be used to create up to nine levels of employee access. Employees assigned to a specific Employee Level can only access (i.e., view or change) information about other employees whose own Employee Level is equal to or higher than their own. The 9700 System only displays information about employees who have an equal or higher number. This feature is used to create an Employee Level to control an employee’s ability to:
8
•
Access privileged operations in the EMC
•
Access privileged operations in UWS Reports
•
Access privileged operations in UWS Procedures
•
Access privileged operations in Report Writer
MD0006-090
Authorization/Privileges
Usage Example 1: Employee Levels In a large restaurant, Employee Levels are used to allow an Assistant Manager to have access only to information about other Assistant Managers and subordinate employees. Assistant Managers are then prevented from accessing information about their General Managers or other employees to whom they are subordinate. Level 0 Employees Level 1 Employees Level 2 Employees not displayed
Example 2: Employee Levels Combined With Employee Groups Employee Levels can be used with the Employee Group feature on page 11, to further restrict access to employee information. Employee
Configuration within the EMC | Personnel | Employees module determines the Employee Level granted to each employee. One of nine Access Levels can be granted to an Employee. The Master Access Level, 0, allows unrestricted access. The lowest Access Level, 8, grants the lowest level of permission.
Access Progression Employee Levels are progressive. That is, an employee with an Access Level of 4 can use files or functions that are themselves assigned Access Levels of 4 through 8. Files with an Access Level of 4 may be opened by employees with an Access Level of 0 through 4.
Enabling Level Navigate within the EMC to Personnel | Employees | Sort By Employee and enter the access level of the employees that this employee is allowed to access when performing privileged operations in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is set to zero, access is unrestricted. If this field is not zero, the employee is allowed to access other employees of a high-numbered level. For example, Level 3 employees may perform any operations for which they are privileges, only on employees with Levels 4 through 9. Employees with Level 0 can access all employees.
10
MD0006-090
Authorization/Privileges
Employee Groups This feature may be used to create up to 300 distinct groups of employees within 9700, whose members cannot access information about each other. When a privileged employee performs any operations that involve other employees, 9700 only displays information for other employees who have the same Group number. Since Employee records reside on the Enterprise Level, this feature can be used to isolate information access to a Property or a single Revenue Center. This feature is used to create an Employee Group to control an employee’s ability to:
•
Access privileged operations in the EMC
•
Access privileged operations in UWS Reports
•
Access privileged operations in UWS Procedures
•
Access privileged operations in Report Writer
Usage Example 1 In a large restaurant, Employee Groups are used to prevent General Managers in the Catering Revenue Center from accessing information about employees, including other Managers, in the Lounge Revenue Center.
Example 2 In an airport concessions complex that uses 9700 to manage multiple Properties, this feature may be used to prevent employees in the Pizza Shop from accessing information about employees in the Gift Shop. Employee #2301 Employee #2302
Group #197 not displayed
Employee #2304 Pizza Shop Manager Employee Group #198
Employee #2305
Group #198
Employee #2306 Employee #2307 Employee #2308
9700 3.x Security Guide
Group #199 not displayed
11
Authorization/Privileges
For an example of how Employee Groups can be used in combination with Employee Levels, refer to page 9.
Employee Groups Configuration
Configuration within the EMC | Personnel | Employees module determines the Employee Group granted to each employee.
Enabling Group Navigate within the EMC to Personnel | Employees | Sort by Employee and enter the number of the group that this employee is allowed to access when performing privileged options in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is zero, access is unrestricted. If this field is not zero, the employee is allows to access other employees of an equal group number.
12
MD0006-090
Authorization/Privileges
Access Levels Description The Access Levels module determines the access level required for an employee to open and modify modules in the 9700 Configurator within the EMC. The lowestnumbered levels are the most powerful. For example, if the access level required to add or change records in the Cashiers file is 3, a user must have an access level setting of 3, 2 or 1 in order to perform these functions. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted.
Set the access level for each employee on the Employees | General tab
(Personnel | Employee Maintenance | Sort By Class | Privileges tab)
0
Highest Level
MASTER
1
S S E C C A
2 3 4
L E V E L S
Levels are cumulative, which means that a level 3 also has the access rights of levels 4 through 8.
5 6 7 8
9700 3.x Security Guide
Lowest Level
13
Authorization/Privileges
Programming Access Levels An employee’s access level is determined by the Employee Class that they belong to. Since this designation must be made when you set up the Employee Classes, it is recommended that you define the Access Levels module first. There are six tabs in the Access Levels module, one for each main component of the 9700 System. The five Record Access Level fields shown below on the General tab determine the access level required to perform each of several module maintenance functions.
The fields contained on the remaining tabs, such as the Menu tab shown below, determine the access level required to open each specific module within the Configurator.
14
MD0006-090
Authorization/Privileges
Access Level Granted to an Employee Class An employee’s access privileges to the EMC | Configurator are determined by the setting of the Configuration Privilege Level for the Employee Class to which they belong. (The Report Writer Privilege Level controls use of Report Writer.) The Personnel | Employe Maintenance | Sort by Class | Privileges tab is shown below.
Report Writer Access Levels Description The Report Writer Access Level s module determines the access level required for an employee to take and reset reports in 9700 Report Writer. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted.
