Employee Security

The Employee Security function enables you to grant or restrict the GlobalWare functions each employee can use. You can assign security when creating or modifying an employee ID, or you can access this function from GlobalWare's System submenu. This topic explains access and use from the System submenu. To access this function from the Edit Employee screen, see Edit Employee Screen.

Note: To assign and access data on the Employee Security screen, your own employee account profile must have Empl Security and System Menu High selected on the Employee Security screen.

An employee's account ID can be the same as their front-room code if it does not duplicate another account ID. For example, employee account ID "AL" cannot be used because the account ID already exists for Alamo. In this situation, use a different code, such as a combination of first and last name. The employee account ID is linked to the front-room code by the Sign Infield on the Employee Security screen.

The Password field on the Employee Security screen determines whether an employee can sign in to GlobalWare. The employee cannot sign in to GlobalWare without a password.

To create a NO Access Employee account, leave the sign in and password fields blank.

Ensure that each employee has selected a security question and provided a security answer on the Employee Security screen. GlobalWare requires employees to provide the correct answer to a security question when resetting passwords.

Accessing the Employee Security Screen

On the System submenu, click Employee Security.

Note: To access the Employee Security function, your own employee account profile must have High permission selected under System Menu and Empl Security selected under Accounts Access on the Employee Security screen.

The Employee Security screen appears.

The above security level (permission) settings give an employee access to the entire GlobalWare system. This level of security should be granted only to GlobalWare Password Administrators and DBAs. Give other employees limited access as appropriate. Several of the permissions grant access to multiple functions.

Permission option descriptions

The following table provides descriptions of permission options on the Employee Security screen.

