Using NEOSYS Generally: Difference between revisions

From NEOSYS User Support Wiki
Jump to navigationJump to search
No edit summary
mNo edit summary
 
(105 intermediate revisions by 10 users not shown)
Line 1: Line 1:
== Restricing user access to files ==
== Getting started with NEOSYS ==
#Reset your browser to factory settings to ensure all 3rd party toolbars/pop-up blockers are removed and browser cache is cleared. See [[Reset Browser]] for instructions.
#Reopen the browser and ensure that the pop-up blocker is disabled. See [[Disabling Popup Blocker]] for instructions.
#Enter the NEOSYS URL.
#Add this URL to your favourites.
#You should now see the Login page. If you are a new user or have forgotten your password click on [[How to reset the password?]] for instructions on how to get your password
#Enter your Username, Password, select the database and click on login. See http://youtu.be/dS62_eSCm-A to learn how to login to NEOSYS.
#You should now see the user details page.
 
== Using the NEOSYS testing and training database ==
 
Standard NEOSYS practice is to setup a "testing and training" database for each operationally live database. This testing and training database is very useful to try out procedures in NEOSYS without having any real live or permanent effect. The testing and training database is virtually a copy of the live data because every night the live database is cloned over (copied) to the test database. This database is generally available to everybody who has access to the live database unless specifically restricted.
 
*To access the test database, first log out of the live database if you are logged in, then chose the test database from the dropdown on the login screen before logging in.
*Since the test database is a copy of the live database as at last night (around 1am) it contains up to date info for you to play with any time you like.
*Any work you do in the test database has no effect whatever in your live database.
*There is no way to copy any work done in the test database to the live database
*Since any testing work done in the test database will be OVERWRITTEN during the night, if you wish to perform extended testing which extends overnight, you can ask NEOSYS support to suspend the nightly copy.
*Passwords in the test database are a COPY of whatever was in the live database at the time it was copied (usually last night). Resetting the password in LIVE or TEST does not affect the other database.
*Documents and reports generated from the test database have a mark (in red) in the heading to indicate that they did not come from the live system. This helps to reduce confusion in case people lose track of which system they are working in.
 
<BR>'''Screen logging in to test database:'''
 
[[File:Logintest.jpg]]
 
 
<BR>'''Document showing red warning in heading:'''
 
[[File:Docredwiki.jpg]]
 
== Restricting user access to files ==
=== Restricting user’s access to certain records of a file depending on company/division ===
=== Restricting user’s access to certain records of a file depending on company/division ===


Line 43: Line 73:


