User Security Concepts

Inheritance

In addition to their own, assigned rights, users can also inherit rights from other people. If you have many people who should have the same or similar access rights, it's a common practice to define one user who has the basic rights, then allow other users to inherit rights from that "template" user. Use templates to create user roles by making and naming a security user with the appropriate privileges.

Notes about inheritance:

1. Rights are cumulative: a user has all of the rights of the user he inherits from plus his own rights. You can't subtract rights that have been inherited.
2. A user inherits rights directly, never indirectly. For example, if Mary inherits rights from George, and George inherits his from Jane, Mary has her rights plus those of George, not those from Jane.
3. Users can only inherit rights from "enabled" users.

External security

Security restrictions in VSys tells VSys not to perform certain operations. Information in your database is not necessarily encrypted or protected from other applications. If your data is stored in SQL Server, for example, users with access to SQL Server Enterprise Manager can access the tables directly, completely bypassing VSys security.

Security indicators

When you're logged into VSys, at the top of the screen you'll see a note saying "You are logged in as xxx". If you're a superuser, you'll see a secret agent icon up there as well:

If you're logged in as a superuser, you probably should not walk away from your machine when another user may get physical access to your machine. He cannot elevate his own access rights by using your machine to access the Security Manager, because VSys will require you to re-authenticate before launching any of the security-related tools. But he would still have access to many functions and his actions would be logged under your name.