Permission Grouping	Permission	Description (if Permission Is Selected)
Invoicing
Invoice	View Only	Can only view and print invoices, run reports from invoice queries, and export invoices. Cannot access credit card reconciliation (CCR) functions on the Corporate submenu.
	Add/Edit	Can perform all invoicing tasks, except deleting. Can access CCR functions on the Corporate submenu.
	Delete	Can delete invoices, but cannot void; view and print, but not add or edit; run reports from invoice queries; export invoices. Cannot access CCR functions on the Corporate submenu. Note: To grant permission to perform all invoicing tasks and access CCR functions, select both Add/Edit and Delete.
Invoice Reports	View Only	Can access and run the following reports: Duplicate Invoices Segment Analysis Missing Invoices Missing Tickets Invoice Status Market Share by Airline Invoice Change Log Ticket Date Analysis Can access all functions on the Corporate submenu. Can access the GWPlus – Create Export Files function on the GL submenu.
	Add/Edit	Can access and run the reports above; can void, but cannot delete, in the Duplicate Invoices function.
	Delete	Can access and run the reports above; can void and delete in the Duplicate Invoices function.
Access	Interface	Can access all functions and run reports on the Interface submenu. If not selected, cannot access any function or report on the Interface submenu, except the Import Invoices function.
	Sales Analysis	Can access and run the Sales Analysis report.
IAR/BSP Settle
	None	Cannot access the following ARC/BSP submenu functions: ARC/BSP/Dir Settlement Report IAR Discrepancy Report
	View Only	Can access the ARC/BSP/Dir Settlement Report function to only view and print data. Editing is not allowed. Can access the IAR Discrepancy Report function to import IAR BOS data, view transaction detail in the BOS file, run the IAR Discrepancy Report, and purge IAR BOS data. However, cannot close the ARC period.
	Full Access	Can access and fully use all ARC/BSP submenu functions.
Accounts
Account ID	None	Cannot access the following Accounts submenu functions and reports: Account ID Property Import Contact Report
	View Only	Can access the Account ID function to view all customer, provider, and vendor account ID information. Can view main information for employee account IDs. Can tag, print, mail merge, print labels, and export all account ID types. Can change your own password. Can access and run the Contact Report. Cannot access the Property Import function.
	Full Access	Can access and fully use all Accounts submenu functions and reports. Can access and fully use all Account ID functions, except employee security and memos other than under the employee's own password.
Access	Adjust Accts	Can access the Adjust Accounts function on the Accounts submenu and the Finance Charges/Discounts function on the Corporate submenu.
	Empl Security	Can view and edit employee security settings and memos. High permission must also be selected under System Menu on the Employee Security screen.
	Mask CC#	Cannot view credit card numbers. Numbers are masked. For details, see Masking Credit Cards below this table. If selected, cannot access the following functions and reports: For ARC/BSP submenu – Batch Print RENs For Corporate submenu CCR Edit Accounts CCR Import, Reconcile and Report CCR Maintenance CCR Reload Data Corp. Con. Edit CC Account Corp. Con. Edit Parameters Corp. Con. Export/Print Files
	Mask SSN#	Cannot view social security numbers. Numbers are masked.
	Mask Tax ID	Cannot view tax identification numbers. Numbers are masked.
Groups
Group/Pax	View Only	Can view and print in the Group Maintenance and Passenger Maintenance functions. Adding, editing, deleting, and purging are not allowed.
	Add/Edit	Can perform all tasks in the Group Maintenance and Passenger Maintenance functions, except purging and deleting.
	Delete	Can purge groups and delete passengers; can view and print, but not add or edit. Note: To grant permission to perform all group and passenger maintenance tasks, select both Add/Edit and Delete.
Access	Group Rpts	Can access and run all reports on the Groups submenu.
	Group Adjust	Can access the Group Adjust function.
A/P and A/R Rpts
	A/P and A/R Rpts	Can access and run the following reports: For Accounts submenu – Account Activity Report, Applied History Report, and Preferred Provider Report For A/R submenu – Accounts Receivable Reports For A/P submenu – Expense Payables Report and Travel Payables Reports For Commission submenu – Provider Commission Statements For Corporate submenu – Credit Limit Report and Customer Statements
A/R	Bank Deposit	Can create bank deposits, enter cash receipts, and print deposit slips. Cannot post receipts by using the Bank Deposit function, or use the Get Cash Receipts or Get Agency Plastic functions, unless Post Deposit is also selected.
	Post Deposit	Can post cash receipts by using the Post Deposit function. If the employee has permission to use the Bank Deposit function, can post cash receipts from Bank Deposit and use the Get Cash Receipts and Get Agency Plastic functions. Can access the Cash Receipt Query function.
	Void Deposit	Can access the Void Cash Receipt function.
	See Cash Balance	Can access the See Cash Balance function.
	Bank Reconciliation	Can access the Bank Reconciliation function.
	Import Agency Plastic Pmt	Can access the Import Agency Plastic Payments and Edit Payment Options functions.
A/P	Checks	Can access and fully use the Batch Checks, Write Individual Checks, Check Queue Maintenance, and Void/Delete Checks functions, except printing. (Can queue checks to print later and record manual checks, but cannot print them immediately.)
	Print Checks	If the employee has permission for Checks, can print immediately in the Batch Checks and Write Individual Checks functions, and can print checks in the Check Queue Maintenance function.
	Reprint Checks	Can reprint checks in the Check Queue Maintenance function.
	Expense Payables	Can access the Expense Payables function.
Branches
	Access All Customer Acct IDs	When selected, the employee has access to all customers in Account ID and in Account ID lookups. When not selected, both Account ID and Account ID lookups are limited by the branches to which the user has access. To specify which branches the user can access, select the Branches link at the top right of the Employee screen. Report to ID lookup and Ticket Location lookup are also limited with reference to branches to which the user has access.
Commission
Comm Tracking	View Only	Can only view and print in the Commission Tracking function; cannot access the Commission Profile Edit function; can access and run the CC Commission Receivables report; can access and fully use the Commission Reconciliation and Commission Maintain Providers functions.
	Add/Edit	Can perform all commission tracking tasks, except deleting; cannot access and run the CC Commission Receivables report; can access and fully use the Commission Reconciliation and Commission Maintain Providers functions.
	Delete	Can delete invoices in the Commission Tracking function; can view and print, but not edit; cannot access the Commission Profile Edit function and the CC Commission Receivables report; can access and fully use all Commission Reconciliation and Commission Maintain Providers functions. Note: To grant permission to perform all commission tracking tasks, and access the Commission Profile Edit function and CC Commission Receivables report, select all three options: View Only, Add/Edit, and Delete.
Agt Comm Rpts	None	Cannot access the following Commission submenu functions and reports: Edit Agent Commission File Agent Commission Report Consultant Production Report
	View Only	Can access and run the following Commission submenu reports: Agent Commission Report Consultant Production Report Cannot access the Edit Agent Commission File function.
	Full Access	Can access and fully use all Commission submenu functions and reports.
Corporate Rpts
	None	Cannot access the following Corporate submenu functions and reports: Corp. Review Transactions Edit Savings Codes Corp. Cost per Nautical Mile Corp. Client History Report Corp. Sales Analysis Corporate Reports
	View Only	Can access the Corp. Review Transactions function to only view data. Editing is not allowed. Can access the following Corporate submenu reports: Corp. Cost per Nautical Mile Corp. Sales Analysis Corporate Reports Cannot access the following Corporate submenu functions and reports: Edit Savings Codes Corp. Client History Report
	Full Access	Can access and fully use all Corporate submenu functions and reports.
GL
Journal Entries	None	Cannot access the following GL submenu functions: Budget Import GL Edit & Query GL Import Journal Entries Standard GL Entries
	View Only	Can access the GL Edit & Query function to only view and print data. Editing is not allowed. Cannot access the following GL submenu functions: Budget Import GL Import Journal Entries Standard GL Entries
	Full Access	Can access and fully use all GL submenu functions.
Access	GL Reports	Can access and run all GL submenu reports.
	Chart of Accts	Can access the Chart of Accounts function.
	GL Proof	Can access the GL Proof of Balances function.
	Post Invoices	Can access the Post Invoices to GL (accrual) or Post Gross Sales (cash-basis) function.
	Chg Date/Ctrl	Can access the Change Posting Date and Move GL Control Number functions.
	Man/Aut Rec	Can access the Automatic Reconciliation and Manual Reconciliation functions.
System
System Menu	High	Can access all functions on the Interface, Tools, and System submenus.
	Low	Cannot access the following System submenu functions: Branch & STP Locations (unless View Only under Branch and STP is also selected) Closed Months (unless Closed Months under Access is also selected) Edit Deposit Codes Employee Security Managed Tasks Processing Table (unless View Only under Table Processing is also selected) Purge Data System Control Travel/Customer/Revenue Types (unless View Only under Trvl/Cust/Rev Types is also selected) Year End Close Print Database Structure Also, cannot access the Import Invoices function on the Tools submenu.
	None	Cannot access: All System submenu functions Import Invoices function on the Interface submenu Backup, Batch Maintenance, and Batch Printing functions on the Tools submenu
Access	Closed Months	Can access the Closed Months function.
	PCI Security	Can access the PCI Security function. Note: By default, this option is selected when System Menu is set to High or Low.
Branch and STP	View Only	Can access the Branch & STP Locations function. If not selected, Branch & STP Locations is not available on the System submenu.
Table Processing	View Only	Can access the Processing Table function. If not selected, Processing Table is not available on the System submenu.
Trvl/Cust/Rev Types	View Only	Can access the Travel/Customer/Revenue Types function. If not selected, Travel/Customer/Revenue Types is not available on the System submenu.

