9700 Security Guide

1Sim

9700 3.x Security Guide In This Document  This document describes 9700’s security design, features that monitor actions that employees take on the System, and features that restrict employee access to the database, reports, and operational procedures.

Declarations....................... ..................................................... Declarations................................................. ........................................ ............. 2 Overview ................................................. ....................... ................................................... ............................................ ................... 3 Authentication .............................................. ...................... ................................................. ....................................... .............. 5 Authorization/Privileges........................... Authorization/Privileges........................... ........................................... .......................... ................. 7 Encryption ................................................... ......................... .................................................. ........................................ ................ 50 Audit Trail .................................................. ........................ .................................................. ......................................... ................. 51 Security Maintenance........................ Maintenance ................................................. .................................................. ......................... 56

9700 3.x Security Guide

MD0006-090

Declarations

Declarations Warranties Although the best efforts are made to ensure that the information in t his document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but not lim ited to the implied warranties of marketability and fitness for a particular purpose. Information in this guide is subject to change without notice. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including  photocopying, recording, or information recording and and retrieval systems, for any  purpose other than for personal use, without the express written permission of MICROS Systems, Inc. MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing,  performance, or use of this guide.

Trademarks Windows is a registered trademark of Microsoft Corporation. FrameMaker is a registered trademark of Adobe Corporation.

Printing History  New editions of this guide incorporate new and changed material since the previous edition. Minor corrections and updates may be incorporated into reprints of the current edition without changing the publication date or the edition number.

2

Edition

Month

Year

Software Version

1st

July

2007

3.x

MD0006-090

Declarations

Declarations Warranties Although the best efforts are made to ensure that the information in t his document is complete and correct, MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but not lim ited to the implied warranties of marketability and fitness for a particular purpose. Information in this guide is subject to change without notice. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including  photocopying, recording, or information recording and and retrieval systems, for any  purpose other than for personal use, without the express written permission of MICROS Systems, Inc. MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing,  performance, or use of this guide.

Trademarks Windows is a registered trademark of Microsoft Corporation. FrameMaker is a registered trademark of Adobe Corporation.

Printing History  New editions of this guide incorporate new and changed material since the previous edition. Minor corrections and updates may be incorporated into reprints of the current edition without changing the publication date or the edition number.

2

Edition

Month

Year

Software Version

1st

July

2007

3.x

MD0006-090

Overview

Overview Security features in 9700 are divided into the following areas:

•

Securing the client’s property with 9700 applications and database servers

•

Keeping servers, Windows® operating systems, and 9700 applications up-todate with security fixes

•

Setting up operating systems and database users with the following security guidelines:

•  No master password •

Allow password changes

•

Grant minimal privileges whenever possible

•

Authenticating Authenticating workstations on the Network 

•

Protecting data during storage and transmission

•

Monitoring functionality via Audit Trail

•

Enabling Authorizations and Privileges via Employee IDs, IDs, Employee Levels, Levels , Employee Groups, Groups, Access Levels, Levels, Employee Classes, Classes, and Workstation Privileges

What to Protect •

Permanent data stored on the 9700 database server: The database will contain a mix of sensitive information (credit cards, employee social security numbers, employee identification numbers), less sensitive data, configuration information, and sales figures.

•

Temporary data cache: Flat files on the workstation contain a cache of the configuration data needed for the workstation to operate in offline mode and store transaction data during operations. Transaction data can contain sensitive information, such as credit card information.

•

Data that is transmitted between the workstation and the server during normal operations and during data playback.

9700 3.x Security Guide

3

Overview

9700 Technical Design

•

Any Credit Card data is wiped out of memory as soon as it is used

•

Encrypted authorization and transactional transactional data is kept in the database

•

Pathway between WinStation WinStation to OPS is clear 

•

Pathway between SAR and POSSRV POSSRV is encrypted using CryptoAPI

•

Pathway from processes to CC driver is encrypted

•

Pathway from CC driver to Agency is beyond MICROS control

Credit Card Settlement

4

•

Retention of Credit Card detail is kept for 6 weeks in the CHECKS table and  purged automatically automatically

•

Any Credit Card data available on receipts or check images is masked/ encrypted

MD0006-090

 Authentication

 Authentication Overview Authentication is the process of ensuring that people on both ends of the connection are who they say they are. Applicable to not only the entity trying to access a service, Authentication is also applicable to the entity providing the service.

EMC Authentication All users’ credentials of the 9700 System are stored in the central database. Anyone who has access to the Enterprise Management Console (EMC) must  provide a login of a valid valid username/password. username/password. No two MICROS users can have have the same username. MICROS Systems, Inc. mandates client sites maintain proper configuration and adhere to privilege level restrictions based on a need-to-know basis. For security  purposes, each user’s user’s activities are traced via Audit Trail. Trail. To ensure strict access control of the 9700 application, always assign unique usernames and complex passwords to each account. For more information, please see the 9700 PABP Compliance document specific to the site’s site’s software version.

 Note

The 9700 System does NOT use the Windows Login.

Workstation Wor kstation Authentication User Authenticat Authentication ion A user must authenticate themselves through the workstation by signing in using a unique employee ID number or an employee magnetic card.

9700 3.x Security Guide

5

 Authentication

Database User Management MICROS Systems, Inc. mandates that users create a strong, PCI compliant  password for the EMC user account within the EMC’s Personnel | Employees module after initially logging into the EMC for the first time. The password must  be PCI compliant, containing at least 8 alphanumeric characters with both letters and numbers. For more information, please see the 9700 PABP Compliance document specific to the site’s software version. During 9700’s installation, the wizard prompts for the creation of a Database Administrator username and password. The Database Administrator is used to log into the SQL Server 2005 database (or the Oracle 10g database, depending on the site’s setup). 9700’s installation wizard also prompts for the creation of a MICROS Database User. 9700’s code uses the MICROS Database User to access the database during communication with services. Before any code can make SQL (or Oracle) statements to the SQL database (or Oracle database), the SQL database requires a username and password in the SQL string. Always assign strong usernames and  passwords. When creating the usernames and passwords for the Database Administrator and MICROS Database User during the 9700 installation, users are advised to create a strong password for the user account consisting of at least 8 alphanumeric characters including both letters, numbers, and special characters for all 9700 accounts. Whenever possible, always assign strong application and system  passwords. Database credentials are stored in the configuration file on the 9700 application server, which is encrypted. No applications, except for the application server, need access to the database directly. After initial authentication, the application server  performs a check of the authorization for the given user to perform the requested action.

6

MD0006-090

 Authorization/Privileges

 Authorization/Privileges Overview Setting Authorization/Privileges establishes strict access control, explicitly enabling or restricting the ability to do something with a computer resource. User access control for Employees Levels, a way of controlling how employees can view other employee information, is defined within the  EMC | Personnel |  Employees module. User access control for 9700 System elements is defined within the  EMC |  Personnel | Access Levels and Report Writer Access Levels  modules. User authorization/privileges are configured by Employee Class configured within the  EMC | Personnel | Employees  module. Workstations also have their own EMC privileges module,  Hardware | Device Table module.

Employee IDs

The Employee ID field consists of a ten-digit number that identifies the operator when attempting to sign in to POS Operations on the User Workstation or when attempting to clock in or out at the User Workstation.

9700 3.x Security Guide

7

 Authorization/Privileges

Enabling ID  Enter an ID number to be used to identify the employee on workstations. If you wish to assign employee IDs from magnetic cards, you must do this though UWS Procedures.

