System administrators use this program to configure the Electronic Signatures system.
Electronic Signatures provide security access, transaction logging and event triggering; enabling you to increase control over your system changes. This is achieved through the authentication and tracking of system activities against key business processes and sensitive data.
The Electronic Signatures system additionally assists with the effective segregation of duties, so you would typically use this system if you needed to control who in your company is allowed to process various transactions and if you require an audit trail of who performed a transaction and when it occurred.
This improves security by facilitating the integrity of operations and control over internal automated workflows. Therefore SYSPRO's Electronic Signatures system is commonly used by companies who have requirements for passing corporate governance audits, or who require compliance with various industry regulations such as FDA 21 CFR Part 11 and the Sarbanes-Oxley Act.
The following steps outline how to implement the Electronic Signatures system for a single company. However this is a basic guide only and you can configure the Electronic Signatures system differently according to your requirements.
See Tasks for additional step-by-step guides.
(Optional) Configure the Role Management system to create operator roles and define settings for each role.
The Role Management system is used to maintain operator roles and to configure settings for each role. This enables system administrators to easily pre-configure and control a number of settings within SYSPRO.
When initially defining eSignatures by operator Role, you need to access the system from the Role Management program, as you cannot add a new Role directly into the Electronic Signatures program.
However, once eSignatures are defined for a specific role, you can maintain the configuration directly from the Electronic Signatures program, without first loading the Role Management program.
See also: Restrictions and limits in the Notes and Warnings section.
Enable the Electronic Signatures system.
As Electronic Signatures are disabled by default, the Global Configuration screen is displayed when you initially access the Electronic Signatures program. (Once you have closed this screen, you can access it again by selecting the Global Configuration option from the Options menu.)
See Global Configuration for reference fields.
Select the option: Electronic signatures required
Deselect the option: Secure by default
Select the option: Company, group or operator
Select the option: Operator password and save your settings
Add a new configuration level.
From the Add a New Configuration window, at the Configure by field, select the Company option
Select the company id for which you want to configure Electronic Signatures and save your settings.
Define the access control for the Company configuration level.
From the Transactions menu, select the All Log only option.
The Transaction Configuration message window displayed, confirm to continue.
This ensures that at company level, all operators can process all transactions to which they have not been denied access (see Operator Maintenance and Groups) and an audit log is generated for each transaction.
Define the access control level you require for each operator.
From the Configuration menu, select the New option.
At the Configure by field on the Add a New Configuration screen, select Operator.
Select the operator for whom you want to define the access level and save your changes.
The operator is added to the Configuration Level listview.
All transactions which can be secured by Electronic Signatures are displayed in the Transactions listview. For the selected operator, all transactions are displayed as being selected (Allowed).
Define the access control at transaction level.
If you want to disallow most transactions (i.e. only allow the operator to process all AP transactions, for example) then you can select the All Denied option from the Transactions menu. This deselects all the transactions for the operator.
You then manually define the access level required for those transactions to which you want to give the operator access:
From the Configuration Level listview, highlight the operator for whom you want to define access at transaction level
Select Define by Transaction from the Transactions menu.
Highlight the transaction for which you want to define the level of access for the selected operator.
Select the Configure option in the Configure column (Alternatively, use your right mouse button to select the Advanced Configuration option).
Define the Access control level for the transaction as eSignature.
Optionally define an Effective period for this access control level for this transaction.
Optionally select the Logging and Trigger Options tab to configure a detailed audit log for the transaction (see Configure Detail Log).
Optionally select the Logging and Trigger Options tab to configure a trigger for the transaction.
Select the Apply function to apply your selections to the transaction for the operator.
Repeat steps for each transaction to which you want to define eSignatures against for the operator.
Repeat steps 5 and 6 for each operator.
The following table summarizes the access control levels available for Electronic Signatures:
See also: Access Control considerations in the Notes and warnings section.