Access Level Required by Report Writer The Report Writer Access Levels module determines the Access Level required to perform each of two reset options located on the General tab:
•
Reset Access Level Number
•
Reset-no-print Access Level Number
9700 3.x Security Guide
15
Authorization/Privileges
Additional fields in this module determine the Access Level required to take each specific report.
Access Level Granted to an Employee Class An employee’s access privileges to Report Writer are determined by the setting of the Report Writer Privilege Level for the Employee Class to which they belong. The Personnel | Employe Maintenance | Sort by Class | Privileges tab is shown below.
Employee Classes Employee Classes allow you to group employees according to the duties that Property they perform, such as servers, bussers, Manager Expert and cooks, then assign the same privilege and option settings to all employees in a particular class. For Cashier Server example, the employee class Bartenders EMPLOYEE is privileged to use one-touch sign in CLASSES keys. The default touchscreen (Bar Cooks Bartender Main) is programmed to display two one-touch keys, one for each bartender on duty. Without classes, you would Busser Retail have to assign privileges to each individual employee, which can be a very repetitive and time consuming task. Besides easing your workload, employee classes also allow you to generate reports for specific kinds of employees based on the class they belong to. When adding employees to the System, you must specify which class they belong to. So, in order for the list of classes to be available when defining the employee, you should create the employee classes first.
16
MD0006-090
Authorization/Privileges
Working with Employee Classes To work with the Class forms in the Employees | Maintenance module, you must set the Sort By field on the Employee | Maintenance window to Class. The tree view displays the list of classes in alphabetical order that exist in the database. The + sign to the left of the class name indicates that there are employees linked to that class. To display the linked employees, click the + sign to expand the list. If a + sign displays to the left of an employee name, at least one Revenue Center is linked to that employee. To display the linked Revenue Centers, click the + sign to expand the list.
Linking Employees to Employee Classes The diagram below illustrates that each employee is linked to a single employee class. This designation is made on the General tab when sorting Employee Maintenance records by Employee. For each employee record, enter the Employee Class number from the Employee Class file. Employee General Form
Employees
Class
401
Chris
101-Server
402
Alex
101-Server
403
John
101-Server
Employee Class 101
Shared Privileges
Server
If there are “special cases” among the staff who don’t fit any of the general classes, create a class just for them. For example, Sheila usually works as a server, but occasionally tends bar, and also fills in as a manager when necessary. She needs to be able to perform the duties of all three of the employee classes (Server, Bartender, or Manager). Create an employee class that combines the privileges required to perform as either a bartender or a server and allows the access levels required of a manager. Label this new class “Utility”, or perhaps “Sheila”, and select it as her Employee Class in her Employee record only. The number of classes that can be created is limited only by the size of system memory. So, if you have several of these “special cases,” take comfort in knowing that you can set up whatever you may need to handle the situation.
9700 3.x Security Guide
17
Authorization/Privileges
Class Privileges They are a variety of privileges that can be assigned to each Employee Class. When sorting by Class, you will see the eight tabs shown below, which contain the option settings for each of these categories.
General Privileges The General tab, shown below, contains options relating to timekeeping and transaction privileges.
Authorize/Perform Reprint of Time Card Select this option to allow employees associated with this class to reprint a timecard using the [Reprint Timecard] key and to authorize non privileged employees to do so as well. Change Revenue Center at Clock-In Select this option to allow employees associated with this class to authorize changes in the Revenue Center assignment of other employees who are clocking in.
18
MD0006-090
Authorization/Privileges
Clock in at Rate 1 Select this option to allow employees associated with this class to Clock in at Job Rate 1. Authorize Clock In Select this option to allow employees associated with this class to authorize other employees to clock in. Authorize/Perform Clock In/Out Outside Schedule or Scheduled Breaks Select this option to allow employees associated with this class to clock in or out at times that conflict with their assignment in the Time Clock Schedules module. ON = Minor Employees; OFF = Regular Employees Some jurisdictions have labor laws that apply specifically to minors age 16 and under. This option is used in conjunction with the Time Clock Parameters, in the Parameters module, that allows the creation of separate definitions of paid and unpaid breaks for minors and regular employees. Select this option to designate employees associated with this class as minors. Do NOT select this option to designate employees associated with this class as regular, adult employees.
Authorize Changing Revenue Center at Clock In Select this option to allow employees associated with this class to change their Revenue Center assignment when clocking in. Clock Out with Open Checks Select this option to allow employees associated with this class to clock out at the end of a shift even if they still have open guest checks. If this option is enabled, it overrides the setting of the “Cannot Clock Out with Open Checks” option in the Job Codes module. Authorize/Perform Clock Out in the Future Select this option to allow employees associated with this class to clock themselves out at a time ahead of the system time or to authorize an employee without this privilege to clock out at a time ahead of the system time. Change Revenue Centers Select this option to allow employees associated with this class to change Revenue Centers by signing into a workstation that belongs to a Revenue Center that is different from RVC to which the employee is currently assigned.
9700 3.x Security Guide
19
Authorization/Privileges
Authorize Changing Revenue Centers Select this option to allow employees associated with this class to Change Revenue Centers and to authorize non-privileged employees to do so as well. Allow Sign-in to a Workstation Select this option to allow employees associated with this class to sign into a workstation or a Mobile MICROS unit. Do not select this option to prevent employees from performing any operations other than clocking in and out unless they gain authorization from a privileged employee. (Refer to the “Authorize/Use the [Keyboard Select] Key” option.) Authorize Sign-in to a User Workstation Select this option to allow employees associated with this Class to authorize a non-privileged employee (one for whom the “Allow Sign into a Workstation” option is disabled) to sign in to a workstation or Mobile MICROS unit.