Employee Levels The Employee Levels feature may be used to create up to nine levels of employee access. Employees assigned to a specific Employee Level can only access (i.e., view or change) information about other employees whose own Employee Level is equal to or higher than their own. The 9700 System only displays information about employees who have an equal or higher number. This feature is used to create an Employee Level to control an employee’s ability to:

8

•

Access privileged operations in the EMC

•

Access privileged operations in UWS Reports

•

Access privileged operations in UWS Procedures

•

Access privileged operations in Report Writer 

MD0006-090

 Authorization/Privileges

Usage Example 1: Employee Levels  In a large restaurant, Employee Levels are used to allow an Assistant Manager to have access only to information about other Assistant Managers and subordinate employees. Assistant Managers are then prevented from accessing information about their General Managers or other employees to whom they are subordinate. Level 0 Employees Level 1 Employees Level 2 Employees not displayed

Level 3 Employees Level 4 Employees Level 5 Employees

Assistant Manager  Employee Level #6

Level 6 Employees Level 7 Employees Level 8 Employees

Example 2: Employee Levels Combined With Employee Groups  Employee Levels can be used with the Employee Group feature on page 11, to further restrict access to employee information. Employee

Group #

Employee #231 Employee #232

197

Employee #234 Employee #235 Assistant Manager  Employee Group #198 Employee Level #6

Employee #236 Employee #237 Employee #238

9700 3.x Security Guide

198

199

Level #

Access?

5

 No

7

 No

4

 No

5

 No

6

Yes

7

Yes

8

 No

9

 Authorization/Privileges

Employee Levels Configuration

Configuration within the  EMC | Personnel | Employees module determines the Employee Level granted to each employee. One of nine Access Levels can be granted to an Employee. The Master Access Level, 0, allows unrestricted access. The lowest Access Level, 8, grants the lowest level of permission.

 Access Progression  Employee Levels are progressive. That is, an employee with an Access Level of 4 can use files or functions that are themselves assigned Access Levels of 4 through 8. Files with an Access Level of 4 may be opened by employees with an Access Level of 0 through 4.

Enabling Level   Navigate within the EMC to Personnel | Employees | Sort By Employee and enter the access level of the employees that this employee is allowed to access when performing privileged operations in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is set to zero, access is unrestricted. If this field is not zero, the employee is allowed to access other employees of a high-numbered level. For example, Level 3 employees may perform any operations for which they are privileges, only on employees with Levels 4 through 9. Employees with Level 0 can access all employees.

10

MD0006-090

 Authorization/Privileges

Employee Groups This feature may be used to create up to 300 distinct groups of employees within 9700, whose members cannot access information about each other. When a privileged employee performs any operations that involve other employees, 9700 only displays information for other employees who have the same Group number. Since Employee records reside on the Enterprise Level, this feature can be used to isolate information access to a Property or a single Revenue Center. This feature is used to create an Employee Group to control an employee’s ability to:

•

Access privileged operations in the EMC

•

Access privileged operations in UWS Reports

•

Access privileged operations in UWS Procedures

•

Access privileged operations in Report Writer 

Usage Example 1  In a large restaurant, Employee Groups are used to prevent General Managers in the Catering Revenue Center from accessing information about employees, including other Managers, in the Lounge Revenue Center.

Example 2  In an airport concessions complex that uses 9700 to manage multiple Properties, this feature may be used to prevent employees in the Pizza Shop from accessing information about employees in the Gift Shop. Employee #2301 Employee #2302

Group #197 not displayed

Employee #2304 Pizza Shop Manager  Employee Group #198

Employee #2305

Group #198

Employee #2306 Employee #2307 Employee #2308

9700 3.x Security Guide

Group #199 not displayed

11

 Authorization/Privileges

For an example of how Employee Groups can be used in combination with Employee Levels, refer to page 9.

Employee Groups Configuration

Configuration within the  EMC | Personnel | Employees module determines the Employee Group granted to each employee.

Enabling  Group  Navigate within the EMC to Personnel | Employees | Sort by Employee and enter the number of the group that this employee is allowed to access when  performing privileged options in the EMC, UWS Reports, UWS Procedures, or Report Writer. If this field is zero, access is unrestricted. If this field is not zero, the employee is allows to access other employees of an equal group number.

12

MD0006-090

 Authorization/Privileges

 Access Levels Description The Access Levels module determines the access level required for an employee to open and modify modules in the 9700 Configurator within the EMC. The lowestnumbered levels are the most powerful. For example, if the access level required to add or change records in the Cashiers file is 3, a user must have an access level setting of 3, 2 or 1 in order to perform these functions. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted.

Set the access level for each employee on the Employees | General tab

(Personnel | Employee Maintenance | Sort By Class | Privileges tab)

0

Highest Level

MASTER

1

    S     S     E     C     C     A

2 3 4

L    E     V     E     L    S    

Levels are cumulative, which means that a level 3 also has the access rights of levels 4 through 8.

5 6 7 8

9700 3.x Security Guide

Lowest Level

13

 Authorization/Privileges

Programming Access Levels An employee’s access level is determined by the Employee Class that they belong to. Since this designation must be made when you set up the Employee Classes, it is recommended that you define the  Access Levels module first. There are six tabs in the  Access Levels module, one for each main component of the 9700 System. The five Record Access Level fields shown below on the General  tab determine the access level required to perform each of several module maintenance functions.

The fields contained on the remaining tabs, such as the  Menu tab shown  below, determine the access level required to open each specific module within the Configurator.

14

MD0006-090

 Authorization/Privileges

 Access Level Granted to an Employee Class An employee’s access privileges to the  EMC | Configurator  are determined by the setting of the Configuration Privilege Level for the Employee Class to which they belong. (The Report Writer Privilege Level controls use of Report Writer.) The Personnel | Employe Maintenance | Sort by Class | Privileges tab  is shown  below.

Report Writer Access Levels Description The Report Writer Access Level s module determines the access level required for an employee to take and reset reports in 9700 Report Writer. There are a total of nine access levels, eight of which are user-defined. Access level 0, Master, is the highest level in the System and allows employees access to every file, function, and report. This level cannot be changed or deleted.

 Access Level Required by Report Writer The Report Writer Access Levels  module determines the Access Level required to  perform each of two reset options located on the General tab:

•

Reset Access Level Number 

•

Reset-no-print Access Level Number 

9700 3.x Security Guide

15

 Authorization/Privileges

Additional fields in this module determine the Access Level required to take each specific report.

 Access Level Granted to an Employee Class An employee’s access privileges to Report Writer are determined by the setting of the Report Writer Privilege Level for the Employee Class to which they belong. The Personnel | Employe Maintenance | Sort by Class | Privileges tab  is shown  below.

Employee Classes Employee Classes allow you to group employees according to the duties that Property they perform, such as servers, bussers,   Manager  Expert and cooks, then assign the same  privilege and option settings to all employees in a particular class. For Cashier    Server  example, the employee class Bartenders EMPLOYEE is privileged to use one-touch sign in CLASSES keys. The default touchscreen (Bar Cooks Bartender  Main) is programmed to display two one-touch keys, one for each bartender on duty. Without classes, you would Busser    Retail have to assign privileges to each individual employee, which can be a very repetitive and time consuming task. Besides easing your workload, employee classes also allow you to generate reports for specific kinds of employees based on the class they belong to. When adding employees to the System, you must specify which class they belong to. So, in order for the list of classes to be available when defining the employee, you should create the employee classes first.

16

MD0006-090

 Authorization/Privileges

Working with Employee Classes To work with the Class forms in the  Employees | Maintenance  module, you must set the Sort By field on the Employee | Maintenance  window to Class. The tree view displays the list of classes in alphabetical order that exist in the database. The + sign to the left of the class name indicates that there are employees linked to that class. To display the linked employees, click the + sign to expand the list. If a + sign displays to the left of an employee name, at least one Revenue Center is linked to that employee. To display the linked Revenue Centers, click the + sign to expand the list.

Linking Employees to Employee Classes The diagram below illustrates that each employee is linked to a single employee class. This designation is made on the General tab when sorting Employee Maintenance records by Employee. For each employee record, enter the Employee Class number from the Employee Class file. Employee General Form

Employees

Class

401

Chris

101-Server 

402

Alex

101-Server 

403

John

101-Server 

Employee Class 101

Shared Privileges

Server 

If there are “special cases” among the staff who don’t fit any of the general classes, create a class just for them. For example, Sheila usually works as a server,  but occasionally tends bar, and also fills in as a manager when necessary. She needs to be able to perform the duties of all three of the employee classes (Server, Bartender, or Manager). Create an employee class that combines the privileges required to perform as either a bartender or a server and allows the access levels required of a manager. Label this new class “Utility”, or perhaps “Sheila”, and select it as her Employee Class in her Employee record only. The number of classes that can be created is limited only by the size of system memory. So, if you have several of these “special cases,” take comfort in knowing that you can set up whatever you may need to handle the situation.

