Performing System Startup

After installing Sage 100, you are ready to set up companies, security, and system preferences. One company must be created in Sage 100 before anyone can access the system.

During the installation, a program group is added to the Windows Start > All Programs menu. Click the Sage 100 Desktop icon in this program group to start the software.

Starting the Software

When first starting Sage 100, you are prompted to enter the Administrator password that you entered during the installation.

After entering your Administrator password, the Administrative Tools screen appears.

Logging on as Administrator does not give you full access to the software. Only certain Library Master tasks are available. To access the software, you must set up a user logon (other than the Administrator logon) and password in User Maintenance. For more information, see Setting Up Security.

Performing Administrative Tasks

You can perform the following tasks from the Administrative Tools screen:

Creating and Activating Companies

You must create and activate the companies for which data will be processed. Many systems are set up with multiple companies to keep financial records for individual companies separate, and to separate real company data from test company data. Each company is identified using a three-character company code. Within the modules, you can set up data files for each company.

If you are creating companies that contain similar information, you can create companies from an existing company by copying information from the source company. For more information, see Copying a Company.

Note: You must define at least one company code before activating any modules.

To create and activate a company

  1. Use any of the following methods to open the Company Maintenance window:
    • On the Administrative Tools screen, click Company Maintenance.

    • In Sage 100 select Library Master > Main > Company Maintenance.

      Note: You must create at least one role and user before you can sign into Sage 100 and access the Library Master menu.

  2. In the Company Maintenance window, enter a company code and company name.
  3. Enter the information for your company.
  4. Click Activate to activate one or more modules. When you are asked to save the new company, click Yes.
  5. In the Activate Module window, select the module(s) to activate and click Proceed. This process creates data files for each selected module for the company.

  6. The Company Maintenance window appears again after the activation process is complete. Verify that the modules you selected appear in the Activated Modules section of the window.

    The demo data company codes are automatically created with activated if they were selected during the installation process.

 

Copying a Company

You can create a new company from an existing company. You can copy information, including company data and company forms, from the source company.

To copy a company

  1. Use any of the following methods to open the Company Maintenance window:
    • On the Administrative Tools screen, click Company Maintenance.

    • In Sage 100 select Library Master > Main > Company Maintenance.

      Note: You must create at least one role and user before you can sign into Sage 100 and access the Library Master menu.

  2. In the Company Maintenance window, enter a company code and company name.
  3. Click Copy.
  4. In the Copy Data window, in the Source Company field, enter the company you are copying from.

  5. To copy data and/or forms, select the corresponding check boxes.

    Note: For Sage 100 Premium, only data can be copied.

  6. Click Proceed.

Upgrading and Converting Data

If you are upgrading data from a previous installation, refer to the Customer Upgrade Guide for upgrading instructions. The guide is available on the Sage 100 Documents page.

Setting Up Security

Sage 100 offers flexible security that can be used to provide appropriate access to the system and to meet your company's specific requirements. The security system can be either simple or elaborate, protecting various combinations of companies, modules, menus, tasks, and security permissions by creating multiple roles, and assigning these roles to users. Roles are assigned to users so that users are restricted to only the tasks that pertain to the roles they are assigned to. If the user attempts to access a secured area, access is denied.

Setting Up Roles and Users for Security

To implement effective security, you must define roles for your system, and then create user codes and assign users to specific roles.

Roles should be set up to reflect the functional roles of your organization. You should define roles with access to certain modules, tasks, and security options that allow users to perform tasks related to their jobs. Roles are company independent, though you can assign roles to users who are restricted from entering certain companies.

A Default role is included in Sage 100. Users assigned to the Default role have access to all modules and certain security options. The Default role cannot be modified in Role Maintenance.

If you purchased Sage 100 through a subscription plan, there are additional

When establishing your system's security, use the concept of roles to identify the specific tasks and options you want users to be able to access. Users can be assigned to multiple roles so design your roles to be as granular as you like. Role permissions are cumulative, which means if a user is assigned to two roles where one role gives the user access to a program while another role does not, the user will be granted access to this program.