Due to limitations in the size of the authorisation file, this should be limited to no more than a few 10’s of records in total for all files.
Due to limitations in the size of the authorisation file, this should be limited to no more than a few 10’s of records in total for all files.
== Using NEOSYS online ==
=== Slow speed initially ===
The first time you use NEOSYS it takes time to get to the login screen because software code has to be downloaded in to the workstations browser cache. Getting to the login screen subsequently will be much faster.
After you login, there is also a delay the very first time that you bring a form (any form) on screen. The workstation has to download the general form handling software that handles all forms.
There is also a delay the very first time you use each specific form while the form specific software is downloaded. Large more complex forms take longer than smaller more simple forms.
=== Tips for demo ===
Login and get *any* small form up before the full demo starts then close all windows to start the demo from scratch. If possible also visit as many of the larger forms as you can before the full demo starts
During the demo, if any screen comes up slowly, change to another screen and then go back to the original screen to show that it is fast on the second and subsequent visits.
Use shift+click or right mouse click on the menu to open new windows wherever possible rather than keep changing forms within one window.
Be aware that large complicated forms take longer to download initially but all forms should be fast on secondary visits.
=== Common error and solution ===
Sometimes, especially on poor internet connections, NEOSYS doesn't download all the files correctly from nl1 immediately. If this happens you will get a variety of different error messages when you use the system first. You might also get no message but a little warning flag at the bottom of the internet explorer window that says something like "error on page".
The problem is usually resolved by revisiting the page or pressing the F5 button or the Refresh button on the Internet Explorer tool bar
== Emailing documents in PDF format ==
=== OPTION 1 : Using "PrimoPDF" ===
==== Features ====
*- - - PrimoPDF Must be installed on each user's computer
*+++ Free version (7.2 MB) without any time limitation/adware etc.
*+++ Well supported including Vista with paid version available
*+++ Minimal clicks to accomplish the task (easy to use)
*+++ Option to "Email PDF" directly
*+++ Options to password protect reading/updating
==== Installation ====
http://www.neosys.com/software/primopdf.exe      ([[changes]])
http://www.neosys.com/software/primopdf4.0.1.exe
http://www.primopdf.com/
You probably also want a pdf viewer installed
http://www.adobe.com/products/reader/
==== Setting up ====
#Optionally set PrimoPDF to be your default printer
#Optionally configure your default printer to be landscape mode
#Set the PrimoPDF "Post Process" to be "Email PDF"
#Optionally setup other PrimoPDF options - for example password protection etc
==== Using ====
1.  Get on screen the document that you want to send. <br>
2.  Click Print and select PrimoPDF from the list of printers.<br>
3.  Wait for the PrimoPDF screen to open.<br>
4.  You have the option to choose a specific folder to save the PDF you are about to create prior to emailing as shown below. All PDF documents you generate henceforth would automatically get saved at this convenient location. <br><br>
[[File:primo1.jpg]]
5. Select the post process task from the drop down menu as shown below : <br>
[[File:primo2.jpg]] <br>
6. If you choose "Email PDF", a blank email template will open up with the attached PDF document you just created.<br>
7. Fill in the desired email address/subject etc.<br>
8. Click Send. <br>
As mentioned earlier, PrimoPDF also allows a user to password protect the document and add document properties by simply clicking "Change" next to the respective options as can be seen in the screenshots above.
Here are screenshots of the "Document Properties" and "PrimoPDF Password Security" windows :
[[File:primo3.jpg]]
[[File:primo4.jpg]]
<br>
<br>
=== OPTION 2 : Using "CutePDF" ===
CutePDF Writer allows you to convert any printable document to PDF format. It installs as a virtual printer and is available from any application that offers a `Print` option. The program is easy to use, just select the CutePDF printer and click the print button. CutePDF Writer depends on the install of a PS2PDF converter such as Ghostscript (a small conversion utility) which can be automatically downloaded and installed during setup.
==== Features ====
*- - - CutePDF Must be installed on each user's computer
*+++ Free version without any time limitation/adware etc.
*+++ Very light to download and install.
*- - - No option to “Email PDF” directly. File must be saved first and can be attached later to email.
*+++ Supports Microsoft Windows XP/2003/Vista/7 (x86/x64)
==== Installation ====
Free Download (3.83 MB) at : http://www.cutepdf.com/
==== Using CutePDF ====
As Cute PDF Writer installs itself as a printer on your computer, it enables you to create a PDF document out of anything you can print.
# Get on screen the document you wish to email.
# Click Print and select "CutePDF Writer" from the list of printers.
# After sending it to print, a box pops up asking you where you want to store the PDF document.
# Specify the desired directory/path where you would like to save the PDF document
# This PDF document can now be sent as an attachment via email.


== Codes in NEOSYS ==
== Codes in NEOSYS ==
Line 192: Line 112:
IBM  - IBM Corporation              (rule 1: Standard abbreviation although in practice would probably have a geographical location appended)
IBM  - IBM Corporation              (rule 1: Standard abbreviation although in practice would probably have a geographical location appended)


STBU - Stephen Bush                 (rule 3: Personal names code well in using four letters)
STBU - Stephen Burns                 (rule 3: Personal names code well in using four letters)


STBU2 - Stephan Butros              (Rule 4: An accidental duplication .. simply add 2)
STBU2 - Stephan Butros              (Rule 4: An accidental duplication .. simply add 2)
Line 200: Line 120:
GIOIJE - Gulf Oil Jeddah          (Rule 5:)
GIOIJE - Gulf Oil Jeddah          (Rule 5:)


== The Authorisation Table ==
== What is NEOSYS password policy? ==


The NEOSYS authorisation system uses a concept of users, user groups, tasks, locks and keys.
NEOSYS automatically generates short, memorable passwords for users and sends them to their registered corporate email address. Users can request their initial password, or a new password, at any time as long as their account is valid.