Access Control | Description |
---|---|
All Secured by eSignature (Configuration level) or eSignature (Transaction level) |
Select this to set the current transaction or configuration level to be subject to Electronic Signatures. If you select this access control at Configuration level, the transactions are subject to Electronic Signatures and therefore Operators must enter a password before the transaction can be processed. If selected at Transaction level, you would need to additionally indicate if the operator is required to confirm with a password to proceed, or alternatively if a message box should be displayed, requesting confirmation with a default result to either proceed or deny the transaction. If selected at either level, an audit log is generated for the transaction. |
All Allowed (Configuration level) or Allowed (Transaction level) |
If selected at either Configuration or Transaction level, this access control allows Operators to process the transaction without having to enter a password, therefore the transaction is ignored by the Electronic Signatures system. No audit log is generated for the transaction. |
All Denied (Configuration level) or Denied (Transaction level) |
If selected at either Configuration or Transaction level, this access control prevents Operators from processing any SYSPRO transaction that is part of the Electronic Signatures system. |
All Log Only (Configuration level) or Log only (Transaction level) |
If selected at either Configuration or Transaction level, this access control allows operators to process the transaction, but an audit log is generated for the transaction (i.e. This is the same control as Allowed, except an audit log is generated). |
All Excluded (Configuration level) or Excluded from definition (Transaction level) |
If selected at either Configuration or Transaction level, the transaction is ignored. At configuration level this Access Control is an advanced option and should only be used with sophisticated conditional logic. The purpose of this option at configuration level is to cascade the access level up to the next level defined (i.e if the transaction is excluded for an operator, then the access level defined against the group applies. If this is set to excluded from definition, then the access level defined against the company applies). This option has no cascading effect when using role-based eSignature definitions, as there are no higher-up levels. You would typically select this option at Configuration level if you wanted to configure only a few transactions for Electronic Signatures (i.e. if selected at configuration level then the access control to all transactions listed in the transactions listview pane is set to Excluded. You can then select the option: Define by Transaction to configure the transactions you want to secure individually). If you select this option but do not configure any transactions individually, then this is equivalent to selecting the option: All Allowed for the selected configuration level. |
Define by Transaction (Configuration level) |
Select this at Configuration level to configure each SYSPRO transaction that is part of the Electronic Signatures system individually. If you select this option, then you can select the Configure option from the Transactions listview pane to define additional configuration options for each transaction. In addition, you can deselect individual transactions in the Transactions listview, thereby setting that transaction to Denied for the highlighted configuration level. |
Transactions can be configured with different security levels for all operators, by Operator or by Group. In addition, each transaction can be configured with multiple conditions.
Therefore it is crucial to understand the security level hierarchy in both single and multiple Operator/Group/Company configurations:
If a transaction is configured for a single operator/group/company, with multiple conditions, and all of these conditions are true, then the following hierarchy is used to determine which condition applies:
Denied takes precedence followed by:
Therefore, if the condition is true and the security level is set to Denied, then this will override any other conditions for the transaction.
See also: Transaction Security Level Hierarchy in the Hints and Tips section.
The following illustrates the hierarchy used for processing multiple conditions in a Single Operator/Group/Company configuration:
If "condition 1" is set to Denied:
Then the security level for the transaction is set to Denied, regardless of what access control is set for "condition 2".
If "condition 1" is set to eSignature:
Then the security level for the transaction is set to eSignature.
Exception: If the access control for "condition 2" is defined as Denied, then "condition 2" would take precedence.
If "condition 1" is set to Log only:
Then the security level for the transaction is set to Log only.
Exception: If the access control for "condition 2" is defined as Denied or eSignature, then those access levels would take precedence.
If "condition 1" is set to Allowed:
Then the security level for the transaction is set to that of "condition 2".
Exception: If the access control for "condition 2" is defined as Excluded from definition, then "condition 1" would take precedence.
If "condition 1" is set to Excluded from definition:
Then the security level for the transaction is set to that of "condition 2".
For each group, for the current transaction, it must be determined which security level applies. If there are multiple conditions, then this security level is determined as described above.
Where an operator belongs to multiple groups, the following security hierarchy is used to determine which group's configuration applies:
eSignature takes precedence followed by:
Therefore, if the operator belongs to any group where eSignature is configured for the current transaction, then this overrides any other conditions configured for another group for the same transaction.
The following illustrates the hierarchy used for processing multiple groups:
If "group 1" is set to Denied:
Then the security level for the transaction is set to that of "group 2".
Exception: If "group 2" has the access level defined as Excluded from definition, then "group 1" would take precedence.
If "group 1" is set to eSignature:
Then the security level for the transaction is set to eSignature, regardless of what access control is set for "group 2".
If "group 1" is set to Log only:
Then the security level for the transaction is set to Log only.
Exception: If "group 2" has the access level defined as eSignature, then "group 2" would take precedence.
If "group 1" is set to Allowed:
Then the security level for the transaction is set to Allowed.
Exception: If "group 2" has the access level defined as eSignature or Log only, then "group 2" would take precedence.