You must determine the requirements for your security system. In most cases, it is better to start with a simple arrangement. As more sophistication is needed, this flexible system can be easily refined.

Defining Roles

Roles are set up to reflect the functional roles within an organization. These roles are global to the software and are company independent. Permissions assigned to roles allow assigned users access to the areas of the software they need to perform their job functions.

For modules other than Material Requirements Planning and Work Order, security can be further refined by assigning Create, Modify, Remove, or View permissions to maintenance tasks, or by setting Update or Print Only permissions to update tasks. For setup tasks, permissions can be set to Modify or View. Additionally, some security options, such as allowing batches to be merged can be allowed or restricted.

Defining roles is considered the first step in enabling security for your system. Before you define roles in your system, determine the functional roles needed for your organization.

After you have created a role, you can create a copy of it for use as a starting point when creating additional roles.

Notes:  

  • To access Role Maintenance, you must be logged on as Administrator, or have a role assigned to you that allows access to Role Maintenance.
  • Library Master tasks are not company-specific.

To define roles if you purchased Sage 100 through a subscription plan

  1. Use one of the following methods to open the Role Maintenance window:
    • In the Administrative Tools screen, click Role Maintenance.
    • Select Library Master > Security > Role Maintenance.

  2. Enter a role name and description.

  3. In the Type field, select a role type.
  4. To copy role settings from a template or another role:
    1. Click Copy.
    2. Select either a template or an existing role.
    3. Select one or more check boxes to specify which settings to copy.
    4. Click OK.
    5. Continue with the next step to modify the role as needed.

    Note: To view a detailed list of permissions available for each role template, print the Role Report and select Role Template Details in the Type of Report to Print field.

  5. On the Tasks tab, select the check boxes for the modules and tasks to which users should have access. To allow access to all modules and tasks, select the Sage 100 check box.

    To refine the level of security for each task, click the + icon to expand the list of related permissions. When you select the task check box, the permissions are selected by default, but you can clear them for more granular access control.

  6. On the Security Options tab, select the check boxes next to the security options that you want to enable for the role. Select the Sage 100 check box to select all security options.

    If you group the list by Security Option, the module grouping is removed. Then you can select a check box for a security option that's applicable to multiple modules to enable it for all modules.

  7. On the SData Security tab, select check boxes to assign SData security permissions and allow access to individual data tables. Select the Sage 100 check box to select all SData security permissions.

    Note: This tab is available only if the Enable Native SData Provider and Access within Role Maintenance check box is selected in System Configuration.

    Within each data table, you can further allow or restrict the following levels of security for the role.

    Business Table HTTP Verbs used in SData Developer

    Create

    Post

    Read

    Get

    Update

    Put

    Delete

    Delete

  8. On the ODBC Security tab, select the Sage 100 check box to select all ODBC security permissions or select the individual check boxes to assign ODBC security permissions and allow access to individual data tables and fields.

    Note: This tab is available only if the Enable ODBC Security within Role Maintenance check box is selected in System Configuration. Also this tab is not available for Sage 100 Premium.

  9. Click Accept.

The role can now be assigned to users in User Maintenance.

To copy settings from an existing role or template to a new role (available only with subscription)

  1. Use one of the following methods to open the Role Maintenance window:
    • In the Administrative Tools screen, click Role Maintenance.
    • Select Library Master > Security > Role Maintenance.

  2. Enter a role name.

  3. Click Copy.
  4. In the Copy From window, select either a template or an existing role to copy from.
  5. Select the check boxes for the settings that you want to copy.
  6. Click OK.
  7. In Role Maintenance, make any needed changes to the role, and then click Accept.

  8. The role can now be assigned to users in User Maintenance.

To define roles if you did not purchase Sage 100 through a subscription plan

  1. Use one of the following methods to open the Role Maintenance window:
    • In the Administrative Tools screen, click Role Maintenance.
    • Select Library Master > Main > Role Maintenance.
  2. Enter a role name and description.

  3. On the Tasks tab, select the check boxes for the modules and tasks to which users should have access. To allow access to all modules and tasks, select the Sage 100 check box.

    To refine the level of security for each task, click the + icon to expand the list of related permissions. When you select the task check box, the permissions are selected by default, but you can clear them for more granular access control.