9700 3.x Security Guide

17

 Authorization/Privileges

Class Privileges They are a variety of privileges that can be assigned to each Employee Class. When sorting by Class, you will see the eight tabs shown below, which contain the option settings for each of these categories.

General Privileges  The General tab, shown below, contains options relating to timekeeping and transaction privileges.

 Authorize/Perform Reprint of Time Card  Select this option to allow employees associated with this class to reprint a timecard using the [Reprint Timecard] key and to authorize non privileged employees to do so as well. Change Revenue Center at Clock-In  Select this option to allow employees associated with this class to authorize changes in the Revenue Center assignment of other employees who are clocking in.

18

MD0006-090

 Authorization/Privileges

Clock in at Rate 1  Select this option to allow employees associated with this class to Clock in at Job Rate 1.  Authorize Clock In  Select this option to allow employees associated with this class to authorize other employees to clock in.  Authorize/Perform Clock In/Out Outside Schedule or Scheduled Breaks  Select this option to allow employees associated with this class to clock in or out at times that conflict with their assignment in the Time Clock Schedules module. ON = Minor Employees; OFF = Regular Employees  Some jurisdictions have labor laws that apply specifically to minors age 16 and under. This option is used in conjunction with the Time Clock Parameters, in the Parameters module, that allows the creation of separate definitions of paid and unpaid breaks for minors and regular employees. Select this option to designate employees associated with this class as minors. Do NOT select this option to designate employees associated with this class as regular, adult employees.

 Authorize Changing Revenue Center at Clock In  Select this option to allow employees associated with this class to change their Revenue Center assignment when clocking in. Clock Out with Open Checks  Select this option to allow employees associated with this class to clock out at the end of a shift even if they still have open guest checks. If this option is enabled, it overrides the setting of the “Cannot Clock Out with Open Checks” option in the Job Codes module.  Authorize/Perform Clock Out in the Future  Select this option to allow employees associated with this class to clock themselves out at a time ahead of the system time or to authorize an employee without this privilege to clock out at a time ahead of the system time. Change Revenue Centers  Select this option to allow employees associated with this class to change Revenue Centers by signing into a workstation that belongs to a Revenue Center that is different from RVC to which the employee is currently assigned.

9700 3.x Security Guide

19

 Authorization/Privileges

 Authorize Changing Revenue Centers  Select this option to allow employees associated with this class to Change Revenue Centers and to authorize non-privileged employees to do so as well.  Allow Sign-in to a Workstation  Select this option to allow employees associated with this class to sign into a workstation or a Mobile MICROS unit. Do not select this option to  prevent employees from performing any operations other than clocking in and out unless they gain authorization from a privileged employee. (Refer to the “Authorize/Use the [Keyboard Select] Key” option.)  Authorize Sign-in to a User Workstation  Select this option to allow employees associated with this Class to authorize a non-privileged employee (one for whom the “Allow Sign into a Workstation” option is disabled) to sign in to a workstation or Mobile MICROS unit.

Guest Checks Privileges  The Guest Checks tab, shown below, contains options relating to guest check editing and control authorization privileges.

20

MD0006-090

 Authorization/Privileges

 Authorize/Add Team Member to Check  Select this option to allow employees associated with this class to use the [Add Team Member] key to add additional servers to a check.  Authorize/Perform Edit of a Guest Check ID In a Closed Check  Select this option to allow employees associated with this class to edit a Guest Check ID of a closed check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well.  Authorize/Perform Edit of a Guest Check ID In an Open Check  Select this option to allow employees associated with this class to edit a Guest Check ID of an open check using the [Guest Check ID] key and to authorize non-privileged employees to do so as well.  Authorize/Remove Team Member from Check  Select this option to allow employees associated with this class to use the [Remove Team Member] key to remove servers from a check.  Authorize/Add Guest Information to Check  Enable this option to allow employees associated with this class to use the [Enter Guest Info] key to enter guest information when creating a special event check on the workstation and to authorize non-privileged employees to do so as well. View All Team Detail  A guest check must be started with the [Begin Party Check] key (keycode #399) to use this Employee Class option. Enable this option to allow employees associated with this class to view the detail posted by all team members on a special event check and to authorize non-privileged employees to do so as well. If this option is disabled, employees associated with this class can only view the detail they have posted to the guest check.

 Authorize/Perform Pickup of a Check that is “Open on System”  Select this option to allow employees associated with this class to pickup checks that already have an “open” status and to authorize non-privileged employees to do so as well. Checks with an “open” status are checks that are considered in use at another workstation or by another process.  Allow Pickup Of Checks from other Revenue Centers  Select this option to allow employees associated with this class to pickup checks in other Revenue Centers using the [Pickup Check, RVC] keys. Disable this option to prevent employees from picking up checks in other Revenue Centers.

9700 3.x Security Guide

21

 Authorization/Privileges

 Authorize/Perform Closed Check Pickup (Reopen a Closed Check)  Select this option to allow employees associated with this class to use the [Reopen Closed Check] key and to authorize non-privileged employees to do so as well.  Authorize/Use the [Block Transfer] and [Auto Block Transfer] Keys  Select this option to allow employees associated with this class to transfer an entire block of checks from another operator and to authorize non privileged employees to do so as well. This function is useful with a shift change, when an entire group of checks must be turned over from the operator who is leaving to the operator who is just signing in. Create New Checks using [Begin Check] Key  Select this option to allow employees associated with this class to begin a guest check.  Authorize Adding of Checks Between Revenue Centers  Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) from another Revenue Center and to authorize non-privileged employees to do so as well.  Authorize Adding of Checks in the Same Revenue Center Select this option to allow employees associated with this class to add checks (to be in a check and add another check to it) within a Revenue Center and to authorize non-privileged employees to do so as well.  Authorize Transfer of Checks Between Revenue Centers  Select this option to allow employees associated with this class to transfer checks from another Revenue Center and to authorize non-privileged employees to do so as well.  Authorize Transfer of Checks in the Same Revenue Center  Select this option to allow employees associated with this class to transfer checks from another operator within the same Revenue Center a nd to authorize non-privileged employees to do so as well.  Authorize/Perform Open of Checks for Multiple Groups at a Table Select this option to allow employees associated with this class to open multiple checks at the same table. Each succeeding check is assigned a successive check number. An employee who is authorized to split checks (option “Authorize/Use the [Split Check] key and Perform Memo Tenders”) is also authorized to open checks for multiple groups at a table.

22

MD0006-090

 Authorization/Privileges

 Authorize/Use the [Split Check] Key and Perform Memo Tenders  Select this option to allow employees associated with this class to split guest checks and to perform memo tenders and to authorize non privileged employees to do so as well.  Authorize/Perform Pickup of a Check Belonging to Another Operator  Select this option to allow employees associated with this class to pick up another operator's checks and to authorize non-privileged employees to do so as well.  Authorize/Perform Closed Check Adjust  Select this option to allow employees associated with this class to use the [Adjust Closed Check] key and to authorize non-privileged employees to do so as well. A closed check adjustment allows the user (if privileged to void Tender/ Media from a previous round) to adjust the Tender/Media or Service Charge on a closed check.

 Authorize/Perform Pickup of a Check that is “Owned by Offline UWS” If a check is rung on a workstation that proceeds to go offline, the check is considered “Owned by an Offline Workstation.” Select this option to allow employees associated with this class to pickup these checks from another workstation and to authorize non-privileged employees to do so as well.  Authorize/Perform Lock/Unlock of Guest Checks  Enable this option to allow employees associated with this class to use the [Lock Guest Check] and [Unlock Guest Check] keys and to authorize non-privileged employees to do so as well.  Authorize/Perform Memo Tenders  Enable this option to allow privileged employees associated with this class to perform memo tenders and to authorize non-privileged employees to do so as well. Enable Limited Split Check  Enable this option to prevent an employee from performing the S plit Check function more than once on a check. If this option is enabled, the Authorize/Use Split Check option must be disabled. Note: This option was created to safeguard against the “floating soda” technique.