The Authorisation File is on the Support Menu which is not available to everybody.
A NEOSYS automatically generated password is a four letter "word" in the pattern "CVCV" - consonant, vowel, consonant, vowel. These are short and memorable like "KILA". This reduces the occurrence of users noting down their passwords in insecure locations and therefore tends to increase overall security. Also, since users cannot pick their own passwords, weak passwords are avoided thereby tending to increase overall security.


=== Tasks and Locks ===
Three failures to login, for whatever reason, causes a user account to become locked until a new password is requested. Automatic lockout makes password guessing attacks infeasible despite the shortness of the NEOSYS password. Users can unlock their own account by simply requesting a new password.


The various tasks that users may be authorised to do are listed and have a single code (lock) next to them. The same code (lock) may be placed on many tasks, allowing the bulk authorisation of groups of tasks according to need. The grouping of tasks can be seen by sorting the tasks in order of their lock codes by clicking on the column heading titled "Locks".
When a login is refused, no specific reason is given, only a message that lists all the possible reasons for login failures. Either the username or password is incorrect or the account has been locked and a password reset should be done. Not being told the specific reason for failure to login is rather unhelpful for legitimate users but it is considered to be a standard security practice to avoid providing any information that might facilitate unauthorised access attempts.


Often to do accomplish some function in NEOSYS you need to be authorised to do more than one task in the authorisation table. For example to update a media schedule you need to be authorised to both access the schedule file and to update it.
Users can update their own email address, but only after logging in successfully, and only to the companies corporate email servers. The email address part after the @ sign is restricted. This prevents password resets being sent to third party email systems which are outside the control of the company (like gmail.com etc.) unless specifically allowed.


Access to individual records may be restricted by appending the record key in quotes for example placing a lock on a task called ACCESS COMPANY "X" would restrict access to that company. To restrict access generally to a file but allow access to specific records, place a lock on the file eg ACCESS COMPANY but specifically enable access (place a lock) to specific records eg ACCESS COMPANY "X".
=== Forcing users to change password regularly ===


Access to particular datasets may also be restricted by placing a lock on a task called DATASET ACCESS "XXXX" and this would restrict access to users to that particular dataset.
Enforcing periodic change of user passwords is an optional policy set per database in NEOSYS. The maximum number of days between password changes can be set and applies to all users. If a user does not change their password within the maximum period then their account is locked and they cannot login until they request a new password in the usual way from the login screen.


NEOSYS authorisation table is not restricted to controlling access to files. Many tasks are very specific, for example one may or may not be allowed to book coincident ads.
Enforcing periodic change of user password is often considered an essential component (but only a component) of overall computer security. The concept is that people who improperly gain, or retain, access to the system, but do not have access to corporate email and therefore are unable to avoid password expiry, will not have access permanently.


A typical lock code might be AA (mneumonic for "access accounts") which would be placed on all general accounting tasks except those requiring further limitations. The AA key would only be given to accountants, thereby placing a convenient blank restriction on the ability of non-accountants from accessing accounting functions.
For example: Someone leaves the company and a) has been been granted partial or unrestricted access to NEOSYS from outside the office and therefore continues to have physical access to NEOSYS despite having left the company and b) has not been removed or expired from the NEOSYS authorisation table due to administrative oversight. In this case, the person will *not* have permanent access to the system because they will not be able to renew their NEOSYS password because, having left the company, they no longer have access to their corporate email account. Note however that THEY WILL HAVE ACCESS although for a limited period of time. In the worst case, if they renew their password just before leaving, either by accident or design, they could have unauthorised access after leaving the company for a maximum period of the number of days specified for password renewal.