If "group 1" is set to Excluded from definition:
Then the security level for the transaction is set to that of "group 2".
Securing of transactions by authenticating the operator performing the transaction.
Implementation of access control at transaction level rather than only at program level.
Control over who in your company is allowed to process various transactions.
Centralized management for ease of administration.
Configurable at role, operator, system, company or group level.
Elimination of paper document storage as records can be displayed on screen, in reports, electronically, or exported PDF format.
Electronic Signatures can be configured to activate triggers for integration to third-party systems or notification via email (e.g. after adding a customer).
These triggers furthermore enable the timely identification of abnormal events or transactions which may potentially indicate fraudulent activity.
Conditional logic can also be set so that an Electronic Signature Trigger is only fired when additional conditions are met.
See Electronic Signatures - Trigger Setup for more information.
Configure and activate triggers to notify management when significant events occur, or to prevent operators from executing various transaction types, such as negative receipts.
Configure multiple actions to be executed automatically when an Electronic Signature transaction is successfully completed.
Configure VBScripts that can be invoked when a trigger is fired (This caters for almost unlimited triggering capability, since virtually any type of application can be invoked using VBScript).
Invoke SYSPRO Reporting Services (SRS) reports when a trigger is fired.
The Electronic Signatures system can be configured to maintain a detailed transaction log for auditing purposes (which can be retained indefinitely).
The eSignature Query program provides an audit log of information relating to transactions controlled by Electronic Signatures.
The eSignature Report program is used to generate a report of audit log information relating to transactions requiring Electronic Signatures.
The eSignature Purge program is used to remove audit log entries held on file, based on the age of the entries, in order to reduce the number of entries in the log file/table. This is due to the fact that the file/table can consume excessive disk space after you have used the Electronic Signatures system for some time.
This purge system can be controlled using the Global Configuration options within the Electronic Signatures Setup program. Within these options purging can be enabled or disabled, and the run time selection can be maintained.
Generate an audit trail of completed transactions, indicating who performed a transaction and when it occurred.
Audit trail is secure from modification or deletion
Archiving ability for record keeping
Computer-generated time-stamp to record the date and time of operator entry, including creation, modification, or deletion of records
Field | Description |
---|---|
Options | |
Global Configuration |
Select this to define the global configuration options for the Electronic Signatures system. |
Configuration | These options are not available if you selected to apply Electronic Signatures on a system-wide level. |
New | Select this to add a new configuration level. |
Delete | Select this to remove the highlighted configuration level. |
Copy Operators |
Select this to copy the highlighted operator configuration to another operator. When you select this option, the Copy Operators screen is displayed and indicates the code of the operator from which you are copying the configuration. From the list view of all operators, you use the tick box to select/deselect the operator for inclusion/exclusion in the copy process. Select the Only show operators for group option to display operators for a specific group only. See also: Copying of configurations in the Hints and tips section. |
Copy From Another Configuration |
You use the Copy From Another Configuration option to copy the setup of another configuration to the selected level in the Configuration Level listview. This is particularly useful when changing existing eSignature configuration levels from operators to Groups or Roles, or from Groups to Roles. See also: Copying of configurations in the Hints and tips section and Setup considerations in the Notes and warnings section. |
Transactions |
The access control option you select here applies to the currently highlighted Configuration Level. If you selected to apply Electronic Signatures at a system-wide level, then the options you select here will apply to all operators in all companies. See Access Control Levels for explanations of each option. |
New | Select this icon to add a new configuration level. |
Delete | Select this icon to remove the highlighted configuration level. |
Copy From | Select this to copy the highlighted configuration level to another configuration level(s). |
Field | Description |
---|---|
Electronic signatures required | Select this to enable the Electronic Signatures system. |
Secure by default |
Select this to define the access control of all new eSignature transactions added to the system, as Denied by default. This means that you will have to manually change the access control for any new transactions that are added to the SYSPRO application after you have made this selection. However if the SYSPRO application has a new eSignature against a transaction that was previously not part of the eSignature system, then the transaction will default to Allowed. This is to prevent the situation of transactions which were working prior to an upgrade, being Denied by eSignatures when you download the latest SYSPRO software. If you do not select this option, then any new eSignature transactions added to the system are automatically set to Allowed by default. |
Configuration level | |
System-wide |
Select this to apply Electronic Signatures on a system-wide basis. If you select this option, then the access control option you select from the Transactions menu will apply to all operators and groups across the system (i.e. in all companies). In addition, any advanced settings specified will apply to all operators and groups across the system. |
Company, group, operator or role |
Select this to apply Electronic Signatures at company, operator group, operator role and/or operator level. See also: Restrictions and limits in the Notes and warnings section regarding roles. |