9700 3.x Security Guide

23

 Authorization/Privileges

 Authorize/Perform Creation and Pickup of Unassigned Checks  Select this option to allow employees associated with this class to begin and pickup “Unassigned Checks” and to allow non-privileged employees to do so as well. An “Unassigned Check” is a check that is begun in the system (usually by a professional services application or other MICROS peripheral product, such as Guest Connection or Suites Management) without an owner. When an Open Check SLU is used, Privileged Operators will see their own checks, as well as any “Unassigned Checks” in the Revenue Center,  but they will not see other operators’ open checks.

 Auth/Perform Adjustment of Closed Checks from Prev. Business Days  Select this option to allow employees associated with this class to Adjust Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Adjust Closed Check from Previous Business Day] function key.  Auth/Perform Reopening of Closed Checks from Prev. Business Days  Select this option to allow employees associated with this class to Reopen Closed Checks from business days other than the current business day. If this option is enabled, an operator in this class will have access to the [Reopen Closed Check from Previous Business Day] function key.

24

MD0006-090

 Authorization/Privileges

Printing Privileges  The Printing tab, shown below, contains options relating to guest check, receipt, and tender media authorization privileges.

 Authorize/Perform Printing of Memo Checks  Select this option to allow employees associated with this class to print memo checks and to authorize non-privileged employees to do so as well.  Authorize/Perform Reprinting of Memo Checks  Select this option to allow employees associated with this class to reprint memo checks and to authorize non-privileged employees to do so as well.  Authorize/Perform Reprinting of Closed Checks  Select this option to allow employees associated with this class to reprint a guest check after it has been closed and to authorize non-privileged employees to do so as well.  Authorize/Perform Unlimited Reprinting/Printing of a Check  Select this option to allow employees associated with this class to perform two functions. #1: Allow On-Demand operators to print guest checks more than the maximum number allowed in the Revenue Center Parameters Module. #2: Allow By-round operators to use the [Reprint Check] key. This privilege also allows employees associated with this class to give authorization to non-privileged employees for these functions.

9700 3.x Security Guide

25

 Authorization/Privileges

 Authorize/Perform Reprint of a Credit Voucher  Select this option to allow employees associated with this class to reprint a credit card voucher slip and to authorize non-privileged employees to do so as well.

Void and Return Privileges  The Voids/Returns tab, shown below, contains options relating to void and return authorization privileges.

 Authorize/Use the [Transaction Return] Key Select this option to allow employees associated with this class to use the [Transaction Return] key and to authorize non-privileged employees to do so as well. The [Transaction Return] key is used when performing several returns in a transaction—every menu item rung after pressing [Transaction Return] will be a returned menu item.

 Authorize/Perform Return of Menu Items Entered on Current Check  Select this option to allow employees associated with this class to return menu items posted in the current round (using the [Return] key) and to authorize non-privileged employees to do so as well. To perform voids in the current round, the employee class option “Authorize/Perform Error Corrects” must be enabled.

26

MD0006-090

 Authorization/Privileges

 Authorize/Perform Void of Menu Items from a Previous Round  Select this option to allow employees associated with this class to void menu items that were posted in a previous transaction round and to authorize non-privileged employees to do so as well.  Authorize/Perform Void and Return of Menu Items Not on Check  Select this option to allow employees associated with this class to void and return menu items that were never posted to the guest check and to authorize non-privileged employees to do so as well.  Authorize/Perform Void of Discounts from a Previous Round  Select this option to allow employees associated with this class to void discounts that were posted in a previous transaction round and to authorize non-privileged employees to do so as well.  Authorize/Perform Void of Service Charges from a Previous Round  Select this option to allow employees associated with this class to void service charges that were posted in a previous transaction round and to authorize non-privileged employees to do so as well.  Authorize/Perform Void of Tender/Media from a Previous Round  Select this option to allow employees associated with this class to void tender/media entries that were posted in a previous transaction round and to authorize non-privileged employees to do so as well.  Authorize/Use the [Void Check] Key Select this option to allow employees associated with this class to use the [Void Check] key, which will void all the items on the check and to authorize non-privileged employees to do so as well.  Authorize/Perform Voids in the Current Round  Select this option to allow employees associated with this class to perform voids in the current round (i.e., last-item voids, direct voids, line-number voids, and touch-voids).  Authorize/Use the [Transaction Void] Key Select this option to allow employees associated with this class to use the [Transaction Void] key and to authorize non-privileged employees to do so as well. The [Transaction Void] key is used when performing several voids in a transaction—every menu item rung after pressing [Transaction Void] will be a voided menu item.

9700 3.x Security Guide

27

 Authorization/Privileges

 Authorize/Perform Void of Menu Items on Closed Checks  Select this option to allow employees associated with this class to void menu items from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the “Authorize/Perform Void of a Menu Item from a Previous Round” option must be selected.)  Authorize/Perform Void of Discounts on Closed Checks Select this option to allow employees associated with this class to void discounts from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. (In addition, the “Authorize/Perform Void of a Discount from a Previous Round” option must be selected.)  Authorize/Perform Void of Service Charges on Closed Checks Select this option to allow employees associated with this class to void service charges from closed checks after they have been reopened and to authorize non-privileged employees to do so as well. In addition, the “Authorize/Perform Void of a Service Charge from a Previous Round” option must be selected.  Authorize/Perform Voids/Cancels of North American LDS Items  Select this option to allow employees associated with this class to perform voids or cancels of menu items ordered through a North American Liquor Dispensing System (NA LDS) and to authorize non-privileged employees to do so as well.  Authorize/Perform Direct Voids  Select this option to allow employees associated with this class to void transaction items by pressing the [Void] key and then the key for the item (e.g., a Menu Item key). Also, select this option to authorize non privileged employees to do so as well.  Authorize/Allow Voiding of Shared Check Items Select this option to allow employees associated with this class to void items which are shared between seats or checks, and to authorize non privileged employees to do so as well.

28

MD0006-090

 Authorization/Privileges

Utilities Privileges  The Utilities tab, shown below, contains options for access control to the Control Panel, Credit Card Utilities, NetVupoint and Dataviewer utilities, and other specific utilities.

Start the System and Operations from the Control Panel  Select this option to allow employees in this class to start the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may start operations on individual workstations from the EMC Workstation module. Stop the System and Operations from the Control Panel  Select this option to allow employees in this class to stop the system and POS Operations in the EMC Control Panel. Additionally, employees with this privilege may stop or kill operations on individual workstations from the EMC Workstation module. Reload the System from the Control Panel  Select this option to allow employees in this class to use the “Reload”  button in the Control Panel. Change Backup PC Number from the Control Panel 

Select this option to allow employees in this class to sign in to the EMC Control Panel and to change the Backup PC numbers.

9700 3.x Security Guide

29

 Authorization/Privileges

Make PC Active on its Backup PC from the Control Panel Select this option to allow employees in this class to sign in to the EMC Control Panel and make a PC active on its backup PC. Make PCs Active or Inactive from the Control Panel  Select this option to allow employees in this class to make PCs active or inactive in a 9700 MOR (MICROS Operational Resiliency) environment. Run the CC Batch Report Program  Select this option to allow employees associated with this class to use the Credit Card Report  module. Run the CC Batch Transfer Program  Select this option to allow employees associated with this class to use the Credit Card Transfer  module. Run the CC Batch Edit Program  Select this option to allow employees associated with this class to use the Credit Card Batch Editor  to edit batches. Run the CC Batch File Creation Program  Select this option to allow employees associated with this class to use the Credit Card Batch Creator . Do Not Mask Credit Card Info from Reports  Select this option to allow employees associated with this class to view Credit Card Numbers on Credit Card Reports. Can open the System Setup Utility Module in EMC Select this option to allow employees in this class to use the System Setup Utility module in EMC. The EMC module allows users to configure different settings used by the executables that run during the nightly autosequences. Run the Audit Trail Program  Select this option to allow employees in this class to run the EMC's Audit Trail module or to run the atrail_b.exe command-line application on the server  Reset the Audit Trail  Select this option to allow employees in this class to reset the Audit Trail in EMC's Audit Trail module or by using the atrail_b.exe command-line application on the server.