The lock code "NEOSYS" locks all users out of a task without exception, the key "NEOSYS" should not be given to any user.
Potential disadvantages of enforcing periodic password renewal:


Two of the basic functionalities of locks used in the NEOSYS AUTHORIZATION TABLE are:
*May DECREASE security if it results in people writing down their password in insecure locations even though the passwords are memorable four letter word
#Access
*Inconvenient for infrequent users like management - although management level access should really have greater security not less
#Update
*Unpopular with users


Depending on the system being used, the lock can be:
== Giving access to users using Authorisation file ==
#Access Media / Update Media for Media System (AM & UM)
#Access Job / Update Job for Job System (AP & UP)
#Access Accounts / Update Accounts  for Finance System (AA & UA)


Every organization has some sort of hierarchy and hence the permissions to be given to the various users depends on the level that they belong to.  
Only NEOSYS Support are authorised to make changes to the Authorisation File.  


The Access Media permission is given to users who may want (and are authorized) to keep tabs on what the media personnel are working on.  Typically, this includes Higher Management or people in supervisory roles. People with Access Media Rights can view the various schedules/plans but cannot make any changes to them.
A designated person within the client company must approve of requests to make changes.
Media Personnel who have Update Media rights should also be given Access Media rights since, in NEOSYS, these two permissions have been kept separate deliberately.  


Similarly, General Management may have Access Accounts (AA) but only the Finance Team would have Update Accounts (UA) permission since they are responsible for accounting in the organization.
Find more information: [http://userwiki.neosys.com/index.php/Authorisation_File Authorisation File]


Each lock can have levels (eg. AM0, AM, AM2)to differentiate the tasks at each user level. AM0 is given to lower level users like Junior level and AM2 can be assigned to General Management who may have more detailed Access rights than other users. No lock should be assigned the level 1 (eg. AM1) because a lock without a number indicates level 1 itself.
== Splitting single NEOSYS report columns like 1000.00USD into two columns in Excel ==


Ideally a lock code should be informative of its purpose.
Many NEOSYS reports put currency amounts in a single column like 1000.00USD, ie as a single number followed by a currency code. It does this to keep reports compact and to provide multi-currency totals in a single column.


=== Users and Keys ===
In order to support pivot table or export into other systems it is sometimes necessary in spreadsheets like Excel to split the number and currency code into separate columns.


Users are listed in groups for easy comprehension. Each group is separated by a blank line. The last user name in the group is an imaginary user and is used the name of the group.
In Excel, strangely there is no built-in way to split numbers from letters but the following steps will achieve the same or better.


Any user can be given "keys" which are short alphanumeric codes that correspond to the "locks" on the list of tasks. Users possess all the keys of any users lower in the group including the group user, so keys are typically added and removed to the group user. Possession of a particular key enables (authorises) the user to perform all the tasks that have the same lock code that matches the key code.
#Select the column that you want to split, and duplicate it to get two identical columns by inserting a column and copying the original column into it.
#Remove the currency codes from the first column by selecting it and doing Edit, Find and Replace (Ctrl+H), select "Regular expressions" under "Other options". Search For [A-Z] and Replace With nothing.
#Do the same on the 2nd column and Search for \d and Replace With nothing.


=== Subgroups ===
=== Using Macros ===


In the following example, Joe and John are senior accountants and have all the keys placed on the SENIOR ACCOUNTANT and all the keys placed on the ACCOUNTS "user" whereas Joan and Joseph only have the keys placed on the ACCOUNTS "user". It is a matter of hierarchy.
These steps can trivially be recorded as a macro, maybe called Split Currency Amount, and re-performed on request on any future sheets. This makes splitting even easier than any built-in function.


#JOE
In order to record the macro, select the column then perform the steps, then stop recording and save the macro maybe as "Split Amounts". Assign a hot key like Ctrl+Shift+S to be able to repeat it easily in future.
#JOHN
#SENIOR ACCOUNTANTS
#JOAN
#JOSEPH
#ACCOUNTS
#blank line separating the next group


Within a group it is convenient to define users that represent subgroups like SENIOR ACCOUNTANTS. The users above (listed before) this "subgroup user" will have all the keys placed on this subgroup user. All of the users are still in the department ACCOUNTS since that is the last line of the group.
In order to redo the work on another column, select the column then replay the macro, or if you assigned a hot key, press that combination.