  4. On the Security Events tab, select the check boxes next to the security events that you want to enable for the role. Select the Sage 100 check box to select all security events.
  5. On the Module Options tab, all check boxes are selected by default. Clear the check boxes next to the module options that you do not want to enable for the role.

  6. On the SData Security tab, select check boxes to assign SData security permissions and allow access to individual data tables. Select the Sage 100 check box to select all SData security permissions.

    Note: This tab is available only if the Enable Native SData Provider and Access within Role Maintenance check box is selected in System Configuration.

    Within each data table, you can further allow or restrict the following levels of security for the role.

    Business Table HTTP Verbs used in SData Developer

    Create

    Post

    Read

    Get

    Update

    Put

    Delete

    Delete

  7. On the ODBC Security tab, select the Sage 100 check box to select all ODBC security permissions or select the individual check boxes to assign ODBC security permissions and allow access to individual data tables and fields.

    Note: This tab is available only if the Enable ODBC Security within Role Maintenance check box is selected in System Configuration. Also this tab is not available for Sage 100 Premium.

  8. Click Accept.

The role is defined and can now be assigned to users in User Maintenance.

After defining all roles for the system, you can create users, and then assign these roles to users.

Creating Users and Assigning Roles

Defining a user includes setting up a logon and password, assigning access to specific companies, and assigning a role or multiple roles to the user.

A user account can be defined with an expiration date to lock the user out of the system after a certain amount of time. You can also define start and end dates for any role assigned to the user. This feature allows a user access to certain areas of the system and security events for the limited period of time.

If you have multiple roles assigned to a user, the role with the most access takes precedence.

Note: You can access User Maintenance only if you are logged on as Administrator, or if you have a role assigned to you that allows access to User Maintenance.

To create users and assign them to roles in User Maintenance

  1. Use one of the following methods to open the User Maintenance window:
    • In the Administrative Tools screen, click User Maintenance.
    • If you purchased Sage 100 through a subscription plan, select Library Master > Security > User Maintenance.
    • If you did not purchase Sage 100 through a subscription plan, select Library Master > Main > User Maintenance.
  2. Enter a user logon.

  3. Enter the user's name and user code.

    Note: The user code is referenced in the software, but it is not used as the user's logon.

  4. Complete the remaining fields in the heading section.

  5. On the Maintenance tab, select the one or more companies and a corresponding role. Enter start and expiration dates if applicable.

    Note: If you purchased Sage 100 through a subscription plan, you can also assign users to roles through Role Maintenance. See the following section for more information.

  6. On the Preferences tab, select user-specific preferences, such as the default zoom level when previewing reports.

  7. If the Enable Auto-Complete check box is selected in System Configuration, you can configure this feature on a per-user basis on the Auto-Complete tab.

  8. Click Accept.

The user can now log in to Sage 100 using the account.

To assign existing users to roles in Role Maintenance (subscription plan only)

  1. Select Library Master > Security > Role Maintenance.
  2. Select a role.
  3. Click Assign.
  4. In the Assign Users to Role window, select one or more companies. You can either:
    • Enter a company code in the Company field.
    • Click the Lookup button to select a company or select ALL to enable this role in all companies.
    • Click the Select Company button, and then select companies.

    You'll be able to change the company for individual users.

  5. Enter a start date and expiration date if applicable. You'll be able to change these dates for individual users.
  6. In the Available Users list, double click users or use the Add button to add them to the Assign to Role list.
  7. To change the company or dates for a specific user:
    1. select that user in the Assign to Role list.
    2. Click the Edit Company button.
    3. In the Company Access window, select the Include or Exclude check boxes to each company as needed.
    4. Enter start and expiration dates if applicable.
    5. Click OK to return to the Assign Users to Role window.
  8. Click Proceed.

The users are assigned to the roles.

Copying a User

You can create a new user from an existing user. You can copy information including roles and preferences.