30

MD0006-090

 Authorization/Privileges

Can Minimize Application  Select this option to allow employees in this class to minimize the WinStation/SAR application on a workstation. Can Close Application  Select this option to allow employees in this class to close the WinStation/ SAR application on a workstation. Can Change Others' Passwords  Select this option to allow employees associated with this class to change EMC passwords of other employees. Can access the NetVupoint Module in EMC Select this option to allow employees in this class to use the NetVupoint module in EMC. The NetVupoint module allows users to configure different settings for the NetVupoint Transformation Service. Login to Dataviewer  Select this option to allow employees in this class to log in to Dataviewer. NetVupoint Admin user  Select this option to allow employees in this class to perform administrative tasks in NetVupoint and Dataviewer. Run and Save Output on Server Select this option to allow employees in this class to run and save Dataviewer queries. Create Public Queries  Select this option to allow employees in this class to save public Dataviewer queries. For information on the options located on the Privileges tab, please see “Access Level Granted to an Employee Class” on page 15.

9700 3.x Security Guide

31

 Authorization/Privileges

Procedure and Report Privileges  The Procedures/Reports tab, shown below, contains options relating to access and usage of UWS Procedures and Autosequences.

 Access Employee Job Code/Pay Rates in UWS Procedure #3  Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Can Change Employee Class in Employee File/UWS Procedures  Select this option to allow employees in this class to change an employee's Employee Class, in UWS Manager Procedures. Run UWS Procedures in Another Revenue Center  Select this option to allow employees in this class to perform UWS Procedures for a Revenue Center to which they are not currently assigned, in UWS Manager Procedures. For instance, if this option is selected, a manager eating lunch in Revenue Center 1 could change the Serving Period (if so privileged) in Revenue Center 2, saving the manager from having to walk to Revenue Center 2 to change the Serving Period,  because the manager can simply change the Serving Period from a workstation in Revenue Center 1 while enjoying his/her lunch.

32

MD0006-090

 Authorization/Privileges

Use UWS Procedure #1: Change Next Guest Check Number Select this option to allow employees in this class to reset the check number sequence and specify the next guest check number to be used in UWS Manager Procedures. Use UWS Procedure #2: Change Serving Period  Select this option to allow employees in this class to change the serving  period of a Revenue Center in UWS Manager Procedures. Use UWS Procedure #3: Employee Setup  Select this option to allow employees in this class to edit Employee Records in UWS Manager Procedures. Note that employees cannot be added or deleted through UWS Manager Procedures.  Access Employee Job Code/Pay Rates in UWS Procedure #3  Select this option to allow employees in this class to edit the Job Codes and Pay Rates of employees while accessing Employee Setup (UWS Procedure #3 in UWS Manager Procedures). Use UWS Procedure #4: Employee Revenue Center Setup  Select this option to allow employees in this class to edit Operator Records in UWS Manager Procedures. Use UWS Procedure #5: Change Employee Revenue Center  Select this option to allow employees in this class to alter the current Revenue Center assignment for employees in the system, in UWS Manager Procedures. Use UWS Procedure #6: Print Employee List Select this option to allow employees in this class to print a list of employees in the system, in UWS Manager Procedures. Use UWS Procedure #7: Change Employee Training Status  Select this option to allow employees in this class to place an employee in Training Mode, in UWS Manager Procedures. Use UWS Procedure #8: Adjust Employee Time Card  Select this option to allow employees in this class to adjust the clock-in/ out times for employees, in UWS Manager Procedures. Use UWS Procedure #9: Change Time Clock Schedule  Select this option to allow employees in this class to alter the time clock schedule, in UWS Manager Procedures.

9700 3.x Security Guide

33

 Authorization/Privileges

Use UWS Procedure #10: Print Time Clock Schedule Select this option to allow employees in this class to print the time clock schedule, in UWS Manager Procedures. Use UWS Procedure #11: Redirect Order Output  Select this option to allow employees in this class to Redirect Order Output for the printers in a Revenue Center, in UWS Manager Procedures. Use UWS Procedure #12: Change Menu Item Class  Select this option to allow employees in this class to make changes to Menu Item Classes in UWS Manager Procedures. (Note: Use this option with caution; editing Menu Item Classes in the EMC rather than on the workstation, a user is less likely to make a mistake.) Use UWS Procedures #13,17,18: Change Menu Item Assignment  Select this option to allow employees in this class to change Menu Item Assignment, to Change Barcode Menu Items, and to Change Barcode Files, in UWS Manager Procedures. Use UWS Procedure #14: Change Menu Item Availability Select this option to allow employees in this class to designate menu items as being “available” or “unavailable” (out-of-stock) in UWS Manager Procedures. Use UWS Procedure #15: Print Menu Item Prices  Select this option to allow employees in this class to print the Menu Item Price list, in UWS Manager Procedures. Use UWS Procedure #16: Update Currency Rates Select this option to allow employees in this class to change the exchange rates of alternate currencies, in UWS Manager Procedures. (Note: Use this option with caution; an employee with this privilege could potentially steal from the site. Typically, Currency Rates are infrequently updated, and only updated by a System Administrator through the EMC.) Use UWS Procedure #19: Change IP Printer Name This option should be disabled to ensure that IP Printers are only configured through the EMC. Select this option to allow employees in this class to change the name of the IP Printer, in UWS Manager Procedures. Run PC and UWS Reports Autosequence in Privilege Group 1  Select this option to allow employees in this class to run UWS and PC Autosequences belonging to Privilege Group 1. Note that all employees can run UWS and PC Autosequences belonging to Privilege Group 0.

34

MD0006-090

 Authorization/Privileges

Reset UWS Reports Without Printing  This option is only active if the option Reset UWS Reports is enabled. Select this option to allow employees in this class to run UWS Reports with the “Reset” option, while not printing the report. Run UWS Reports in Another Revenue Center  Select this option to allow employees in this class to run UWS Autosequences (Reports) for Revenue Centers other than the current Revenue Center to which they are currently assigned, in UWS Manager Reports. Reset UWS Reports  Select this option to allow employees in this class to run UWS Reports and to “Reset” the report. Note that if a report is set to “Reset” and an employee does not have this option enabled, the report will run properly  but it will not reset.

Transaction Privileges  The Transactions tab, shown below, contains options relating to posting and authorization privileges for transactions, service charges, tender, and other employee’s checks.

Post Payments to Checks Belonging to Another Operator  Select this option to allow employees associated with this class to post tender/media entries to checks belonging to another operator.

9700 3.x Security Guide

35

 Authorization/Privileges

Post Service Charges to Checks Belonging to Another Operator  Select this option to allow employees associated with this class to add service charges to checks belonging to another operator. Post Discounts to Checks Belonging to Another Operator  Select this option to allow employees associated with this class to add discounts to checks belonging to another operator. Post Menu Items to Checks Belonging to Another Operator Select this option to allow employees associated with this class to add menu items to checks belonging to another operator.  Authorize/Perform Automatic Service Charge Exemptions  Select this option to allow employees associated with this class to forgive automatic service charges using the [Exempt Auto Service Charge] key and to authorize non-privileged employees to do so as well.  Authorize/Perform Posting of Service Charges in Priv Group 1 Select this option to allow employees associated with this class to post Service Charges belonging to Privilege Group 1 and to authorize non privileged employees to do so as well. Note that all employees can post Service Charges belonging to Privilege Group 0.  Authorize/Perform Posting of Discounts in Priv Group 1  Select this option to allow employees associated with this class to post Discounts belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can post Discounts  belonging to Privilege Group 0.  Authorize/Perform Posting of Tender/Media in Priv Group 1 Select this option to allow employees associated with this class to post Tender/Media entries belonging to Privilege Group 1 and to authorize non-privileged employees to do so as well. Note that all employees can  post Tender/Media entries belonging to Privilege Group 0.  Authorize Over HALO Amounts on [Tender/Media] Keys Select this option to allow employees associated with this class to exceed the HALO amount set for a Tender/Media key and to authorize non privileged employees to do so as well.  Authorize/Perform Posting of Payments  Select this option to allow employees associated with this class to post  payments to a transaction and to authorize non-privileged employees to do so as well.