Masking Credit Card Numbers

If keeping credit card numbers secure in the GlobalWare database is important to your agency, you can configure each employee account so that employees cannot see credit card numbers by selecting Mask CC# under Accounts Access on the Employee Security screen. Specifically:

For customer account IDs, ****** will be displayed rather than the actual credit card number, and the field will be unavailable for editing.
For invoices, ****** will be displayed rather than the actual credit card number, and the field will be unavailable for editing.
- The credit card column will not appear on in the Search Results grid of the Invoice Edit & Query screen.
- The Print Credit Card Number option will not be active on the Invoice Print dialog box.
- Credit card numbers will always be masked for exported invoice data.
For Corporate Reports, Customer Statements, Invoice Change Log, and the reports in Invoice Query and Duplicate Invoices, ****** will be displayed or printed rather than the actual credit card number.
Access to Credit Card Reconciliation, Corporate Consolidation, and Batch Print RENs will not be allowed.

The actual credit card number will be sent to back-office account systems if the credit card is masked in the PNR. The card number is masked only on the display and not in the host. The MIR is not affected by these changes.

Apollo resources:

For USA: HELP ENHANCE-MASK CREDIT CARD
For Canada: HELP CREDIT S*GEM/MASK CREDIT CARD

Note: The credit card number can be masked after it is interfaced into GlobalWare by means of the interface setup. For other accounting systems, check the interface parameters and setup.

You should also restrict the number of digits from agency plastic and group plastic credit card numbers that are posted to check number and comment fields in the general ledger and subledgers. For more information, see System Control.

Super Admin

Only one Super Admin is allowed per GlobalWare system. An employee with Super Admin rights can provision branch access for all users, including themselves. All other admins of local branches only have rights to provision the branches to which they have access.

The Super Admin checkbox is only available if no other Super Admin is associated with the hierarchy AND if the employee has System High and Empl Security checked.

Branch Security

Admins can specify which branch data an employee can see. Admins can only assign a branch to other employees if the admin has access to that branch.

When an employee's access is limited to specific branches, whenever that employee selects All for a branch or ticketing location on any screen, their view is restricted to only those branches to which they have access. Additionally, queries and reports are also restricted to data in branches to which the employee has access (for example, queries and reports in the Invoice menu and Accounts menu).

When a user with access to limited branches runs a report and chooses All in the selected branch field, the report header displays All* for the selected branch, which indicates that the report contains data for only those branches to which the employee has access.

From the Employee Security screen, select the Branches link.
Available branches display in the left panel. To give the employee access to a branch, select the branch in the left panel and click the right arrow to move the branch into the Branches to Access panel. To provide access to all branches in the list, select the double arrow ().
Select Save.

Access to branches must be setup per employee when adding them. Reports for the employee are dependent on the security settings and branches to which the employee has access.