=== Access restriction by IP No. ===
== Showing signatures for people who are not users of NEOSYS ==
1. Access to NEOSYS is by default restricted to users from the standard Local Area Network IP numbers i.e. 192.168.*, 10.* and 127.*.
2. Users may also be restricted to login only from certain IP numbers or IP ranges. <BR>For Example: Assigning the IP address 192.*, 10.* in the System Configuration File would restrict users to logging in only from the local area network.
<BR>'''We can do that as follows:'''
<BR>'''a) Navigate to the System Configuration File:'''         
<BR>'''Menu >> Support >> System Configuration File'''
<BR>[[IMAGE:System Configuration File.JPG]]
<BR><BR>'''b) Enter the IP Address ranges in the restrictions field'''<BR>
[[IMAGE:IPADDRESSRANGES.JPG]]
<BR>
<BR>
3.  If a user is permitted to access NEOSYS from an external IP address, we need to assign that external IP address along with the IP address of the Local Area Network to the level of the user in the Authorisation Table.
<BR>
'''We can do that as follows:'''
<BR>
'''a) Navigate to the Authorisation File:'''         
<BR>'''Menu >> Support >> Authorisation File'''<BR>
[[IMAGE:AuthorizationTable.JPG]]
<BR>
<BR>
'''b) Enter the IP Address in the Allowed IP Numbers field'''<BR>
[[IMAGE:AuthorizationTableEntryFile.JPG]]
<BR>
==== Access restriction for user: NEOSYS ====
# The user NEOSYS has been restricted to login only from Private LAN, NEOSYS Office/VPN IP addresses and configured static IP addresses.<BR>Ordinary users may or may not be authorised to login from dynamic IP addresses outside the office, but the user NEOSYS cannot.
# To prevent NEOSYS access from WAN (public internet) via a NAT router with a private LAN IP, we list the full IP of the NAT Router in the System Configuration File.
 
=== How the Authorisation Table works ===
 
It consists of mainly two sections : <br>(a) Users, and <br>(b) Tasks<br><br>
The "USERS" section lists all the NEOSYS users licensed to use the software in their respective levels in the organisation. <br>
This section allows support staff to do the following :<br>
#Add/Delete users<br>
#Disable existing users by entering an "Expiry" date<br>
#Generate a password for a user or a level<br>
#Set the number of days for the password to auto-expire<br>
#Enter/change the user domain<br>
#Monitor the users last login date, time and IP <br>
#Add/Remove/Edit tasks for a user / level <br>
#Specify allowed IP Numbers<br><br>


A user can only access a particular task/function in NEOSYS once the task is allocated to him/her by an authorized person or by NEOSYS support staff <br><br>
You can issue documents on behalf of anybody by typing in their name as the executive when creating the document, however this does provide a signature.


The "TASKS" Section consists of a list of all the tasks that users need authorisation to access in NEOSYS. Authorisation is provided to users by assigning a "LOCK" for each task in the "TASKS" section and allotting the respective LOCKS to the users in the "USERS" section against their name/level.
Solution:


=== Customising the Authorisation Table ===
#Create NEOSYS user to represent the “issuing” users. Email address: support@neosys.com. (Do not give password to client)
#Upload signatures onto the User File for the issuing users. To update users other than yourself, you need to be authorised to do “USER UPDATE”
#When creating documents on behalf of issuing users, enter the user code of the issuing user as the Executive. The default executive/issuing user can be setup per client and/or brand in the Client/Brand File if desired.