Specify company for operator/group/role |
Select this to specify the specific company in which the Electronic Signature settings for groups, roles and operators applies. You typically select this option if you have operators who have access to more than one company and you want to define their access to transactions differently in each company. If you do not select this option, then the Electronic Signature settings you define for operators, roles and groups apply to those operators, roles and groups in all companies. This option is only enabled if you selected the Configuration level: Company, group or operator. See also: Restrictions and limits and Configuration considerations in the Notes and warnings section. |
Authentication by | The Electronic Signatures system can be configured to require a password to be entered before certain transactions can be processed. This section enables you to indicate which password must be used for the authentication process. |
Operator password |
Select this to use the operator password as the authentication password for transactions. If you select this option, then you must ensure that a password is configured for the operator (Operator Maintenance - Password tab). |
Alternate operator password | Select this to use the Alternate operator
password ( -> -> ) as the authentication password for
transactions. If you select this option, then you must ensure that an alternate password is configured for the operator. See also: Alternate operator password in the Hints and tips section. |
Purge options | |
Allow purge | Select this to be able to access and use the eSignature Purge program to remove audit log
entries. Do not select this option if you want to retain audit log entries indefinitely. |
Allow run time selection |
Select this to be able to define the option: Delete log records older than at the time of running the eSignature Purge program. This option enables you to indicate the number of months or years according to which entries must be removed. |
Purge log records older than | Indicate the number of months or years for which
you want to retain audit log entries created by the eSignature Query program. If you select the option: Allow run time selection, then you can change the entry you make here at the time of running the eSignature Purge program. |
The following information is included in the Configuration Level listview pane:
Column | Description |
---|---|
Type | This column indicates the configuration level (i.e. company, group, role or operator). |
Company | This indicates the company applicable to the configuration level. |
Item | This indicates either an operator, an operator role or an operator group. |
Name | This column displays the description for the company, group, role or operator. |
The Transactions listview pane displays the default SYSPRO transactions that can be secured using eSignatures.
Column | Description |
---|---|
Transaction description | This displays the module and transaction description. |
Access control |
This displays the current access control level defined for the transaction for the selected configuration level. You can also choose a different access control for the transaction from the drop down menu in this column. An entry of Conditional in the Access control column indicates that the transaction is subject to more than one condition. |
Configure |
Select this to configure additional conditions for the transaction. You can only select this if you selected the option: Define by Transaction from the Transactions menu. (Alternatively, use your right mouse button to select the Advanced Configuration option) |
Module | This indicates the module in which the transaction applies. |
You use the New option from the Configuration menu to add configuration levels.
Field | Description |
---|---|
Configure by |
Select the type of configuration level you want to use. Options available are Operator, Group or Company. |
Company | Enter the company code for which you want to add a configuration level. |
Operator | Enter the operator for whom you want to add a configuration level. |
Group | Enter the operator group code for which you want to add a configuration level. |
You use the hyperlink option inside the Configure column of the Transactions listview pane to define additional configuration options for each transaction, however you can only define additional configuration options for a transaction if you selected the Define by Transaction access control at Configuration level.
When you select the Configure option for a transaction, a listview displays the conditions already defined for the transaction. The additional configuration options you define will apply to the transaction condition highlighted in this listview.
Optionally, from this listview you can right click on a transaction condition to select either New Condition (See New Condition) or Delete (Deletes the condition highlighted in the listview).
The options on the Transaction Details tab enable you to define the access control level and effective period for a specific transaction.
Field | Description |
---|---|
Description | This displays the description assigned to the condition for the transaction. |
Define |
Select this to maintain the condition for the currently highlighted transaction. This function is only displayed when you highlight a user defined transaction in the listview. |
Access control level |
The access control level you select at this option applies only to the currently selected transaction condition. See Access Control Levels for explanations of each option. |
Effective period | Indicate the period(s) for which the access control level for the current transaction applies. |
Always | Select this if the access control level for the transaction is always applicable. |
Date range |
Select this to apply the access control level for the current transaction for a specified date range. Enter the first and last date in a range of dates for which the access control level applies to the selected transaction. |
New Condition |
Select this to define a new condition for the transaction. See New Condition for further information. |
You use this tab to configure the logging and trigger options for the transaction.
These are only enabled if the access control level on the Transaction Details tab is set to Log only or to eSignature.