Guest Checks Privileges The Guest Checks tab, shown below, contains options relating to guest check editing and control authorization privileges.
20
MD0006-090
Authorization/Privileges
Authorize/Add Team Member to Check Select this option to allow employees associated with this class to use the [Add Team Member] key to add additional servers to a check. Authorize/Perform Edit of a Guest Check ID In a Closed Check Select this option to allow employees associated with this class to edit a Guest Check ID of a closed check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well. Authorize/Perform Edit of a Guest Check ID In an Open Check Select this option to allow employees associated with this class to edit a Guest Check ID of an open check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well. Authorize/Remove Team Member from Check Select this option to allow employees associated with this class to use the [Remove Team Member] key to remove servers from a check. Authorize/Add Guest Information to Check Enable this option to allow employees associated with this class to use the [Enter Guest Info] key to enter guest information when creating a special event check on the workstation and to authorize non-privileged employees to do so as well. View All Team Detail A guest check must be started with the [Begin Party Check] key (keycode #399) to use this Employee Class option. Enable this option to allow employees associated with this class to view the detail posted by all team members on a special event check and to authorize non-privileged employees to do so as well. If this option is disabled, employees associated with this class can only view the detail they have posted to the guest check.
Authorize/Perform Pickup of a Check that is “Open on System” Select this option to allow employees associated with this class to pickup checks that already have an “open” status and to authorize non-privileged employees to do so as well. Checks with an “open” status are checks that are considered in use at another workstation or by another process. Allow Pickup Of Checks from other Revenue Centers Select this option to allow employees associated with this class to pickup checks in other Revenue Centers using the [Pickup Check, RVC] keys. Disable this option to prevent employees from picking up checks in other Revenue Centers.
9700 3.x Security Guide
21
Authorization/Privileges
Authorize/Perform Closed Check Pickup (Reopen a Closed Check) Select this option to allow employees associated with this class to use the [Reopen Closed Check] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Block Transfer] and [Auto Block Transfer] Keys Select this option to allow employees associated with this class to transfer an entire block of checks from another operator and to authorize non privileged employees to do so as well. This function is useful with a shift change, when an entire group of checks must be turned over from the operator who is leaving to the operator who is just signing in. Create New Checks using [Begin Check] Key Select this option to allow employees associated with this class to begin a guest check. Authorize Adding of Checks Between Revenue Centers Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) from another Revenue Center and to authorize non-privileged employees to do so as well. Authorize Adding of Checks in the Same Revenue Center Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) within a Revenue Center and to authorize non-privileged employees to do so as well. Authorize Transfer of Checks Between Revenue Centers Select this option to allow employees associated with this class to transfer checks from another Revenue Center and to authorize non-privileged employees to do so as well. Authorize Transfer of Checks in the Same Revenue Center Select this option to allow employees associated with this class to transfer checks from another operator within the same Revenue Center a nd to authorize non-privileged employees to do so as well. Authorize/Perform Open of Checks for Multiple Groups at a Table Select this option to allow employees associated with this class to open multiple checks at the same table. Each succeeding check is assigned a successive check number. An employee who is authorized to split checks (option “Authorize/Use the [Split Check] key and Perform Memo Tenders”) is also authorized to open checks for multiple groups at a table.
22
MD0006-090
Authorization/Privileges
Authorize/Use the [Split Check] Key and Perform Memo Tenders Select this option to allow employees associated with this class to split guest checks and to perform memo tenders and to authorize non privileged employees to do so as well. Authorize/Perform Pickup of a Check Belonging to Another Operator Select this option to allow employees associated with this class to pick up another operator's checks and to authorize non-privileged employees to do so as well. Authorize/Perform Closed Check Adjust Select this option to allow employees associated with this class to use the [Adjust Closed Check] key and to authorize non-privileged employees to do so as well. A closed check adjustment allows the user (if privileged to void Tender/ Media from a previous round) to adjust the Tender/Media or Service Charge on a closed check.
Authorize/Perform Pickup of a Check that is “Owned by Offline UWS” If a check is rung on a workstation that proceeds to go offline, the check is considered “Owned by an Offline Workstation.” Select this option to allow employees associated with this class to pickup these checks from another workstation and to authorize non-privileged employees to do so as well. Authorize/Perform Lock/Unlock of Guest Checks Enable this option to allow employees associated with this class to use the [Lock Guest Check] and [Unlock Guest Check] keys and to authorize non-privileged employees to do so as well. Authorize/Perform Memo Tenders Enable this option to allow privileged employees associated with this class to perform memo tenders and to authorize non-privileged employees to do so as well. Enable Limited Split Check Enable this option to prevent an employee from performing the S plit Check function more than once on a check. If this option is enabled, the Authorize/Use Split Check option must be disabled. Note: This option was created to safeguard against the “floating soda” technique.
9700 3.x Security Guide
23
Authorization/Privileges
Authorize/Perform Creation and Pickup of Unassigned Checks Select this option to allow employees associated with this class to begin and pickup “Unassigned Checks” and to allow non-privileged employees to do so as well. An “Unassigned Check” is a check that is begun in the system (usually by a professional services application or other MICROS peripheral product, such as Guest Connection or Suites Management) without an owner. When an Open Check SLU is used, Privileged Operators will see their own checks, as well as any “Unassigned Checks” in the Revenue Center, but they will not see other operators’ open checks.
