M3 BE Security Model Overview

This document describes the security system available in M3 Business Engine. These limitations apply:

  • Access to database objects outside of M3 Business Engine. An end user retrieves access to the database when starting M3 Business Engine.
  • Communication security such as port allocation schema and firewalls.

Description

  • Company and division security

    The security system in M3 Business Engine consists of many different components. The most central one is the M3 BE user definition, which is managed in the program 'User. Open' (MNS150). With this definition as the basis, more detailed information is maintained to define the companies and divisions to which a specific user is authorized, and to specify the authorization the user has to specific functions within a specific company and division. M3 Business Engine Security is independent of any underlying security mechanisms of the operating system. In addition, the definitions can be made using different grouping levels to ease maintenance.

  • Function security

    Security on the function level is ensured by making an association between a function and a user and specifying whether or not the combination is allowed. Maintaining function-level security can be simplified by using function groups and user groups. This security is also applicable for programs (programs are not started from the menu; they are only started through functions).

    M3 BE uses authorization by roles to manage security on a functional level. The program used for this is 'Function. Connect Authorization by Role' (SES400).

  • Data authority

    Authorization to data is managed by object access groups, which will qualify users to monitor and maintain different objects in M3 Business Engine, such as sales price lists, statistic reports, orders, and facilities. These objects can be connected to an object access group, and different users can be connected to user groups. For each user group, you can specify a number of object access groups. Therefore, if an object is connected to an access group, access is only granted to users that belong to a user group connected to that access group.

  • Field audit trail manager

    The field audit trail manager is used to display changes that are made in each field. The field audit shows information about the changes made, the user who made the changes, the programs used, and the date and time the changes were made. The field audit trail in M3 Business Engine is important to use when a field contains vital information such as bank account numbers.