36

MD0006-090

 Authorization/Privileges

 Authorize/Allow Manual Entry of Credit Card Numbers  Select this option to allow manual entry of credit card numbers (typing the numbers into the workstation instead of swiping the credit card) and to authorize non-privileged employees to do so as well.  Authorize/Perform Closing of Checks with a Zero Balance Select this option to allow employees associated with this class to tender and close transactions that have a balance due of $0.00 and to authorize non-privileged employees to do so as well.  Authorize/Perform Closing of Checks with a Negative Balance Select this option to allow employees associated with this class to tender and close transactions that have a negative balance due and to authorize non-privileged employees to do so as well.  Authorize/Perform Open Check Block Settlement  Select this option to allow employees associated with this class to close all of their open checks to the Default Cash Tender/Media, specified in  Revenue Center Parameters , and to authorize non-privileged employees to do so as well.  Authorize/Perform Voiding of Tender w/ Signature  Select this option to allow employees associated with this class to void a tender from a check with a signature capture and to authorize non privileged employees to do so as well.  Allow Tender of Party Checks Select this option to allow employees associated with this class to Tender and close “Party Checks.”  Authorize/Perform Posting of Menu Items in Priv Group 1 Select this option to allow employees associated with this class to post Menu Items belonging to Privilege Group 1 and to authorize non privileged employees to do so as well. Note that all employees can post Menu Items belonging to Privilege Group 0.  Authorize/Perform Change of Transaction Main Level  Select this option to allow employees associated with this class to change the Main Level using one of the eight [Main Level] keys and to authorize non-privileged employees to do so as well.  Authorize/Perform Change of Transaction Sub Level  Select this option to allow employees associated with this class to change the Sub Menu Level using one of the eight [Sub Level] keys and to authorize non-privileged employees to do so as well.

9700 3.x Security Guide

37

 Authorization/Privileges

 Authorize/Allow Sharing of Check Items  Select this option to allow employees associated with this class to share menu items and to authorize non-privileged employees to do so as well. Sharing menu items is performed when using the [TouchSplit] and [TouchEdit] functions to put part of a menu item on two different checks (e.g., 1/2 Bottle of Wine “shared” between two couples at a table).  Authorize/Use the [Table Number] Key Select this option to allow employees associated with this class to use the [Table Number] key and to authorize non-privileged employees to do so as well.  Authorize/Use the [Menu Item Price Override] Key  Select this option to allow employees associated with this class to use the [Menu Item Price Override key] and to authorize non-privileged employees to do so as well. Menu Item Price Overrides are usually used to override a preset price of a barcode menu item.  Authorize/Use the [Order Type] Key Select this option to allow employees associated with this class to select an Order Type and to authorize non-privileged employees to do so as well.  Authorize/Perform Tax Exemptions Using [Exempt Tax] Keys  Select this option to allow employees associated with this class to forgive tax using one of the [Exempt Tax] keys and to authorize non-privileged employees to do so as well.  Authorize/Use the [Item Weight] Key  Select this option to allow employees associated with this class to post weighed menu items and to authorize non-privileged employees to do so as well.  Authorize/Use the [Transaction Cancel] Key Select this option to allow employees associated with this class to use the [Transaction Cancel] key and to authorize non-privileged employees to do so as well.  Authorize/Cause a Transaction to have a Negative Balance Select this option to allow employees associated with this class to create a check with a negative balance and to authorize non-privileged employees to do so as well.

38

MD0006-090

 Authorization/Privileges

 Authorize/Perform Change of Number of Guests  Select this option to allow employees associated with this class to change the number of guests in a transaction using the [Number of Guests] key and to authorize non-privileged employees to do so as well.  Authorize Open Cash Drawer Using the [No Sale] Key  Select this option to allow employees associated with this class to open the cash drawer outside of a transaction using the [No Sale] key and to authorize non-privileged employees to do so as well.  Authorize/Perform Signature Capture Override  Select this option to allow employees associated with this class to use the [Signature Capture Override] key and to authorize non-privileged employees to do so as well. Signature Capture Override is used to bypass the signature capture  process, in the event that the customer refuses to sign, or if the customer has left without signing.

 Authorize/Perform Employee Meal Discount Override for Non-  Scheduled Employees  Enable this option to allow employees associated with this class to permit non-scheduled employees to receive the employee meal discount and to authorize non-privileged employees to do so as well. This option works in conjunction with the “Employee Meal” and “Employee Meal Discount Applies to Scheduled Employees Only” options in the  Discount s module.

 Authorize/Perform AVS Override  Enable this option to allow employees associated with this class to  proceed with a credit card process without entering the AVS (Address Verification Service) information and to authorize non-privileged employees to do so as well.  Authorize/Perform CVV Override  Enable this option to allow employees associated with this class to  proceed with a credit card process without entering the CVV, CVC, or CID (the Card-Present Number) and to authorize non-privileged employees to do so as well.

9700 3.x Security Guide

39

 Authorization/Privileges

Miscellaneous Privileges  The Options tab, shown below, contains options for miscellaneous authorization privileges, such as for Mobile Micros Handhelds (MMH), Universal Stored Value Cards, and cash drawer usage.

 Authorize/Use the [Direct Tips] and [Indirect Tips] Keys  Select this option to allow employees associated with this class to use these keys to declare cash tips received (by themselves) and to authorize non-privileged employees to do so as well. Download Database to Mobile MICROS and SAR Clients  Select this option to allow employees in this class to download a new database to a Mobile MICROS device or SAR workstation and to authorize non-privileged employees to do so as well.  Auth/Perform Assign Cash Drwr 1&2; Unassgn Drwr from Others  This option bit includes two different functions. #1: Select this option bit to allow employees associated with this class to use the [Assign Cash Drawer 1] and [Assign Cash Drawer 2] keys to assign the cash drawer to themselves, and to authorize non-privileged employees to use the [Assign Cash Drawer 1] or [Assign Cash Drawer 2] keys to become assigned to a drawer. #2 If this option bit is enabled, employees in this employee class can use the [Unassign Cash Drawer] key to unassign cash drawers from other operators.

40

MD0006-090

 Authorization/Privileges

 Note that the [Assign Cash Drawer] key does not require an Employee class privilege—any employee with access to the [Assign Cash Drawer]  button can use it.

 Authorize/Perform Assignment & Changes of Cashiers  Select this option to allow employees associated with this class to assign themselves a cashier link or change their cashier link with the [Assign Cashier] key and to authorize non-privileged employees to do so as well.  Authorize/Use the [Keyboard Select] Key Select this option to allow employees associated with this class to change keyboards using one of the [Keyboard Select] keys and to authorize non privileged employees to do so as well.  Authorize/Use the [Direct Tips] and [Indirect Tips] Keys for  Another Employee Select this option to allow employees associated with this class to use these keys to declare cash tips received by another employee and to authorize non-privileged employees to do so as well.  Authorize/Perform UWS Download New Revenue Center Select this option to allow employees associated with this class to download a new Revenue Center to a workstation and to authorize non privileged employees to do so as well.  Authorize Cash Drawer Reconnection  Select this option to allow employees associated with this class to authorize a cash drawer cable reconnection on a workstation. If an operator has the option bit enabled to “Require Authorization for Cash Drawer Reconnection,” the operator will need an authorization before  performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization.  Authorize Power Cycle of Workstation during Operations Select this option to allow employees associated with this class to authorize a Power Cycle of a workstation. If an operator has the option bit enabled to “Require Authorization for Power Cycle of UWS during Operations,” the operator will need an authorization before performing another transaction. If this option bit is enabled, employees associated with this class can perform this authorization.