Auth/Perform Adjustment of Closed Checks from Prev. Business Days Select this option to allow employees associated with this class to Adjust Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Adjust Closed Check from Previous Business Day] function key. Auth/Perform Reopening of Closed Checks from Prev. Business Days Select this option to allow employees associated with this class to Reopen Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Reopen Closed Check from Previous Business Day] function key.
24
MD0006-090
Authorization/Privileges
Printing Privileges The Printing tab, shown below, contains options relating to guest check, receipt, and tender media authorization privileges.
Authorize/Perform Printing of Memo Checks Select this option to allow employees associated with this class to print memo checks and to authorize non-privileged employees to do so as well. Authorize/Perform Reprinting of Memo Checks Select this option to allow employees associated with this class to reprint memo checks and to authorize non-privileged employees to do so as well. Authorize/Perform Reprinting of Closed Checks Select this option to allow employees associated with this class to reprint a guest check after it has been closed and to authorize non-privileged employees to do so as well. Authorize/Perform Unlimited Reprinting/Printing of a Check Select this option to allow employees associated with this class to perform two functions. #1: Allow On-Demand operators to print guest checks more than the maximum number allowed in the Revenue Center Parameters Module. #2: Allow By-round operators to use the [Reprint Check] key. This privilege also allows employees associated with this class to give authorization to non-privileged employees for these functions.
9700 3.x Security Guide
25
Authorization/Privileges
Authorize/Perform Reprint of a Credit Voucher Select this option to allow employees associated with this class to reprint a credit card voucher slip and to authorize non-privileged employees to do so as well.
Void and Return Privileges The Voids/Returns tab, shown below, contains options relating to void and return authorization privileges.
Authorize/Use the [Transaction Return] Key Select this option to allow employees associated with this class to use the [Transaction Return] key and to authorize non-privileged employees to do so as well. The [Transaction Return] key is used when performing several returns in a transaction—every menu item rung after pressing [Transaction Return] will be a returned menu item.
Authorize/Perform Return of Menu Items Entered on Current Check Select this option to allow employees associated with this class to return menu items posted in the current round (using the [Return] key) and to authorize non-privileged employees to do so as well. To perform voids in the current round, the employee class option “Authorize/Perform Error Corrects” must be enabled.
26
MD0006-090
Authorization/Privileges
Authorize/Perform Void of Menu Items from a Previous Round Select this option to allow employees associated with this class to void menu items that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void and Return of Menu Items Not on Check Select this option to allow employees associated with this class to void and return menu items that were never posted to the guest check and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Discounts from a Previous Round Select this option to allow employees associated with this class to void discounts that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Service Charges from a Previous Round Select this option to allow employees associated with this class to void service charges that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Perform Void of Tender/Media from a Previous Round Select this option to allow employees associated with this class to void tender/media entries that were posted in a previous transaction round and to authorize non-privileged employees to do so as well. Authorize/Use the [Void Check] Key Select this option to allow employees associated with this class to use the [Void Check] key, which will void all the items on the check and to authorize non-privileged employees to do so as well. Authorize/Perform Voids in the Current Round Select this option to allow employees associated with this class to perform voids in the current round (i.e., last-item voids, direct voids, line-number voids, and touch-voids). Authorize/Use the [Transaction Void] Key Select this option to allow employees associated with this class to use the [Transaction Void] key and to authorize non-privileged employees to do so as well. The [Transaction Void] key is used when performing several voids in a transaction—every menu item rung after pressing [Transaction Void] will be a voided menu item.
9700 3.x Security Guide
27
Authorization/Privileges
Authorize/Perform Void of Menu Items on Closed Checks Select this option to allow employees associated with this class to void menu items from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the “Authorize/Perform Void of a Menu Item from a Previous Round” option must be selected.) Authorize/Perform Void of Discounts on Closed Checks Select this option to allow employees associated with this class to void discounts from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the “Authorize/Perform Void of a Discount from a Previous Round” option must be selected.) Authorize/Perform Void of Service Charges on Closed Checks Select this option to allow employees associated with this class to void service charges from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. In addition, the “Authorize/Perform Void of a Service Charge from a Previous Round” option must be selected. Authorize/Perform Voids/Cancels of North American LDS Items Select this option to allow employees associated with this class to perform voids or cancels of menu items ordered through a North American Liquor Dispensing System (NA LDS) and to authorize non-privileged employees to do so as well. Authorize/Perform Direct Voids Select this option to allow employees associated with this class to void transaction items by pressing the [Void] key and then the key for the item (e.g., a Menu Item key). Also, select this option to authorize non privileged employees to do so as well. Authorize/Allow Voiding of Shared Check Items Select this option to allow employees associated with this class to void items which are shared between seats or checks, and to authorize non privileged employees to do so as well.
28
MD0006-090
Authorization/Privileges
Utilities Privileges The Utilities tab, shown below, contains options for access control to the Control Panel, Credit Card Utilities, NetVupoint and Dataviewer utilities, and other specific utilities.
Start the System and Operations from the Control Panel Select this option to allow employees in this class to start the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may start operations on individual workstations from the EMC Workstation module. Stop the System and Operations from the Control Panel Select this option to allow employees in this class to stop the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may stop or kill operations on individual workstations from the EMC Workstation module. Reload the System from the Control Panel Select this option to allow employees in this class to use the “Reload” button in the Control Panel. Change Backup PC Number from the Control Panel
Select this option to allow employees in this class to sign in to the EMC Control Panel and to change the Backup PC numbers.
