Security

This section describes Security menu options.

Operators

At least one operator must be defined in the system. Operators need to be set up for several reasons. Individual transactions require that an operator be associated with them, for audit purposes. Operators also need to be identified for security purposes, so as to allow access to different parts of the system depending on what privileges they have been assigned. There is a special AUTO operator, and this is the operator-of-record used to log activities when the system performs certain automatic operations.

Use the New button on the toolbar to create a new operator. You will be prompted to enter a short unique ID for the operator. Usually, the operator's initials suffice.

You will then be prompted for the operator's Full Name.

The new operator will be added to the list of operators.

The Workstation field, if filled in with a specific machine name, (as found in the Windows System attributes) will limit this operator to only be able to login on that specific PC.

The Operator Type field provides the following list of options:

• Agency: An agency is another organisation besides yours, selling tickets on your behalf, using the Agency extension to the Web module.They will usually get a percentage of the ticket price for each sale. An agency operator needs access privileges to certain parts of the system so they can sell tickets, but may not necessarily have the same access as an internal operator. Agency operators must have the Operator Type set to Agency and must not be set up as ordinary operators, as this would make it impossible for the PatronBase system to distinguish the agency sales.
• Distributor: Distributors, promoters, and similar production partners or other organisations in other partner roles can be given access to the system and allocated the Distributor operator type. They normally will be receiving a fixed fee or a percentage of takings from the production sales. If given login access to the system, they will normally be given restricted access privileges, perhaps so they can edit production and performance details.
• Operator: All your internal system users, including administrators, are set up with the Operator Type set to Operator.

When the Operator Type is set to Agency, the Agency button becomes available. See below for more details on Agency settings.

The Active field indicates if the operator is active. Because completely deleting an operator would damage historical records, operators can never be deleted and are simply made inactive.

Set Operator Password

A password is required for all users. Click the Set Password button to create or change a password for a user. When it is typed in it will appear as a row of asterisks (******). The password is case-sensitive, which means that the same word but with a capital letter instead of a lower-case letter will be a different password as far as the system is concerned, so the user must remember what case is used for each character.

Set Operator Access Privileges

The Security Group button is used to select the category of permissions the operator is granted. All the operators assigned to a particular Security Group get the same system access, and changing the permissions for the Security Group will update the access permissions for all the operators assigned that Security Group. For more details on setting up a Security Group, see Security Groups. To assign an operator access privileges, select the Security Group button, then click the SecGroup field. A new SecGroup window will open. Select the security group option from the list that provides the access privileges you want to assign to the operator.

To delete a security group from the list granted to an operator, select the row and click the Delete button in the toolbar. You will be asked to confirm the action.

Specify Productions for an Operator

The Productions button is only available if the operator is assigned to a security group that has been assigned the limited privilege Can only view/book selected productions. This is one of the security group functions that can be assigned to a security group. For more information, see Group Functions. If this limiting privilege has not been set for the operator's security group, all productions will be available.

Click the Productions button to specify the productions the operator can view and book.

To add a new production to the list of permitted productions, click the Production box for the empty last row of the table. A new window will open, and a Production will be able to be selected from a list.

To delete a production, select the row and click the Delete button in the toolbar.

Specify Payment Types for an Operator

The Payment Types button is only available if the operator is assigned to a security group that has been assigned the limited privilege Can only use selected payment types. This is one of the security group functions that can be assigned to a security group. For more information, see Group Functions. If this limiting privilege has not been set for the operator's security group, all payment types will be available.

Click the Payment Types button to specify the payment types the operator can use.

To add a new payment type to the list of those permitted, click the Payment Type box for the empty last row of the table. A new window will open, and a Payment Type will be able to be selected from a list.

To delete a payment type, select the row and click the Delete button in the toolbar.

Specify Book Types for an Operator

The Book Types button is only available if the operator is assigned to a security group that has been assigned the limited privilege Can only use selected book types. This is one of the security group functions that can be assigned to a security group. For more information, see Group Functions. If this limiting privilege has not been set for the operator's security group, all book types will be available.

Click the Book Types button to specify the payment types the operator can use.

To add a new book type to the list of those permitted, click the Book Type box for the empty last row of the table. A new window will open, and a Book Type will be able to be selected from a list.

To delete a book type, select the row and click the Delete button in the toolbar.

Set Agency Operator Details

When the Operator Type option is set to Agency, the Agency button is accessible.

Select the Agency button to set agency details for the operator.

Agency Group includes an enabling tickbox and a dropdown list of the defined Agency Groups. To create an Agency Group, see Agency Groups. Select the appropriate group from the dropdown for the agency operator you are setting up.

Rate (Percent) specifies the percentage of the sale that the agency earns from a sale.

Booking Minimum and Booking Maximum constrain the number of tickets that can be sold by the agency operator in a single sale.

Time Limit (days) specifies the number of days in advance of a performance when the agency operator can book tickets.

Assigning Member Group Management to Operators

An operator may be assigned to manage multiple Member Groups. Click the Member Groups button.

Tick the Selected box next to each Member Group the operator is to manage.

Security Groups

The security within the PatronBase system is designed to allow the organisation to control access to most aspects within the main activities.

This is achieved at two levels:

• Operator ID. The Operator is prompted for their login ID and password whenever they log on to the system. Failure to successfully log on with a known user ID and the correct password will prevent access completely. All transactions are audited with the Operator ID associated with it.
• Security Groups. Operators are members of one or more Security Groups which are set up with access privileges to the system.

To create and edit Security Group identities, select Security > Security Groups.

To add a new Security Group click in this row next to the *.

Security groups that are no longer needed or used are not deleted but can be made inactive by changing the Active option to Inactive.

Group Functions

Each Security Group is assigned permissions from a list of available privileges. Open Security > Group Functions.

The Functions list shows available permissions. See Appendix 4: System for a complete list.

Selected permissions appear in the Read/Write and Read Only lists for the for the highlighted Security Group.

To add or remove a Function to the Security Group, highlight the function and use the > button of either the Read/Write or the Read Only group. You can also highlight then drag-and-drop functions to move them from one list to another.

Read Only privileges will allow operators that are members of that group to view the information but prevent them changing it.

Agency Groups

Within the Web module, the Agency extension allows for an outside organisation to book tickets in real-time, via the web. There may be a number of different agencies and agency operators, allowing operators to be grouped, for reporting purposes. Agency operators could be put into an Agency Group set up for all operators in their organisation, or maybe different information centres in the same area may be put into a geographically organised Agency Group.

Open Security > Agency Groups. Create a new group by clicking in the row marked with the *.

You cannot delete an Agency Group once it has been used, for that would damage historic data. When no longer required, the Active status can be set to Inactive.

Having created an Agency Group, you will need to define operators for the agency, specifying their Operator Type as Agency, and clicking the Agency button to detail their Agency Group and various constraints.