9700 3.x Security Guide

41

 Authorization/Privileges

 Authorize SAR Workstation to Enter Offline Mode Select this option to allow employees in this class to enter offline mode on a SAR workstation. When an operation is attempted that normally causes the workstation to contact the 9700 Server, if contact cannot be established, the client will display a prompt to retry the operation or work offline. If the user chooses to work offline, the operator needs to have an authorization, which is represented by this option bit.  Authorize SAR workstation to Exit Offline Mode  Select this option to allow employees in this class to enter online mode (while in offline mode) on a SAR workstation. While offline, if communication with the 9700 Server is detected, a prompt will be displayed to work in online mode. If the user chooses to work online, the operator needs to have an authorization, which is represented by this option bit.  Authorize Running of Offline Reports Select this option to allow employees associated with this class to generate Offline Reports when the workstation is offline.  Authorize/Perform Manual Entry of Stored Value Card Number  Select this option to allow employees associated with this class to manually enter the stored value card account number and to authorize non-privileged employees to do so as well.  Authorize/Perform Issue Stored Value Function  Select this option to allow employees associated with this class to issue a stored value card and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Issue Stored Value Entry  Select this option to allow employees associated with this class to void an issued card and to authorize non-privileged employees to do so as well.  Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.  Authorize/Perform Issue Stored Value Batch Function  Select this option to allow employees associated with this class to issue a  batch of stored value cards and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Issue Stored Value Batch Entry  Select this option to allow employees associated with this class to void a  batch of stored value cards and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.

42

MD0006-090

 Authorization/Privileges

 Authorize/Perform Activate Stored Value Function  Select this option to allow employees associated with this class to activate a stored value card and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Activate Stored Value Entry  Select this option to allow employees associated with this class to void the activation of a stored value card and to authorize non-privileged employees to do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.  Authorize/Perform Activate Stored Value Batch Function  Select this option to allow employees associated with this class to activate a batch of stored value cards and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Activate Stored Value Batch Entry  Select this option to allow employees associated with this class to void the activation of a batch of stored value cards and to authorize non-privileged employees to do so as well.  Authorize/Perform Reload Stored Value Function Select this option to allow employees associated with this class to Reload (add credit) a dollar amount to an existing stored value card and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Reload Stored Value Entry  Select this option to allow employees associated with this class to void a Reload transaction and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.  Authorize/Perform Redeem Authorization Stored Value Function  Select this option to allow employees associated with this class to perform a redemption authorization and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Redeem Authorization Stored Value Entry  Select this option to allow employees associated with this class to void a redemption authorization and to authorize non-privileged employees to do so as well.

9700 3.x Security Guide

43

 Authorization/Privileges

 Authorize/Perform Redeem Stored Value Function Select this option to allow employees associated with this class to perform a redemption transaction (a stored value card is used to make a purchase and a dollar amount is deducted from the account) and to authorize non privileged employees to do so as well.  Authorize/Perform Void Redeem Stored Value Entry  Select this option to allow employees associated with this class to void a redemption transaction and to authorize non-privileged employees to do so as well.  Authorize/Perform Manual Redemption Stored Value Function Select this option to allow employees associated with this class to perform a manual redemption and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Manual Redemption Stored Value Entry  Select this option to allow employees associated with this class to void a manual redemption transaction and to authorize non-privileged employees to do so as well.  Authorize/Perform Issue Stored Value Points Function Select this option to allow employees associated with this class to issue  points to a stored value card and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Issue Stored Value Points Entry Select this option to allow employees associated with this class to void issued points on a stored value card and to authorize non-privileged employees to do so as well. Touch Voids and Direct Voids are allowed; Last Item Voids and Returns are not allowed.  Authorize/Perform Redeem Stored Value Points Function Select this option to allow employees associated with this class to perform a points redemption transaction and to authorize non-privileged employees to do so as well.  Authorize/Perform Void Redeem Stored Value Points Entry  Select this option to allow employees associated with this class to void a  points redemption transaction and to authorize non-privileged employees to do so as well.  Authorize/Perform Stored Value Cash Out Function  Select this option to allow employees associated with this class to debit some or all of the remaining balance on a stored value card and to authorize non-privileged employees to do so as well.

44

MD0006-090

 Authorization/Privileges

 Authorize/Perform Stored Value Balance Inquiry Function Select this option to allow employees associated with this class to check a stored value card balance and to authorize non-privileged employees to do so as well.  Authorize/Perform Stored Value Balance Transfer Function  Select this option to allow employees associated with this class to transfer the balance from one stored value card to another and to authorize non privileged employees to do so as well.  Authorize/Perform Stored Value Point Inquiry Function  Select this option to allow employees associated with this class to check a stored value card point balance and to authorize non-privileged employees to do so as well.  Authorize/Perform Stored Value Report Generation Function  Select this option to allow employees associated with this class to generate stored value card reports and to authorize non-privileged employees to do so as well.  Authorize/Perform “Accept Coupon” Stored Value Function Select this option to allow employees in this class to perform the “Accept Coupon” Stored Value Function and to allow non-privileged employees to do so as well.  Authorize/Perform “Void Accept Coupon” Stored Value Function  Select this option to allow employees in this class to perform the “Void Accept Coupon” Stored Value Function and to allow non-privileged employees to do so as well.  Authorize/Perform Stored Value Reprint Chit Function Select this option to allow employees in this class to reprint Stored Value chits and to allow non-privileged employees to do so as well.

Workstation Privileges Workstation Privileges are configured in the EMC within the System Hardware |  Device Table | | Options Tab .

9700 3.x Security Guide

45

 Authorization/Privileges

Enabling

Enable Rear Display  Select this option to enable output to a rear customer display attached to this workstation. Do Not Clear Screen After Transaction  Select this option to cause the last screen of a transaction to remain on the display after the transaction is complete. This option is enabled for workstations in Revenue Centers who want to use the “Print Customer Receipt” function key to print receipts after the close of a transaction.  Assign Cash Drawer By User Workstation  If this option is enabled, operators must assign themselves to a c ash drawer by using the one of the Function Keys 848, 839, or 840 (Assign Cash Drawer, Assign Cash Drawer 1, Assign Cash Drawer 2). Then, only the operator assigned to the drawer will be able to open it (or a privileged manager, who can unassign a drawer from a user). If this option is disabled, the Operator “Cash Drawer” field determines if an operator can access a cash drawer or not. In this scenario, all operators with the “Cash Drawer” field set to “1” will be able to open Cash Drawer 1. Note: Giving multiple employees access to a single cash drawer is not as secure as requiring employees to be assigned to a Cash Drawer.

46

MD0006-090

 Authorization/Privileges

Require Cash Drawer to be Closed Before New Transaction Select this option to require that cash drawers attached to this workstation are closed before a new transaction may be begun. Do NOT select this option to allow transactions to begin while a cash drawer is open. Use Cash Drawer Number 2 for Other Currency  This option is used only if two cash drawers are in use for this workstation and one is dedicated to foreign currency. Select this option to cause the second cash drawer (not the drawer currently assigned) to open, when using a tendering key that opens the cash drawer and that is used with currency conversion. In addition, the foreign currency must allow change to be made in that currency. Disable Employee Auto Sign Out  Select this option to disable the Automatic Operator Popup Interval  programmed in Revenue Center Parameters. Do NOT select this option to cause operators to be signed out of this workstation after the Automatic Operator Popup Interval expires. Mag Card Entry Required for Employee ID  Select this option to require that all employee ID entries at this workstation are made using a magnetic employee ID card. This applies to signing in and authorizing privileged operations. If this option is selected, the workstation will not accept an employee ID number entered through the keyboard or touchscreen. Do not select this option to allow the employee ID to be entered by either a magnetic card or  by the keyboard or touchscreen.

Enable UWS Activity Log Select this option to activate logging on this workstation. This option applies to PCWS, SAR, and Mobile MICROS clients only. Enable Scale Interface  Select this option to enable communication between this workstation and a scale. Enable Signature Capture  Select this option to enable communication between this workstation and a Signature Capture pad.

