Parameter Settings > Setup > User ID Tab

The User ID (ALT-U) parameters tab provides options for assigning administration and application duties to specific users and determining password security. Notifications have been moved to a different tab, "Notify."

 

Management Designation

Your business can designate up to three system administrators, but at least one must be defined. This designation provides the user with access to some parameters and functions that would normally be limited or not available to other users. Administrator users may also receive special notification messages that other users would not.

Parameters_UserID_Management_Users

Some messages that a system administrator user might receive include:

Credit/Debit Card Authorization or Processing that are Canceled by a User
 
Credit or debit card transactions are handled outside the application by other programs and services. This type of processing can rely upon network or Internet connectivity. If there is a delay, it's possible for Point of Sale users to "cancel" the authorization or processing of a card transaction; however, it's sometimes possible for a transaction to actually go through, so it's important for a manager to check whether or not the canceled card transaction actually processed or not.

Manually Authorized Credit Card Transactions
 
Entering an authorization code manually at Point of Sale, if allowed, bypasses ALL current or future automated card processing. It is assumed that the "authorization" entered was received directly from the card processor after telephone, Internet, or terminal processing was done independently from (outside) the application.
 
If this is not the case and a user, simply "makes up" an authorization, the transaction will still process in the software just as if a valid authorization was received. It is your company's responsibility to monitor any manual authorizations (if you allow them, this can be blocked) to make sure they are valid and to instruct your employees on the proper use of the authorization field if you do choose to use it.

Messages that would normally be directed to another specified user.
 
In some cases, certain User ID notifications enabled in the Parameters area are sent to both the designated user and also a system administrator (usually just the first admin user listed). This may also happen if the user specified isn't valid for some reason or no other user was specified.

Certain correctable Microsoft Windows errors encountered by your company's users.
 
If users at your company receive errors due to reasons that can or must be corrected locally due to invalid settings or issues caused by operating system problems or software conflicts, these types of errors are directed to a System Administrator user in hopes that they will take the time to correct the problem.
 
Examples include errors caused by a computer with either an invalid or no Windows default printer and errors caused by other Windows programs using too many handles or too much memory for the application to run properly.
 
In most cases, instructions on preventing or fixing the error are included with the message. This same information is usually presented to the person who is receiving the error as well; however, they may not always have user permissions needed to correct the problem themselves.

Application Administration

There are seven major application areas that an administrator ID may be assigned to: Point of Sale, Purchasing, Inventory, Receivables, Payables, General Ledger, and Maintenance.

Parameters_UserID_Application_Admins

Each "application administrator" is provided the following functions for their assigned area:

Permission to designate Menu Markers Menu_Marker_Icon1 in that application area as "Secure."

Permission to edit any warning messages for that application (see Messages for more information).

Permission to modify parameters specific to their assigned application area.*

*The user's security must also provide access to the Parameters form in Maintenance to allow this.

Certain notifications also use the application administrator.

Menu Markers and Security

A secure marker will only be visible and available to those users with access to "Secure form menu markers." This setting is found in the User ID form, located under the Maintenance application from the Database drop down.

UserID_AllowAccess

Menu Markers offer alternate options that either need to be accessed infrequently or perform functions that should be limited to only certain users.

Menu_Marker_Display2

An application manager can make a menu marker "Secure" by clicking on the blue menu icon and choosing "secure" from the drop down menu. Only an application manager will see this option.

Menu_Marker_Display

In some cases, there are security settings that will enable/disable individual options on these menus so that disabling the entire menu is not necessary.

Password Security

These settings determine the minimum size of user passwords and the number of days for expiration (if any) as well as character requirements for passwords. If these parameters are set higher than zero (0), they are enforced; otherwise, they are not. Users are allowed to change their passwords during sign-on at any time. In addition, an administrator with security permission can modify passwords for users from the Maintenance, User ID form.

Max Attempts

Enter the maximum number of failed log in attempts you allow for your users.

Minimum Size

Enter the minimum number of characters you require for the user password. Password size requires that a user's password be the parameter's minimum number of characters in length or longer. In some cases, a minimum size can be required automatically due to choosing either the "require alpha & num" and "require special chars" options.

Expiration Days

Enter the number of days you want the password to be valid. Expiration causes users to be prompted on a regular basis to change their password to something new (based on the # of days set in the parameter).

Require Alpha & Num

When checked, this setting required that passwords contain at least one alpha character (upper or lower-case letters such as a, B, c, etc.) and at least one number (1, 2, 7, etc.). If used, the required size of a password must be at least 2-characters in length (one character for each type).

Require Special Chars

When checked, this setting required that passwords contain at least one "special" character. "Special" character means a symbol (not a letter, not a number). For example, a user might choose the asterisk (*) or dollar symbol ($) to be part of their password. If used along with the "require alpha & num" option, the required size of a password must be at least 3-characters in length (one character for each type).

Use Windows Authentication

Select this check box to allow the application to use Windows Authentication for system access.

LDAP Path

Enter the LDAP path in this field.

What is Windows Authentication and LDAP?

LDAP stands for (Lightweight Directory Access Protocol) and is kind of like a server-based address book.

The intention of the LDAP option in Spruce is to use each client’s Windows login and password to sign into the software. The benefits to enabling LDAP being that (1) the user won’t have to type in their user name and password when starting the application and (2) users won’t have to remember two different sets of user names and passwords (one set for Windows, one for the software).

For this to work, the following must be done:

Active Directory must be enabled on the server.

All Windows user names must be limited to 6-characters (because application user names are limited to 6-characters).

Each Windows user name and password must match a valid application user name and password.

Any future changes to passwords and user names must be maintained in 2 places (LDAP and the application).

Password expiration should not be used with the software as it would cause the user to modify their password. When done, the application's user information would no longer match the Windows user information.

The LDAP Directory on the server must be designated on the Parameters, User ID tab in the software and the Windows Authentication check box must be checked.

Some application features such as inactivity time-outs and shared POS settings will still return the user to the Sign-on form (and the user would still need to manually log in if this happens).

The 6-character limitation for user names in the application is often a reason why companies choose to not enable Windows Authentication. It can be a lot of work for an existing network to modify all Windows user names to match this size restraint. We currently have no plans to increase the user name size because it is so widely used throughout the existing application's data (almost every table, over 300 tables in number, contains the user name not to mention the areas in the application code that would need modification).