9700 3.x Security Guide
29
Authorization/Privileges
Make PC Active on its Backup PC from the Control Panel Select this option to allow employees in this class to sign in to the EMC Control Panel and make a PC active on its backup PC. Make PCs Active or Inactive from the Control Panel Select this option to allow employees in this class to make PCs active or inactive in a 9700 MOR (MICROS Operational Resiliency) environment. Run the CC Batch Report Program Select this option to allow employees associated with this class to use the Credit Card Report module. Run the CC Batch Transfer Program Select this option to allow employees associated with this class to use the Credit Card Transfer module. Run the CC Batch Edit Program Select this option to allow employees associated with this class to use the Credit Card Batch Editor to edit batches. Run the CC Batch File Creation Program Select this option to allow employees associated with this class to use the Credit Card Batch Creator . Do Not Mask Credit Card Info from Reports Select this option to allow employees associated with this class to view Credit Card Numbers on Credit Card Reports. Can open the System Setup Utility Module in EMC Select this option to allow employees in this class to use the System Setup Utility module in EMC. The EMC module allows users to configure different settings used by the executables that run during the nightly autosequences. Run the Audit Trail Program Select this option to allow employees in this class to run the EMC's Audit Trail module or to run the atrail_b.exe command-line application on the server Reset the Audit Trail Select this option to allow employees in this class to reset the Audit Trail in EMC's Audit Trail module or by using the atrail_b.exe command-line application on the server.
30
MD0006-090
Authorization/Privileges
Can Minimize Application Select this option to allow employees in this class to minimize the WinStation/SAR application on a workstation. Can Close Application Select this option to allow employees in this class to close the WinStation/ SAR application on a workstation. Can Change Others' Passwords Select this option to allow employees associated with this class to change EMC passwords of other employees. Can access the NetVupoint Module in EMC Select this option to allow employees in this class to use the NetVupoint module in EMC. The NetVupoint module allows users to configure different settings for the NetVupoint Transformation Service. Login to Dataviewer Select this option to allow employees in this class to log in to Dataviewer. NetVupoint Admin user Select this option to allow employees in this class to perform administrative tasks in NetVupoint and Dataviewer. Run and Save Output on Server Select this option to allow employees in this class to run and save Dataviewer queries. Create Public Queries Select this option to allow employees in this class to save public Dataviewer queries. For information on the options located on the Privileges tab, please see “Access Level Granted to an Employee Class” on page 15.
9700 3.x Security Guide
31
Authorization/Privileges
Procedure and Report Privileges The Procedures/Reports tab, shown below, contains options relating to access and usage of UWS Procedures and Autosequences.
Access Employee Job Code/Pay Rates in UWS Procedure #3 Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Can Change Employee Class in Employee File/UWS Procedures Select this option to allow employees in this class to change an employee's Employee Class, in UWS Manager Procedures. Run UWS Procedures in Another Revenue Center Select this option to allow employees in this class to perform UWS Procedures for a Revenue Center to which they are not currently assigned, in UWS Manager Procedures. For instance, if this option is selected, a manager eating lunch in Revenue Center 1 could change the Serving Period (if so privileged) in Revenue Center 2, saving the manager from having to walk to Revenue Center 2 to change the Serving Period, because the manager can simply change the Serving Period from a workstation in Revenue Center 1 while enjoying his/her lunch.
32
MD0006-090
Authorization/Privileges
Use UWS Procedure #1: Change Next Guest Check Number Select this option to allow employees in this class to reset the check number sequence and specify the next guest check number to be used in UWS Manager Procedures. Use UWS Procedure #2: Change Serving Period Select this option to allow employees in this class to change the serving period of a Revenue Center in UWS Manager Procedures. Use UWS Procedure #3: Employee Setup Select this option to allow employees in this class to edit Employee Records in UWS Manager Procedures. Note that employees cannot be added or deleted through UWS Manager Procedures. Access Employee Job Code/Pay Rates in UWS Procedure #3 Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Use UWS Procedure #4: Employee Revenue Center Setup Select this option to allow employees in this class to edit Operator Records in UWS Manager Procedures. Use UWS Procedure #5: Change Employee Revenue Center Select this option to allow employees in this class to alter the current Revenue Center assignment for employees in the system, in UWS Manager Procedures. Use UWS Procedure #6: Print Employee List Select this option to allow employees in this class to print a list of employees in the system, in UWS Manager Procedures. Use UWS Procedure #7: Change Employee Training Status Select this option to allow employees in this class to place an employee in Training Mode, in UWS Manager Procedures. Use UWS Procedure #8: Adjust Employee Time Card Select this option to allow employees in this class to adjust the clock-in/ out times for employees, in UWS Manager Procedures. Use UWS Procedure #9: Change Time Clock Schedule Select this option to allow employees in this class to alter the time clock schedule, in UWS Manager Procedures.