#The various levels in Authorisation File like Admin, Management, Media, Finance, Production, Client Services, etc. are created as per the clients requirement. <br>
== Using Google to search NEOSYS wikis ==
#Each level is allocated locks which enable the users above the level to have access to the corresponding tasks.<br>
#Inserting a blank line between levels prevents the higher level from accessing the tasks allotted to the lower levels.<br>
#Removing the blank line enables the higher levels to access tasks assigned to the lower levels,however, lower levels cannot access tasks in levels above them.<br>


'''Key Points to Remember:'''
Mediawiki's built in search is nowhere near as smart as Google's but Googles search often lists non-NEOSYS pages.
#Do not enter USERNAMEs for group “user” lines i.e. Departments <BR> Department names/levels need not have any USERNAME specified as these are not real users. Also you should not specify an email address on the same, as these department names/levels are only to identify the user groups. You may login using these for testing purposes.
#Do not assign keys to individual users. Assign them to a group “user” i.e. Department instead <BR> If you feel the need to assign keys to a user, feel free to insert a new group user under them and assign the keys to that group user. This will enable us to manage the authorisation table i.e. add / delete users based on what Department they belong to, so that they get all required authorisations.


=== “Per User” Authorisations ===
Search like this:
 
Sometimes there are requests to provide very fine grained “per user” authorisations. However it is very hard to manage “per user” authorisations in the long term since there are a huge array of tasks that need to be decided per user.
 
Consequently is very important to maintain the VERY MINIMUM number of user groups and subgroups and NOT create additional special groups unless it is absolutely necessary.
 
Support staff are NOT helping the long term quality of experience of the system to the end users if they “try and be helpful” by providing many special groups and/or private authorisations for individuals. They will create a “rats nest” of incomprehensible unmaintainable authorisations. Worse, it is likely that accidental authorisations will be granted because it is impossible to reliably audit a long and complex set of “per user” authorisations.
 
Good support is doing the right thing for the long term success of the system. Bad support is doing whatever is asked by anybody chaotically and adding no value. Good support is not taking the easy short term way out. A system succeeds by its long term benefit to the client.
 
=== Expire Users ===
 
Users who no longer use NEOSYS should be entered as expired. Enter the date a day after the last logged in date.
 
Note: Do not remove/delete the users from the Authorisation Table as a date in the EXPIRE field will disable them to access NEOSYS and also disable them to receive any further mails on any notification from NEOSYS. The users should not be moved to another location or section in the Authorisation Table. Expired users will not be removed from Timesheet Summary as their usage details are recorded in it. 
 
[[image:expire.jpg]]
 
== Opening NEOSYS documents in Excel, Word etc. in Internet Explorer 7 ==
 
1. If you have not already done so, right click on the Internet Explorer tool bar and choose the following options
 
[[image:Internetexplorer1.JPG]]
 
2. Click Edit, Add,  Close.
 
[[image:Internetexplorer2.JPG]]
3. The Internet Explorer tool bar will now have an Edit button with a drop down to select Microsoft Office programs like Excel and Word.
 
[[image:Internetexplorer3.JPG]]
 
== Opening new windows in new tabs in Internet Explorer 7 ==
Unfortunately Microsoft have decided that this cannot be done programmatically and that the only way is to right click on the menu item and select "open in new tab".
 
Also surprising is that new tabs do not become the top window automatically unless you configure Internet Explorer as follows:
Tool, Options, Settings and check the option "Always Switch to New Tabs when they are Created"


[[image:Openingnewtabs.jpg]]
neosys wiki "exchange rate"


----
Putting Exchange Rate in "" quotes searches for the exact phrase instead anywhere either word appears

Latest revision as of 11:21, 23 November 2023

Getting started with NEOSYS

  1. Reset your browser to factory settings to ensure all 3rd party toolbars/pop-up blockers are removed and browser cache is cleared. See Reset Browser for instructions.
  2. Reopen the browser and ensure that the pop-up blocker is disabled. See Disabling Popup Blocker for instructions.
  3. Enter the NEOSYS URL.
  4. Add this URL to your favourites.
  5. You should now see the Login page. If you are a new user or have forgotten your password click on How to reset the password? for instructions on how to get your password
  6. Enter your Username, Password, select the database and click on login. See http://youtu.be/dS62_eSCm-A to learn how to login to NEOSYS.
  7. You should now see the user details page.