To copy a user

  1. Use one of the following methods to open the User Maintenance window:
    • In the Administrative Tools screen, click User Maintenance.
    • If you purchased Sage 100 through a subscription plan, select Library Master > Security > User Maintenance.
    • If you did not purchase Sage 100 through a subscription plan, select Library Master > Main > User Maintenance.
  2. In the User Maintenance window, enter a new user logon.
  3. Click Copy.
  4. In the Copy User window, at the Copy From field, enter the user you are copying from.
  5. Select whether you are copying all user information including roles and preferences, and then click Proceed.

Setting Additional User Preferences for Security

User preferences are preferences that apply to each user. You can set up additional security measures for individual users such as setting a workstation to automatically log off, and manually locking certain users out of the system.

Setting a Workstation to Automatically Log Off

For security purposes, a workstation can automatically log off if it is left unattended for a specified period of time. This feature ensures that workstations are not accidently left with the software running, allowing unauthorized users access to sensitive information.

The Automatic Logoff feature is not activated if the Sage 100 Desktop is the active window on your workstation. In addition, the Sage 100 Desktop does not automatically shut down any activity in process, such as an update or report, that is currently processing, or if the Sage 100 Desktop is idle within an option's window, such as a data entry or inquiry window.

Important! When a user is working in Sage CRM through the Sage 100 Desktop, the system does not recognize the Sage CRM activity for the purpose of determining whether to automatically log off the user. Therefore, if this check box is selected, and users are working exclusively in Sage CRM accessed through the Desktop, they may be logged out of Sage 100 without warning. The Desktop will close, and any unsaved changes in Sage CRM would be lost.

To automatically log off a workstation

  1. Use one of the following methods to open the User Maintenance window:
    • In the Administrative Tools screen, click User Maintenance.
    • If you purchased Sage 100 through a subscription plan, select Library Master > Security > User Maintenance.
    • If you did not purchase Sage 100 through a subscription plan, select Library Master > Main > User Maintenance.
  2. In the User Logon field select a user.
  3. On the Preferences tab and select the Automatic Logoff check box.
  4. In the Automatic Logoff Delay in Minutes field, type the number of minutes that the system is to remain active before automatically logging off this workstation. The maximum amount of time that can be specified is 999 minutes.
  5. Click Accept. After you save a user record, the dollar signs ($) in the Confirm Password field are no longer visible.

Locking Users Out

Another security feature is the option to lock users out of the system. This procedure illustrates how to manually lock users out of the system. Users can also be locked out of the system if a number of incorrect logon attempts occur, or if the expiration date for all users' roles has expired. This can be done using the System Configuration task.

To lock users out of the system

  1. Use one of the following methods to open the User Maintenance window:
    • In the Administrative Tools screen, click User Maintenance.
    • If you purchased Sage 100 through a subscription plan, select Library Master > Security > User Maintenance.
    • If you did not purchase Sage 100 through a subscription plan, select Library Master > Main > User Maintenance.
  2. In the User Logon field select a user.
  3. Select the User Account Locked check box and then click Accept.

Setting System Preferences

The software is equipped with a number of features that can effectively keep unauthorized users from accessing programs and files. In addition to basic security features, additional measures can be taken to further secure your data. These additional measures include, requiring a password, enabling intruder detection, and specifying lockout duration.

Requiring a Password

To further protect your system, you can require all users to have a password. First decide if you will set up your users with a unified logon, or a Sage 100 logon.

  • A unified logon allows Sage 100 to authenticate and use the Windows logon. If you implement a unified logon, users do not need to reenter a logon and password when accessing Sage 100.
  • A Sage 100 logon is independent of the Windows logon, and will be required to enter the software. When you set up a Sage 100 logon, which locks a user out of the system when a certain number of logon attempts fail. This prevents unauthorized users from trying numerous passwords while attempting to access your system.

To use unified logon

  1. Use one of the following methods to open the System Configuration window:
    • In the Administrative Tools screen, click System Configuration.
    • Select Library Master > Main > System Configuration.
  2. In the System Configuration window, select the Use Unified Logon check box to enable a unified logon for each user.
  3. Click Accept.