Field | Description |
---|---|
Audit | Where applicable, a default log is created for
transactions (see eSignature Query). If you selected the option: Define by Transaction from the Transactions menu, then you can define additional variables to include in the audit log for both default and user defined transactions. |
Detail log required | Select this if you want a detailed log to be generated for the currently selected transaction. |
Configure Details | Indicate the details you want to include in the
transaction log for the current transaction. These details are displayed when you select the Show Detail function in the eSignature Query program. See Configure Detail Log for further information. |
Triggers | |
Transaction successful | Select this to define a trigger against the transaction. |
Setup Trigger | Select this to use the Electronic Signatures - Trigger Setup program to define trigger options. |
You use the New Condition function to define new conditions for the transaction. Multiple conditions can be defined for a single transaction, up to a maximum of 50 user-defined conditions.
Refer to Transaction Security Level Hierarchy for details on access level precedences for conditions.
Field | Description |
---|---|
Condition |
Select the type of condition you want to configure:
|
Description | Enter a description for the condition. |
Name | Assign a name to the condition. |
Define Condition |
Select this to define additional conditions against the transaction condition. This function is only enabled for User defined conditions. |
When configuring a User defined condition, you use the Define Condition function from the New Condition screen to specify the conditions that must apply.
You can combine simple conditions using and/or logic. A simple condition comprises the comparison of two fields which should both be the same type (i.e. Alphanumeric, numeric or date). These fields are compared algebraically, alphabetically or chronologically, depending on their type.
When the Electronic Signatures system evaluates a condition, the following rules are applied:
See also: Field considerations in the Notes and warnings section.
The following information is included in this Transaction listview window:
Field | Description |
---|---|
Save and Exit | Save the condition configuration details and return to the previous screen. |
Insert Row | Select this to add a new condition row to the list of conditions. The new condition row is added above the currently highlighted condition row. You cannot insert a condition row above the first condition row. |
Remove Selected Row | Select this to remove the currently highlighted condition row from the condition. |
Remove All Rows |
Select this to delete all condition rows from the condition. This has the same effect as deleting the entire condition for the transaction. |
Condition Configuration | |
And/Or |
For the beginning of the first condition, this defaults to If and cannot not be changed. Select And to combine conditions using AND logic. When applying AND logic, the combined condition is true if both simple conditions are true. Select Or to combine conditions using OR logic. When applying OR logic, the combined condition is true if either of the simple conditions are true. |
Open bracket | Use brackets to group multiple conditions. Brackets determine how multiple conditions are evaluated. |
Field or Variable |
Select a field from a table/file or a system or key variable to use in the condition. See also: Field or Variable options. |
Condition | Enter a valid condition that must be used to
compare the fields. If the fields are numeric, then they are compared algebraically. If the fields are alphanumeric, then they are compared alphabetically. If the fields are dates, then they are compared chronologically. The following options can be selected:
|
Field, Variable, String or Constant |
Select a field from a table/file or a system variable, or enter a string, number, time or date to use in the condition. Only variables whose values are available prior to the transaction being completed are displayed. The reason is that if you had a condition such as: if %OrderValue > 10000 then deny transaction, the order value can only be established once the order is complete. The transaction can therefore not be denied before the order is complete so the condition cannot be applied. Similarly for add or post type transactions, you cannot use a field from the item being added (e.g. when adding a customer you cannot specify that a field against the customer has a value, as the customer has not yet been added). You can however use one or more of the supplied user variables. See also: Field considerations in the Notes and warnings section. |
Close bracket | Use brackets to group multiple conditions. Brackets determine how multiple conditions are evaluated. |
Variables are case sensitive (for example, you must use %Key as %key will not work). However when you tab off the field, the system looks up the field/variable name in a case insensitive way and will replace it with the item of the correct case (e.g. if you type %key and tab from the field, the value %Key will be inserted).
Fields include:
Primary table columns - e.g. InvMaster.Description (available for all transactions)
Custom form table columns - e.g. InvMaster+.Status (available for all transactions)
This only applies when using SYSPRO in an SQL environment.
Depending on the primary table associated with the transaction (and only when the transaction is maintaining or deleting an item) you can provide fields or custom form fields related to the primary table.
Variables include:
In addition to being able to select fields from a primary table, some transactions also provide the ability to select fields from additional linked tables and their custom forms, however this is only available where a custom form type has been defined for the variable column.
