Related topics

Field Level Security

Product Group Filters

Group security

A security group is a collection of one or more users with the same access rights. Each security group has a name (assigned when you create the group). Later, the system administrator assigns users (other than the system administrator) to the group. The system administrator assigns access rights to the group (not to each individual user). The group a user belongs to determines their access rights. (The system administrator automatically has access to all functions.)

Security levels

The system administrator can set up security for a group to enable or restrict access at the following levels:

  • Employer
  • Product
  • Activity
  • Task
  • Step
  • Field

The employers include all the employers set up in your enterprise.

Access rights to products depend on the products installed on your Sage HRMS system. The System is treated as a separate product to help organize tasks.

Note: You must first select N/A for the employer before you can select System as a product.

The activities you can assign access rights to include: Action, Analysis, Detail, Process, Report, and Rule. There is a different set of tasks for each activity and a different set of steps for each task.

You can also set view and update rights for groups of specific fields in an employee’s record, such as address and phone, salary, or EEO information.

Setting the Ad Hoc Reporting Security Level enables you to establish an access level for Crystal Reports and Secure Query. This access level determines which fields in the Sage HRMS system databases the security group’s users are able to access when they use Crystal Reports or Secure Query. See Ad Hoc Reporting Security.

Note: When Sage HRMS is updated to include new features, the MASTER user ID is automatically updated and always has access to all features. You must update any existing security groups if you want to provide them access to the new features. This provides a safeguard so you can decide who can access the new features.

Creating and managing security groups

  1. Select Setup > System > Security > Group Security.

  2. The Security Groups page contains a table with the existing security groups.

    To add a new group, click Add.

  3. For New Group Name, enter the name of the group you are adding (no more than 20 alphanumeric), click OK, and click Yes to verify you are adding the security group.

  4. On the Security Group page for the new group, the Group Level Security tab initially has no entries in any of the columns because the new group has no access rights. Specify the access rights for the employer level:

    1. Click Modify at the bottom of the Employer column.

    2. In the Employer Selection window, the Allow Access column for each employer is initially set to No. Double-click the employer to change the access to Yes.

      Note: If you want to enable access to System (in the Product column), change the access for the N/A row to Yes.

    3. Click OK to save your selections. The system rebuilds the information on the Security Group page.

  5. On the Security Group page, specify the access rights of each employer for the product level:

    1. Highlight the employer (in the Employer column).
    2. Click Modify at the bottom of the Product column.

    3. In the Product Selection window, the Allow Access column for each product is initially set to Yes. If you want to disable access, double-click the product to change the access to No.

      Note: If you have both U.S. Payroll and Canadian Payroll installed and want to restrict access for this group to only one, set the Allow Access to Yes for the one you want the group to access AND set the Allow Access to No for the other.

    4. Click OK to save your selections and return to the Security Group page.
    5. Repeat these steps for each employer.

  6. On the Security Group page, specify the access rights of each product for the activity level:

    1. In the Product column, highlight the product for which you are setting security. All activities for that product appear in the Activity column and the associated tasks and steps appear in the remaining columns.
    2. Click Modify at the bottom of the Activity column.
    3. In the Activity Selection window, the Allow Access column for each activity is initially set to Yes. If you want to disable access, double-click the activity to change the access to No.
    4. Click OK to save your selections and return to the Security Group page.
    5. Repeat these steps for each product.

  7. On the Security Group page, specify the access rights of each activity for the task level:

    1. In the Activity column, highlight the activity for which you are setting security. All tasks for that activity appear in the Task column and the associated steps appear in the remaining column.
    2. Click Modify at the bottom of the Task column.

    3. In the Task Selection window, the Allow Access column for each task is initially set to Yes. If you want to disable access, double-click the task to change the access to No.

      Note: If a user has a task assigned on their Scheduler, the security system does not allow you to restrict that user’s access to that task. Therefore, because the user is a member of a security group, the security system does not allow you to restrict that group’s access to that task.

      Caution! If you allow a security group to access Group Security Task (with N/A for the Employer, System for Product, and Rule for Activity), users in that group can change their own security access rights. They can let their security group (and any other security group) access all features, which is the same as no security at all. We recommend limiting the access rights of all security groups to only the Change Password Task (for the Rule Activity). The MASTER user ID automatically has access to all Sage HRMS system features.

    4. Click OK to save your selections and return to the Security Group page.
    5. Repeat these steps for each activity.

  8. On the Security Group page, specify the access rights for the step level for each task:

    1. In the Task column, highlight the task for which you are setting security. All steps for that task appear in the Step column.
    2. Click Modify at the bottom of the Step column.

    3. In the Step Selection window, the Allow Access column for most steps is initially set to Yes. If you want to disable access, double-click the step to change the access to No.

      If you selected Detail in the Activity column, double-click the step to change its access to Update, View, or None.

    4. Click OK to save your selections and return to the Security Group page.
    5. Repeat these steps for each task.
  9. Click OK to save the settings for this group and return to the Security Groups page.
  10. When you are finished, click black X icon (the close page icon).
  1. Select Setup > System > Security > Group Security.
  2. On the Security Groups page, highlight the group you want to edit, and then click More.
  3. On the Security Group page, click Modify at the bottom of the column whose security you want to change.
  4. Make the changes to the security for that level, and then click OK to return to the Security Group page.
  5. When you are finished making changes to that group, click OK to return to the Security Groups page.
  6. When you are finished, click black X icon (the close page icon).
  1. Select Setup > System > Security > Group Security.
  2. On the Security Groups page, highlight the group you want to delete, and then click Delete.
  3. Confirm the deletion.

  4. If there are no users assigned to the group, the system deletes the group.

    If there are users in the group, the system alerts you and asks you to confirm the deletion again. If you select Yes, (in most cases) the group and any users within the group are deleted.

    If a user within the group has tasks scheduled on their Organizer, the system alerts you and does not allow you to delete the group.

    1. Click OK to display the user’s task schedule.
    2. Review the list of tasks. To print the tasks for easy reference, click Print.
    3. If you still want to delete the group, remove the scheduled tasks from the user’s Organizer, delete the user, or assign the user to another security group.
    4. Click the Close button to return to the Security Groups page. Then, repeat the procedure to delete the group.
  5. When you are finished, click black X icon (the close page icon).