To require a Sage 100 password

  1. Use one of the following methods to open the System Configuration window:
    • In the Administrative Tools screen, click System Configuration.
    • Select Library Master > Main > System Configuration.
  2. In the System Configuration window, select the Require all Users to Enter a Password check box.
  3. To require passwords that meet the following criteria, select the Require all User Passwords to be System Defined Strong Passwords check box.
    • At least eight characters in length
    • Includes both letters and numbers
    • Does not include repeating characters
  4. To include a minimum length on passwords, select the User Defined Passwords must be of a Minimum Length check box, and then enter the minimum number of characters required.
  5. To require all users to change their password after a number of days, select the Force Password Change After a Set Number of Days check box, and then type a number of days.
  6. To enable intruder detection, select the Lock Out User After a Set Number of Invalid Logon Attempts check box, and then type the number of attempts you will allow before a user is locked out of the system.

  7. To specify an optional lockout duration, select the Unlock User After a Set Number of Minutes Elapse from the Last Invalid Logon check box, and type the amount of time you want the lockout to be in effect. After the amount of time has passed, the user can attempt to access the system.

    Note: If you do not specify a lockout duration, a user locked out by intruder detection can attempt to log back onto the system only if the User Account Locked check box is cleared in the User Maintenance window.

  8. Click Accept.

If users were initially set up without passwords, the next time they log into Sage 100, they will be asked to create a new password.

Setting Accounting Date Preferences

The software maintains personal preferences for each workstation. One of these preferences is to prompt for the accounting date the first time a user accesses a module for that day, or you can automatically default the accounting date based on the system date.

Setting a Prompt for the Accounting Date

If a prompt for the accounting date is not set in Company Maintenance, the module defaults to the accounting date it was last set at on that workstation, unless the Auto Set Accounting Date from System Date check box is selected.

To set a prompt for the accounting date

  1. Select Library Master > Main > Company Maintenance.
  2. On the Preferences tab, select the Prompt for Accounting Date check box. The default date is the system date.
  3. Click Accept.

Setting the Accounting Date from the System Date

The accounting date for all modules can be set from the workstation's system date for convenience and to ensure that users do not accidentally use an old accounting date.

To set the accounting date from the system date

  1. Select Library Master > Main > Company Maintenance.
  2. On the Preferences tab, select the Auto Set Accounting Date from System Date check box.
  3. Click Accept.

Restricting the Accounting Date to Current and One Future Period

When performing certain data entry and register printing functions, the accounting date is used as the default date. When the posting date used for updates does not fall within the current or one future period for the module, the summarized totals for the current or future period will not match the transaction detail reports.

To prevent this problem, you can restrict the accounting date to the current and one future period for the Accounts Payable, Accounts Receivable, Inventory Management, Job Cost, Purchase Order, and Sales Order modules.

To restrict the accounting date

  1. Select Library Master > Main > Company Maintenance.
  2. On the Preferences tab, select the Restrict Accounting Date to Current and One Future Period check box.
  3. Click Accept.

Changing Your Administrator Password

Changing your administrator password on a frequent basis is a good idea to protect your system from unauthorized users.

To change your administrator password

  1. In the Administrative Tools screen, click Administrator Password.
  2. In the Administrator Security Password window, enter a new password and then confirm the password.
  3. Click OK.

Setting Up Security for Sage CRM

This section describes basic security concepts for Sage CRM, including how to log on after installing, passwords, and the types of security that can be set up. For more information about Sage CRM security, refer to your Sage CRM System Administrator Guide.

Logging On as the Administrator

After installing Sage CRM, you can log on as the system administrator with a user name of admin and no password. You should also change the password to prevent unauthorized administrative access.

User Authentication / Password Setup

A user requires a user name logon ID to access the system. You can also set the minimum length and strength of passwords. A user's password is encrypted both within the system and in the database for maximum security. The System Administrator can change, but not view, a user's existing password.

A password can also be set to expire within a specified number of days. When the password is changed, the expiration date is adjusted accordingly.

Security Profiles and Territories

The system administrator can manage security access rights across the organization by setting up security profiles and territories. A profile is a way of grouping users together when defining access rights (for example, View, Update, Insert, and Delete).