System variables
Field/Variable | Description |
---|---|
%Key |
This variable is the key of the main file/table used by the transaction. The key can comprise of more than one item of information (i.e. be a composite key). In other cases, the key comprises of only one item of information (e.g. the customer code or stock code). |
%xxx | Transaction variables start with % and can be used to reference transaction values passed to the eSignatures system. |
$ | System variables start with $ and allow you to access system-wide information not related to the specific transaction being processed. |
$ConditionDescrip | This system variable is the description defined against the condition. |
$OperatorGroup | This system variable is the primary group defined against the operator (Operator Maintenance - Operator Details). |
$OperatorCurGroup | This system variable is the operator group involved in the current transaction. This could be either the primary group or a subgroup to which the operator belongs. |
$CompanyDate | This system variable indicates the system date. |
$Date | This system variable indicates the operator's computer date. |
This screen is displayed when you use the Configure Details function from the Logging and Trigger Options tab.
You use this screen to select additional variables you want to log for the selected transaction. This is in addition to the default log that is created (You can view the audit log details for a transaction by selecting the Show Detail option in the eSignature Query program).
It is important to note that by adding a large number of variables to the detail log, you will significantly increase the size of the detail audit log table. Therefore you should consider only including variables that are necessary.
Field | Description |
---|---|
Available Variables | |
Variable |
This column lists system variables and fields from the main file/table used in the transaction. See also: Field or Variable options. |
Description | Indicates the description assigned to the variable. |
Variable type |
Indicates whether the variable is a transaction type variable or a system variable. All transaction variables begin with a '%' sign. All system type variables begin with a '$' sign. |
Select All | Select this to include all variables in the detailed log. |
Deselect All | Select this to exclude all variables from the detailed log. |
Depending on your current Electronic Signatures settings, the following messages could be displayed when you access the Electronic Signatures program from the Role Management program:
This message is displayed if you have not selected the option: Electronic signatures required (Global Configuration).
Selection | Result |
---|---|
Enable eSignatures | The eSignatures system is enabled for you, and the default eSignature settings are applied to the role you are currently maintaining in the Role Management program. |
Close | The eSignatures system is not enabled and you remain in the Role Management program. |
This message is displayed if the eSignatures system is currently defined as System-wide (Global Configuration).
Changing eSignatures to be configured by Role means that your current system-wide configuration is deleted. |
Selection | Result |
---|---|
Copy system-wide |
Your current system-wide settings are applied to the role you are currently maintaining in the Role Management program. This enables you to start configuring eSignatures by Role using the existing system-wide eSignature settings. If you select this option, then your current system-wide settings are copied to the Role and are thus retained against the role, even though the system-wide configuration itself is deleted. |
New Configuration |
The Role is added to eSignatures with the default eSignature settings. If you select this option, then your current system-wide configuration is deleted and you will have to configure the Role from scratch. |
Close | The Role is not added to eSignatures, your system-wide settings are retained and you remain in the Role Management program. |
You cannot add a new Role directly into the Electronic Signatures program, you need to access the system from the Role Management program.
The following restrictions apply to the Electronic Signatures program, when it is accessed from within the Role Management program:
When defining conditions inside the Transaction screen:
If you enter a string, number, time or date in the column Field, Variable, String or Constant, you must use the following formats:
String - can be entered as is, or surrounded with single or double quotation marks.
If the system is unable to clearly identify the entered value as a string, then you can surround it with single or double quotation marks (e.g. A100 and 'A100' and "A100" are all equivalent).
Numbers - must be entered without quotation marks. Numbers can be positive or negative.
Dates - must be entered in the format: CCYYMMDD.
Times - must be entered in the format "HH:MM" (i.e. with double quotation marks).
Some transaction variables are only available after the transaction is completed.
This is often the case in processing programs, where variable values are calculated during the processing of the transaction. %OrderValue is one of these types of variables.
You can look in the IMPTRN.XML file and check the 'before' attribute. If this is set to No then the variable is not available prior to the transaction having been completed.
When defining a condition for an add type transaction (e.g. AP Supplier added), you will not have access to the Primarytable.columns in the configuration, as this information does not exist yet.
The access levels you define against an individual operator take precedence over the access levels you defined at company level.
Each transaction condition can have a different access control level.
Each operator group can be assigned a different access level. Refer to Transaction Security Level Hierarchy for details on resolving access levels when an operator belongs to multiple groups.
If you select the access level eSignature or All Secured by eSignature, then a password must be defined against each operator who has access to the transaction. This will either be an operator password (Operator Maintenance - Password tab) or an alternate password ( -> -> ), depending on your selection at the Authentication by option on the Global Configurations screen.