9700 3.x Security Guide
33
Authorization/Privileges
Use UWS Procedure #10: Print Time Clock Schedule Select this option to allow employees in this class to print the time clock schedule, in UWS Manager Procedures. Use UWS Procedure #11: Redirect Order Output Select this option to allow employees in this class to Redirect Order Output for the printers in a Revenue Center, in UWS Manager Procedures. Use UWS Procedure #12: Change Menu Item Class Select this option to allow employees in this class to make changes to Menu Item Classes in UWS Manager Procedures. (Note: Use this option with caution; editing Menu Item Classes in the EMC rather than on the workstation, a user is less likely to make a mistake.) Use UWS Procedures #13,17,18: Change Menu Item Assignment Select this option to allow employees in this class to change Menu Item Assignment, to Change Barcode Menu Items, and to Change Barcode Files, in UWS Manager Procedures. Use UWS Procedure #14: Change Menu Item Availability Select this option to allow employees in this class to designate menu items as being “available” or “unavailable” (out-of-stock) in UWS Manager Procedures. Use UWS Procedure #15: Print Menu Item Prices Select this option to allow employees in this class to print the Menu Item Price list, in UWS Manager Procedures. Use UWS Procedure #16: Update Currency Rates Select this option to allow employees in this class to change the exchange rates of alternate currencies, in UWS Manager Procedures. (Note: Use this option with caution; an employee with this privilege could potentially steal from the site. Typically, Currency Rates are infrequently updated, and only updated by a System Administrator through the EMC.) Use UWS Procedure #19: Change IP Printer Name This option should be disabled to ensure that IP Printers are only configured through the EMC. Select this option to allow employees in this class to change the name of the IP Printer, in UWS Manager Procedures. Run PC and UWS Reports Autosequence in Privilege Group 1 Select this option to allow employees in this class to run UWS and PC Autosequences belonging to Privilege Group 1. Note that all employees can run UWS and PC Autosequences belonging to Privilege Group 0.
34
MD0006-090
Authorization/Privileges
Reset UWS Reports Without Printing This option is only active if the option Reset UWS Reports is enabled. Select this option to allow employees in this class to run UWS Reports with the “Reset” option, while not printing the report. Run UWS Reports in Another Revenue Center Select this option to allow employees in this class to run UWS Autosequences (Reports) for Revenue Centers other than the current Revenue Center to which they are currently assigned, in UWS Manager Reports. Reset UWS Reports Select this option to allow employees in this class to run UWS Reports and to “Reset” the report. Note that if a report is set to “Reset” and an employee does not have this option enabled, the report will run properly but it will not reset.
Transaction Privileges The Transactions tab, shown below, contains options relating to posting and authorization privileges for transactions, service charges, tender, and other employee’s checks.
Post Payments to Checks Belonging to Another Operator Select this option to allow employees associated with this class to post tender/media entries to checks belonging to another operator.
9700 3.x Security Guide
35
Authorization/Privileges
Post Service Charges to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add service charges to checks belonging to another operator. Post Discounts to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add discounts to checks belonging to another operator. Post Menu Items to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add menu items to checks belonging to another operator. Authorize/Perform Automatic Service Charge Exemptions Select this option to allow employees associated with this class to forgive automatic service charges using the [Exempt Auto Service Charge] key and to authorize non-privileged employees to do so as well. Authorize/Perform Posting of Service Charges in Priv Group 1 Select this option to allow employees associated with this class to post Service Charges belonging to Privilege Group 1 and to authorize non privileged employees to do so as well. Note that all employees can post Service Charges belonging to Privilege Group 0. Authorize/Perform Posting of Discounts in Priv Group 1 Select this option to allow employees associated with this class to post Discounts belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can post Discounts belonging to Privilege Group 0. Authorize/Perform Posting of Tender/Media in Priv Group 1 Select this option to allow employees associated with this class to post Tender/Media entries belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can post Tender/Media entries belonging to Privilege Group 0. Authorize Over HALO Amounts on [Tender/Media] Keys Select this option to allow employees associated with this class to exceed the HALO amount set for a Tender/Media key and to authorize non privileged employees to do so as well. Authorize/Perform Posting of Payments Select this option to allow employees associated with this class to post payments to a transaction and to authorize non-privileged employees to do so as well.
36
MD0006-090
Authorization/Privileges
Authorize/Allow Manual Entry of Credit Card Numbers Select this option to allow manual entry of credit card numbers (typing the numbers into the workstation instead of swiping the credit card) and to authorize non-privileged employees to do so as well. Authorize/Perform Closing of Checks with a Zero Balance Select this option to allow employees associated with this class to tender and close transactions that have a balance due of $0.00 and to authorize non-privileged employees to do so as well. Authorize/Perform Closing of Checks with a Negative Balance Select this option to allow employees associated with this class to tender and close transactions that have a negative balance due and to authorize non-privileged employees to do so as well. Authorize/Perform Open Check Block Settlement Select this option to allow employees associated with this class to close all of their open checks to the Default Cash Tender/Media, specified in Revenue Center Parameters , and to authorize non-privileged employees to do so as well. Authorize/Perform Voiding of Tender w/ Signature Select this option to allow employees associated with this class to void a tender from a check with a signature capture and to authorize non privileged employees to do so as well. Allow Tender of Party Checks Select this option to allow employees associated with this class to Tender and close “Party Checks.” Authorize/Perform Posting of Menu Items in Priv Group 1 Select this option to allow employees associated with this class to post Menu Items belonging to Privilege Group 1 and to authorize non privileged employees to do so as well. Note that all employees can post Menu Items belonging to Privilege Group 0. Authorize/Perform Change of Transaction Main Level Select this option to allow employees associated with this class to change the Main Level using one of the eight [Main Level] keys and to authorize non-privileged employees to do so as well. Authorize/Perform Change of Transaction Sub Level Select this option to allow employees associated with this class to change the Sub Menu Level using one of the eight [Sub Level] keys and to authorize non-privileged employees to do so as well.