In addition to basic access rights profiles, you can further divide users rights by territory. For example, you may want users in the West Coast territory to view all Opportunities within the East Coast territory, but not to be able to update them.

Field Security

The system administrator can set up field security for the entire Sage CRM system, for individuals, teams, and for security profiles.

For example, it is possible to make a field invisible to some users, allow others to view the contents of the field but not to change it, and allow others to both view and change it. In addition, it is possible to require a field entry before the user can submit the form. For more information on field security, refer to the Sage CRM System Administrator Guide.

Company Team Restrictions

Rights to view the following tabs can be restricted to individual users depending on company team membership. If a user has not been assigned to work on an account on the Company Team tab, that user cannot view or update information in the following tabs:

  • Quick Look
  • Dashboard
  • Marketing (if available)
  • Notes
  • Communications
  • Opportunities
  • Cases
  • Company Team
  • Documents

The tabs are displayed with “no entry” symbols. If the user selects one of the restricted tabs, a message is displayed informing the user that this information is available only to members of the appropriate team.

If the user searches for a related entity, such as an Opportunity, and they are not on the Company Team of the associated company, when they click the hyperlink of the entity in the list, a security message dialog box is displayed.

Restricting Updates

The Delete and Edit buttons are available on the Company summary page only if the user is on the Company team.

In addition, rights to update the following tabs can be restricted for individual users depending on Company Team membership. This means that if you have not been assigned to work on an account using the Company Team tab, you can view, but not update any of the following information related to that account:

  • Quick Look
  • Notes
  • Communications
  • Leads
  • Opportunities
  • Cases
  • Documents

Server Security

There are many ways to secure the system from unauthorized access:

  • Use NT Challenge/Response to allow access to clients with a valid domain login.
  • Use SSL Encryption to secure your data sessions with client users.
  • Use a firewall to restrict unauthorized access from outside of your network and allow only authorized users through.

You can use all three or a combination of the above methods to secure connections to the system.

Database Security

Users do not have direct access to the SQL database for the Sage CRM server. The eWare DLL accesses the database by using a predefined logon. When a user requests data, the eWare DLL connects to the database using Microsoft Data Access Components (MDAC) and retrieves the required data.

For more security the eWare DLL can be configured to access SQL using a login with limited access, or access with the appropriate rights to add, change and delete data from every table in the database.

For information on changing the SQL logon password, refer to your Sage CRM System Administrator Guide.

Firewalls

To allow users to access the system remotely, the best way to protect your network from the Internet is to install a firewall. This will ensure that only authorized traffic accesses your Sage CRM database and protects your server from unauthorized users. You can configure rules to allow only certain traffic through. By doing this you can ensure that your server is protected from Internet attacks. You can also install a firewall in all of your remote sites and set up Virtual Private Networks (VPNs) to increase the security of data being sent. Mobile users can be set up as mobile firewall users so they can access the VPN to transmit and receive data securely.

SSL (Secure Sockets Layer)

Without using a firewall, IIS can use different methods to secure transmitted and received data. One of these methods is by using an SSL server certificate. This ensures that data that has been transmitted and received between the server and the user is encrypted. There are two versions of SSL encryption: 40-bit and 128-bit. It is currently possible to crack the 40-bit encryption, but not 128-bit. SSL cannot protect your server from unauthorized access, only encrypt sessions between the server and a user.

An SSL certificate can be imported into IIS to create a secure connection between Sage CRM and its users. When a client logs onto Sage CRM, the SSL certificate is downloaded and the data sent to and from the client is encrypted. Using this method, anybody can log on and download the SSL certificate. To be more secure, IIS can be configured to only allow clients with a SSL certificate installed on their machine and deny anybody without the appropriate certificate. IIS can also use Windows NT Challenge/Response, which requests a user to log on using a valid user name and password for that domain before allowing them access to data.

Application Security

All users must be assigned a valid user name and password by the system administrator. Each user can be assigned different levels of access security depending on their job role (for example, IT, Accounts). To increase security, all users should be advised to use an alphanumeric password of no fewer than six characters. When IIS uses SSL encryption, Sage CRM is aware of this and when the client attaches any documents to a form in Sage CRM, it sends it through the encrypted session.