Where transactions are configured against a specific operator, the access level defined against the operator applies (except if this access level is set to 'Excluded from definition'), regardless of the configuration against any groups to which the operator belongs.
If the access method for a transaction configured against an operator is set ‘Excluded from definition', then the access level defined against the operator's group(s) applies.
If the access level against the group(s) is also set to 'Excluded from definition, then the access level defined against the company applies.
If you select to configure Electronic Signatures on a system-wide basis, you will be unable to add configuration levels.
Settings at operator level take precedence and where an operator belongs to multiple groups, the group permissions are resolved appropriately (refer to Transaction Security Level Hierarchy).
If you select the option: Specify company for operator/group on the Global Configuration screen:
When you add a configuration level for a group or an operator, you must specify the company for that operator or group. The transaction settings you define will then apply to the operator or group in the specified company only. Once you have added the company/group or company/operator combination, the company code is displayed together with the group or operator in the Transactions listview.
You cannot copy eSignature configurations from one operator to another.
If you did not select the option: Specify company for operator/group on the Global Configurations screen, then the Company field is disabled. The transaction settings you define will then apply to the operator or group in all companies. Once you have added the group or operator, no company code is displayed for the group or operator in the Transactions listview.
The Copy Operators function is useful if more than one operator requires the same eSignature configuration. You need only define the configuration for one operator and then use this option to copy that configuration to the other operators.
This option is not available if you selected the option: Specify company for operator/group/role (Options > Global Configuration).
An example of how the Copy From Another Configuration function is useful:
Assume you previously configured eSignatures at Operator level and you now want to configure eSignatures for Roles (see Role Management), and the eSignature configuration for one of the operators you want to assign to a role typifies the configuration you require for the role.
You can copy the Operator configuration to the new Role and once copied, you can change the Role configuration if required. This saves you having to entirely re-configure eSignatures for the new Role.
Similarly, you could copy an existing Group configuration to a Role.
Once you have assigned the operator(s) to Roles, you can delete the individual operator configurations from eSignatures.
An example of the hierarchy used for access control in a Single Operator/Group/Company configuration:
You used the Advanced Configuration option to define the following against a transaction:
Name | Access control level | Condition |
---|---|---|
Condition 1 | Log only | Whenever stock on hand changed |
Condition 2 | Allowed | Stock on hand < Safety level |
Condition 3 | Denied | Stock on < 0 |
If all the above conditions are true, then the security level ‘Denied’ would apply.
If the first and second conditions were true, then ‘Log only‘ would apply.
A typical use of an alternate password would be if you require certain transactions to be approved by a supervisor. You define the transaction access level as eSignatures and select this option. Ensure that only the supervisor has access to the alternate password. When the operator processes the transaction, the supervisor must enter the correct alternate password, before the operator can continue.
Defining the Global Configuration for Electronic Signatures
You would typically follow this procedure to configure Electronic Signatures at system-wide, company, operator or group level which can apply across all companies or to specific companies.
Open the Electronic Signatures program.
From the Options menu select Global Configuration.
Enable the Electronic signatures required option.
At the Configuration level section, indicate the level at which you want to configure Electronic Signatures.
If you change your existing configuration level from system-wide, a warning message is displayed indicating that your current configuration will be lost.
If you want to configure Electronic Signatures separately for different companies, enable the Specify company for operator/group/role option. Otherwise the configurations selected for each group will apply to those groups in all companies. The system will prompt you to add a new configuration level specific to each company.
At the Authentication by field, select the type of password you want operators to use for Electronic Signatures.
At the Purge options section, optionally indicate whether you want to be able to purge log records.
Adding a new configuration level
You would typically follow this procedure to add a new configuration level to the Electronic Signatures system.
Open the Electronic Signatures program.
From the Configuration menu, select the New option.
At the Configure by field, select your required configuration level and then enter the company, group or operator details for which you want to configure Electronic Signatures.
Copying an Electronic Signatures configuration
You would typically follow this procedure to copy the configuration of Electronic Signatures from one operator to another.
Open the Electronic Signatures program.
Highlight the configuration level that you want to copy and from the Configuration menu, select the Copy Operators option.
Within the Copy Security screen, indicate the operator(s) to whom you want to copy the configuration and then select Copy to copy the current configuration to these operator(s).
You can optionally select the Only show operators for group option to enter the operator group for which you want to display the operators in this listview.