9700 3.x Security Guide
37
Authorization/Privileges
Authorize/Allow Sharing of Check Items Select this option to allow employees associated with this class to share menu items and to authorize non-privileged employees to do so as well. Sharing menu items is performed when using the [TouchSplit] and [TouchEdit] functions to put part of a menu item on two different checks (e.g., 1/2 Bottle of Wine “shared” between two couples at a table). Authorize/Use the [Table Number] Key Select this option to allow employees associated with this class to use the [Table Number] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Menu Item Price Override] Key Select this option to allow employees associated with this class to use the [Menu Item Price Override key] and to authorize non-privileged employees to do so as well. Menu Item Price Overrides are usually used to override a preset price of a barcode menu item. Authorize/Use the [Order Type] Key Select this option to allow employees associated with this class to select an Order Type and to authorize non-privileged employees to do so as well. Authorize/Perform Tax Exemptions Using [Exempt Tax] Keys Select this option to allow employees associated with this class to forgive tax using one of the [Exempt Tax] keys and to authorize non-privileged employees to do so as well. Authorize/Use the [Item Weight] Key Select this option to allow employees associated with this class to post weighed menu items and to authorize non-privileged employees to do so as well. Authorize/Use the [Transaction Cancel] Key Select this option to allow employees associated with this class to use the [Transaction Cancel] key and to authorize non-privileged employees to do so as well. Authorize/Cause a Transaction to have a Negative Balance Select this option to allow employees associated with this class to create a check with a negative balance and to authorize non-privileged employees to do so as well.
38
MD0006-090
Authorization/Privileges
Authorize/Perform Change of Number of Guests Select this option to allow employees associated with this class to change the number of guests in a transaction using the [Number of Guests] key and to authorize non-privileged employees to do so as well. Authorize Open Cash Drawer Using the [No Sale] Key Select this option to allow employees associated with this class to open the cash drawer outside of a transaction using the [No Sale] key and to authorize non-privileged employees to do so as well. Authorize/Perform Signature Capture Override Select this option to allow employees associated with this class to use the [Signature Capture Override] key and to authorize non-privileged employees to do so as well. Signature Capture Override is used to bypass the signature capture process, in the event that the customer refuses to sign, or if the customer has left without signing.
Authorize/Perform Employee Meal Discount Override for Non- Scheduled Employees Enable this option to allow employees associated with this class to permit non-scheduled employees to receive the employee meal discount and to authorize non-privileged employees to do so as well. This option works in conjunction with the “Employee Meal” and “Employee Meal Discount Applies to Scheduled Employees Only” options in the Discount s module.
Authorize/Perform AVS Override Enable this option to allow employees associated with this class to proceed with a credit card process without entering the AVS (Address Verification Service) information and to authorize non-privileged employees to do so as well. Authorize/Perform CVV Override Enable this option to allow employees associated with this class to proceed with a credit card process without entering the CVV, CVC, or CID (the Card-Present Number) and to authorize non-privileged employees to do so as well.
9700 3.x Security Guide
39
Authorization/Privileges
Miscellaneous Privileges The Options tab, shown below, contains options for miscellaneous authorization privileges, such as for Mobile Micros Handhelds (MMH), Universal Stored Value Cards, and cash drawer usage.
Authorize/Use the [Direct Tips] and [Indirect Tips] Keys Select this option to allow employees associated with this class to use these keys to declare cash tips received (by themselves) and to authorize non-privileged employees to do so as well. Download Database to Mobile MICROS and SAR Clients Select this option to allow employees in this class to download a new database to a Mobile MICROS device or SAR workstation and to authorize non-privileged employees to do so as well. Auth/Perform Assign Cash Drwr 1&2; Unassgn Drwr from Others This option bit includes two different functions. #1: Select this option bit to allow employees associated with this class to use the [Assign Cash Drawer 1] and [Assign Cash Drawer 2] keys to assign the cash drawer to themselves, and to authorize non-privileged employees to use the [Assign Cash Drawer 1] or [Assign Cash Drawer 2] keys to become assigned to a drawer. #2 If this option bit is enabled, employees in this employee class can use the [Unassign Cash Drawer] key to unassign cash drawers from other operators.
40
MD0006-090
Authorization/Privileges
Note that the [Assign Cash Drawer] key does not require an Employee class privilege—any employee with access to the [Assign Cash Drawer] button can use it.
Authorize/Perform Assignment & Changes of Cashiers Select this option to allow employees associated with this class to assign themselves a cashier link or change their cashier link with the [Assign Cashier] key and to authorize non-privileged employees to do so as well. Authorize/Use the [Keyboard Select] Key Select this option to allow employees associated with this class to change keyboards using one of the [Keyboard Select] keys and to authorize non privileged employees to do so as well. Authorize/Use the [Direct Tips] and [Indirect Tips] Keys for Another Employee Select this option to allow employees associated with this class to use these keys to declare cash tips received by another employee and to authorize non-privileged employees to do so as well. Authorize/Perform UWS Download New Revenue Center Select this option to allow employees associated with this class to download a new Revenue Center to a workstation and to authorize non privileged employees to do so as well. Authorize Cash Drawer Reconnection Select this option to allow employees associated with this class to authorize a cash drawer cable reconnection on a workstation. If an operator has the option bit enabled to “Require Authorization for Cash Drawer Reconnection,” the operator will need an authorization before performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization. Authorize Power Cycle of Workstation during Operations Select this option to allow employees associated with this class to authorize a Power Cycle of a workstation. If an operator has the option bit enabled to “Require Authorization for Power Cycle of UWS during Operations,” the operator will need an authorization before performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization.