9700 3.x Security Guide

47

 Authorization/Privileges

North American LDS Attached to this UWS This option only applies to workstations using a Liquor Dispensing System. Select this option to indicate to the system that the Liquor Dispensing System (LDS) attached to this UWS is a North American LDS. Do NOT select this option to indicate that an ILDS (International Liquor Dispensing System) is in use. Enable RFID PayPass Device  Select this option to activate communication between this workstation and an RFID PayPass Device. This device is used for Radio-Frequency Credit Cards. (NOTE: This option is only available on SAR clients.) Enable Error Beeper Select this option to cause the UWS to emit a beep whenever an operator commits an error that causes an error message or prompt to display. Disable this option to suppress the beep when an error message or prompt displays.  Auto Begin Chk when Chk Optr ID/# Entered Outside of Trans. This option is active only if the “Allow Replacement Sign In Outside Transaction” option is disabled. Select this option to allow an operator to  begin a guest check transaction by entering an operator ID or employee number. The signed-in operator becomes the transaction operator; the employee whose ID or employee number was entered becomes the check operator. If this option is enabled, sales totals and tenders posting are determined  by the setting of the Revenue Center Parameters Posting options “Post Totals to Transaction Operator” and “Post Tender to Transaction Operator.” The system will require the use of either the employee ID or the employee number, as determined by the setting of the Operator option “Use Employee Number to Open Check for Another Employee.”

ON = Link Cashier Totals to UWS; OFF = Link to Operator  Select this option to allow this workstation to be linked to a single Cashier Record. This option can only be used with a workstation that is assigned to a single Revenue Center (when this is enabled, Revenue Centers 2-8  become disabled on the Revenue Centers tab). Cashiers are linked to a workstation by using the [Assign Cashier] function key on the workstation. When this option is disabled, totals are  posted to the operator's Cashier Record, if one exists.

 Allow SAR Mode This option must be selected to allow this workstation to operate in Offline Mode.

48

MD0006-090

 Authorization/Privileges

Can Be Offline During Autosequences Select this option to allow this workstation to be offline when autosequences run. If this option is enabled, PC autosequences will still run even if the PC Autosequences option, “Do Not Run if Workstations Are Offline” option is enabled. Enable Remote Order Printing to Local Printer When Offline This option should be enabled. If this option is enabled, a SAR Client, when offline, will print the Order Output (that should have printed to remote kitchen printers, for example) to the local SAR workstation's  printer. Enable Local Guest Check Printing Enable this option to direct guest check printing to a wireless local printer (for Mobile MICROS devices) or to a SAR local printer (for SAR devices). Disable this option to choose the printers for specified print jobs on the Printers tab for this workstation. Enable Local CA Voucher Printer Select this option to cause Credit Card Authorization vouchers to print from this SAR device to the SAR local printer. Disable this option to select a Credit Card Authorization printer from the printers tab of this device. Disable auto-online  A workstation will automatically return to Online Mode if communications have been reestablished and the number of transactions rung offline is less than the amount specified in the Property Parameters “Automatic Online Transaction Limit” field. By enabling this option, the workstation will prompt the user to return online, instead of continuing online automatically. Go Offline Without Prompting  When this option is enabled, a workstation will go offline automatically when communication with the server is lost. When this option is disabled, the user will be prompted to work offline.

9700 3.x Security Guide

49

Encryption

Encryption Overview Encryption is the reversible transformation of data from the original (plaintext) to a difficult-to-interpret format (ciphertext).

Permanent Data Store Encryption Sensitive data in the 9700 database is encrypted using industry standard TripleDES encryption. Each encrypted piece of data has a link to an entry in the encryption key table, which is also encrypted using Triple-DES encryption. 9700 provides a Encryption Key Management utility to add a new encryption key to the encryption key table. All data that will need to be stored in the database in encrypted format will automatically be encrypted using the latest key. For more information, see the  MICROS 9700 Encryption Key Management Utility document.

Warning: If the encryption key is lost, the encrypted data in the database is unrecoverable. There are no backdoors!

Key Rotation Considerations In order to achieve maximum security, MICROS Systems, Inc. mandates the system administrator regularly rotate your keys, at least annually, and delete any old or comprised encryption keys. 9700’s entire design of data encryption, key generation, and storage is built to facilitate such practice. For more information, please see the  MICROS 9700 Encryption Key Management Utility document.

50

MD0006-090

 Audit Trail

 Audit Trail Overview The Audit Trail keeps a record of all changes made to the 9700 database, as well as the identity of the employee who made the changes. The Audit Trail records the following activity: Module or Function

Activity

Configurator

Add, delete, or edit records in any file, or clear any database totals files

UWS Procedures

Edits of records in any file, including time card adjustments

Report Writer

Reports taken, reset, and reset without printing

PC Autosequences UWS Autosequences Audit Trail Error Log

Reports reset (Entries for the Error Log, which does not require the entry of a PC Functions ID,  print “Employee Unknown”.)

Control Panel

Start or stop the 9700 System; Start or stop the POS Operation module, Start or stop Operations on a UWS, Change Backup PC#, Change PC state (Active/Inactive)

Credit Card Settlement

Create, Edit, Print, or Transfer Batch File

Credit Card Editor

Move to a different batch file, Save and exit the application

SQL

Add, delete, or edit records in any file

Operations

Reset

UWS Reports

All resetting operations, reports taken, and reset

9700 3.x Security Guide

51

 Audit Trail

Enabling

The EMC | System Information | Parameters  option Enable Audit Trail must be enabled for Audit Trail to record activity. For security purposes, MICROS Systems, Inc. mandates this option be enabled.

Usage A privileged employee may conduct searches within the Audit Trail of database changes based on a variety of search criteria (e.g., by application, by operation, or  by employee). To authorize an employee to run the  Audit Trail module, Search tab, the option Run the Audit Trail Program must be enabled within the EMC  Employees module, see page 30 for more information ( Personnel | Employees | Maintenance | Sort by Class | Utilities tab). The Audit Trail  file must be reset (erased) periodically in order to prevent the file from becoming very large and consuming too much space on the PC’s hard drive. To authorize an employee to manual reset the Audit Trail, the Reset the Audit Trail option must be enabled within the EMC  Employees module ( Personnel |  Employees | Maintenance | Sort by Class | Utilities tab) , see page 30 for more information. The Audit Trail is manually reset within the  Audit Trail Search module, see page 55 for more information.

 Audit Trail Module The EMC Audit Trail  module is used for its Audit Trail report function and to manually reset the Audit Trail.

52

MD0006-090

 Audit Trail

 Audit Trail | Search Tab  The Audit Trail | Search Tab includes a report function that can be used to view the contents of the Audit Trail file, as seen below.

The results of an Audit Trail Report can be viewed on the PC Monitor, printed to the PC’s network printer, or saved to a file on the PC. Audit Trail reports may be taken for:

•

Each application

•

Each operation (add, clear totals, delete, edit, or login)

•

For a specific module

•

For a specific Revenue Center 

•

For a specific employee

•

For a specific time period

9700 3.x Security Guide

53

 Audit Trail

Each record in the Audit Trail Report includes:

•

The application to which the change was made (e.g., Configurator)

•

The date and time that the change occurred

•

The operation made (e.g., field edit, record deletion, autosequence reset)

•

The identity of the employee who made the change

•

In the case of database changes made in Configurator or UWS Procedures, the Audit Trail record also includes the Previous and Current data entered in the field

Enabling   Applications  Select the application to be included in the search. Operations Select the operation to be included in the search. Module  Select the module to be included in the search. Revenue Center  Select the Revenue Center, if any, to be included in the search. Employee  Select an employee to search. Start Date  Select the Start Date to search. Note that the Audit Trail data is automatically purged for data one month prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information. End Date  Select the End Date to search. Note that the Audit Trail data is automatically purged for data one month prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information.

54

MD0006-090

 Audit Trail

 Audit Trail | Reset Tab  The Reset Tab is used to reset (erase) the Audit Trail in order to prevent the file from becoming very large.

Enabling  Reset Entries Until Select a date. The date selected in this field is the cutoff point—all Audit Trail data before this date will be purged from the database.  Note that the Audit Trail data is automatically purged for data one month  prior to the Current Month; also, the Audit Trail is typically reset nightly (by FileMaintenance.exe). Therefore, it may be possible that only today's Business Date shows Audit Trail information.

9700 3.x Security Guide

55

×

Report "9700 Security Guide"

Your name