This is useful if you have defined the configuration for a single operator in a group and now want to copy this configuration to the other operators in the same group.
Defining access control at configuration level
Ensure that the Global Configuration has been defined.
You would typically follow this procedure to define the access control levels of Electronic Signatures at configuration level.
Open the Electronic Signatures program.
In the Configuration Level pane, highlight the level for which you want to define the access control level.
From the Transactions drop-down menu, select the access control method you want to apply to transactions.
If you select All Secured by eSignature, then you must define a password against the operators at the configuration level.
If you select All Allowed, then no transactions are subject to the Electronic Signatures system for this configuration level (i.e. SYSPRO will operate as though you have not selected to use the Electronic Signatures system for the configuration level).
If you select All Denied, then the operators at this configuration level are unable to process any transaction that is currently defined in the Electronic Signatures system.
If you select All Log Only, then the operators at this configuration level have access to all transactions, however the Electronic Signatures system generates an audit log of transactions.
If you select All Excluded, then the operators at this configuration level have access to all transactions.
If you select Define by Transaction, the default access control level for all transactions is set to: Allowed and you then configure each transaction separately for the configuration level.
Adding a user-defined condition
You would typically follow this procedure to configure additional user defined conditions for a specific transaction in the Electronic Signatures system.
For example you can define a condition against the WIP Job Creation transaction to deny an operator from creating jobs for customers who have exceeded their credit limit.
From the Electronic Signatures program, select the configuration level for which you want to define conditions against a transaction.
Select Define by Transaction from the Transactions menu and then confirm the message box that appears which advises that this option allows the configuration of each transaction separately.
Highlight the transaction for which you want to define a condition and select the Configure hyperlink.
Alternatively, right-click the transaction and select Advanced Configuration.
Select the New Condition function.
At the Condition field, select User defined and enter a meaningful description in the Description field.
You can optionally enter a specific condition code at the Name field.
Select the Define Condition function, add the conditions you require and then save your changes.
From the Transaction Details tab, select the access control level you require for this new condition and apply your changes.
Optionally define an effective period for the condition.
Defining access control at transaction level
Ensure that the Global Configuration has been defined.
Ensure that the access control for the configuration level has been defined as Define by Transaction.
You would typically follow this procedure to define the access control of a specific Electronic Signatures transaction.
Transactions can be configured with different access control methods for all operators, by operator or by group. Additionally, each transaction can be configured with multiple conditions.
Open the Electronic Signatures program.
From the Configuration Level pane, select the level for which you want to define access control at transaction level.
Highlight the transaction for which you want to define the access control and select the Configure function.
Configure the access control level for the highlighted transaction condition in the Transaction Details tab and apply to save your changes.
Configuring a detailed transaction log for auditing purposes
You would typically follow this procedure to generate a more detailed log per transaction, apart from the audit log which is generated by default when you set a transaction's access control to eSignatures or Log only.
From the Electronic Signatures program, select the configuration level for which you want to define a detailed audit log.
Select Define by Transaction from the Transactions menu and then confirm the message box that appears which advises that this option allows the configuration of each transaction separately.
Highlight the transaction for which you want to generate a detailed audit log and select the Configure hyperlink.
Alternatively, right-click the transaction and select Advanced Configuration.
Select the condition for which you want to apply the detailed audit log and then select Detailed log required from the Logging and Trigger Options tab.
Select the Configure Details function and indicate the variables you want to include in the detailed log for the transaction.
Configuring a new Electronic Signatures trigger
Ensure that your access control level for the applicable configuration level is set to Define by Transaction.
Ensure that your access control level for the applicable transaction is set to eSignature or Log only.
You would typically follow this procedure to configure a trigger against an Electronic Signature transaction, whereby an operator is informed of changes made to a program.
From the Electronic Signatures program, select the configuration level for which you want to configure a trigger against a transaction.
Highlight the transaction for which you want to configure a trigger and select the Configure hyperlink.
Alternatively, right-click the transaction and select Advanced Configuration.
Select the condition for which you want to configure a trigger, enable the Transaction successful option from the Logging and Trigger Options tab, and then select the Setup Trigger function.
From the Maintain Trigger pane, select the trigger Type and then edit the Description if required.
If you select Email, Run a VBScript, Write to message inbox, or Run an SRS Report, select the Edit function at the Contents field to indicate the details applicable.
If you select Run any NetExpress program, indicate the Program applicable.
If you select Run any application, indicate the Command line and Start in applicable.