9700 3.x Security Guide
41
Authorization/Privileges
Authorize SAR Workstation to Enter Offline Mode Select this option to allow employees in this class to enter offline mode on a SAR workstation. When an operation is attempted that normally causes the workstation to contact the 9700 Server, if contact cannot be established, the client will display a prompt to retry the operation or work offline. If the user chooses to work offline, the operator needs to have an authorization, which is represented by this option bit. Authorize SAR workstation to Exit Offline Mode Select this option to allow employees in this class to enter online mode (while in offline mode) on a SAR workstation. While offline, if communication with the 9700 Server is detected, a prompt will be displayed to work in online mode. If the user chooses to work online, the operator needs to have an authorization, which is represented by this option bit. Authorize Running of Offline Reports Select this option to allow employees associated with this class to generate Offline Reports when the workstation is offline. Authorize/Perform Manual Entry of Stored Value Card Number Select this option to allow employees associated with this class to manually enter the stored value card account number and to authorize non-privileged employees to do so as well. Authorize/Perform Issue Stored Value Function Select this option to allow employees associated with this class to issue a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Entry Select this option to allow employees associated with this class to void an issued card and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Issue Stored Value Batch Function Select this option to allow employees associated with this class to issue a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Batch Entry Select this option to allow employees associated with this class to void a batch of stored value cards and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.
42
MD0006-090
Authorization/Privileges
Authorize/Perform Activate Stored Value Function Select this option to allow employees associated with this class to activate a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Activate Stored Value Entry Select this option to allow employees associated with this class to void the activation of a stored value card and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Activate Stored Value Batch Function Select this option to allow employees associated with this class to activate a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Void Activate Stored Value Batch Entry Select this option to allow employees associated with this class to void the activation of a batch of stored value cards and to authorize non-privileged employees to do so as well. Authorize/Perform Reload Stored Value Function Select this option to allow employees associated with this class to Reload (add credit) a dollar amount to an existing stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Reload Stored Value Entry Select this option to allow employees associated with this class to void a Reload transaction and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Redeem Authorization Stored Value Function Select this option to allow employees associated with this class to perform a redemption authorization and to authorize non-privileged employees to do so as well. Authorize/Perform Void Redeem Authorization Stored Value Entry Select this option to allow employees associated with this class to void a redemption authorization and to authorize non-privileged employees to do so as well.
9700 3.x Security Guide
43
Authorization/Privileges
Authorize/Perform Redeem Stored Value Function Select this option to allow employees associated with this class to perform a redemption transaction (a stored value card is used to make a purchase and a dollar amount is deducted from the account) and to authorize non privileged employees to do so as well. Authorize/Perform Void Redeem Stored Value Entry Select this option to allow employees associated with this class to void a redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Manual Redemption Stored Value Function Select this option to allow employees associated with this class to perform a manual redemption and to authorize non-privileged employees to do so as well. Authorize/Perform Void Manual Redemption Stored Value Entry Select this option to allow employees associated with this class to void a manual redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Issue Stored Value Points Function Select this option to allow employees associated with this class to issue points to a stored value card and to authorize non-privileged employees to do so as well. Authorize/Perform Void Issue Stored Value Points Entry Select this option to allow employees associated with this class to void issued points on a stored value card and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed. Authorize/Perform Redeem Stored Value Points Function Select this option to allow employees associated with this class to perform a points redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Void Redeem Stored Value Points Entry Select this option to allow employees associated with this class to void a points redemption transaction and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Cash Out Function Select this option to allow employees associated with this class to debit some or all of the remaining balance on a stored value card and to authorize non-privileged employees to do so as well.
44
MD0006-090
Authorization/Privileges
Authorize/Perform Stored Value Balance Inquiry Function Select this option to allow employees associated with this class to check a stored value card balance and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Balance Transfer Function Select this option to allow employees associated with this class to transfer the balance from one stored value card to another and to authorize non privileged employees to do so as well. Authorize/Perform Stored Value Point Inquiry Function Select this option to allow employees associated with this class to check a stored value card point balance and to authorize non-privileged employees to do so as well. Authorize/Perform Stored Value Report Generation Function Select this option to allow employees associated with this class to generate stored value card reports and to authorize non-privileged employees to do so as well. Authorize/Perform “Accept Coupon” Stored Value Function Select this option to allow employees in this class to perform the “Accept Coupon” Stored Value Function and to allow non-privileged employees to do so as well. Authorize/Perform “Void Accept Coupon” Stored Value Function Select this option to allow employees in this class to perform the “Void Accept Coupon” Stored Value Function and to allow non-privileged employees to do so as well. Authorize/Perform Stored Value Reprint Chit Function Select this option to allow employees in this class to reprint Stored Value chits and to allow non-privileged employees to do so as well.
Workstation Privileges Workstation Privileges are configured in the EMC within the System Hardware | Device Table |