Using the NEOSYS testing and training database

Standard NEOSYS practice is to setup a "testing and training" database for each operationally live database. This testing and training database is very useful to try out procedures in NEOSYS without having any real live or permanent effect. The testing and training database is virtually a copy of the live data because every night the live database is cloned over (copied) to the test database. This database is generally available to everybody who has access to the live database unless specifically restricted.

  • To access the test database, first log out of the live database if you are logged in, then chose the test database from the dropdown on the login screen before logging in.
  • Since the test database is a copy of the live database as at last night (around 1am) it contains up to date info for you to play with any time you like.
  • Any work you do in the test database has no effect whatever in your live database.
  • There is no way to copy any work done in the test database to the live database
  • Since any testing work done in the test database will be OVERWRITTEN during the night, if you wish to perform extended testing which extends overnight, you can ask NEOSYS support to suspend the nightly copy.
  • Passwords in the test database are a COPY of whatever was in the live database at the time it was copied (usually last night). Resetting the password in LIVE or TEST does not affect the other database.
  • Documents and reports generated from the test database have a mark (in red) in the heading to indicate that they did not come from the live system. This helps to reduce confusion in case people lose track of which system they are working in.


Screen logging in to test database:

Logintest.jpg



Document showing red warning in heading:

Docredwiki.jpg

Restricting user access to files

Restricting user’s access to certain records of a file depending on company/division

In the following discussion remember that NEOSYS “companies” are used to implement any kind of corporate division. This includes legal entities and any type of internal division including departments, cost centres and profit centres etc.

Step 1 is to use the NEOSYS Authorisation File to generally restrict users access to certain companies/divisions, then they will also be restricted from viewing any records “belonging” to those companies/divisions. Split the groups in the authorisation file into multiple groups per division. For example, instead of one CLIENT SERVICE group in the Authorisation File you can create CLIENT SERVICE1, CLIENT SERVICE2 etc. The only difference must be a trailing integer so that the actual division name can be determined by NEOSYS.

For example to restrict access to company/division “XYZ” you create locked tasks in the NEOSYS Authorisation File as follows. The quotation marks are required.

COMPANY ACCESS “XYZ”

Invent a suitable lock eg =CFX to lock this company, place that lock on the newly created task and add that lock to the keys of the groups that should have access to that company.

Step 2 - Most of the various files in NEOSYS allow, and sometimes require, the association (i.e. tying) of individual records to specific companies/divisions either directly or indirectly.

Depending on the file, restrict access by entering one or more of the following on the individual records that are to be restricted.

  1. Company code
  2. A/c No. of an account which is tied to a specific company/division in its chart of accounts
  3. ”A/c No , company code” eg 99999,XYZ - in most places that you can enter the A/c No. you may also follow it with a comma then the company code.
  4. Codes of other records which are themselves tied to a specific company/division.

Important Note: brands are associated with the company of the account at the time that the brand was created and removing the company from the account code didnt free up the brand from the company which also includes removing the company code from the chart. Hence if you do such a change you need to run the following in maintenance mode:

F5
CREATEBRANDS
Yes

Restricting access of users to specific individual records

Insert locked tasks in the Authorisation File similar to the following. For example, the following restricts access to company “XYZ”. The quotation marks are required.

COMPANY ACCESS “XYZ”

Generally, wherever there is a task called ‘filename ACCESS’ then you can add tasks like ‘filename ACCESS “XYZ” ’ to restrict access to individual records.

Other examples are:

ACCOUNT ACCESS “99999”
MARKET ACCESS “INT”

Restricting access to the company and market files is rather special in that it also restricts access to any and all records associated with (ie “belonging” to or tied to) that company or market.

Due to limitations in the size of the authorisation file, this should be limited to no more than a few 10’s of records in total for all files.

Codes in NEOSYS

Inventing codes

In order to speed up data entry, NEOSYS usually allows codes to be entered directly instead of relying on name searches and popups which are slower.

There are three strategies to invent codes:

  1. Sequential numbers. Easy to generate codes for new records but the codes are difficult to remember and are meaningless
  2. Meaningful codes. Invent a pretty code so that when you look at the code it reminds you of the name. There are many alternatives though and it is usually difficult later on to re-guess/remember the exact code given only the name.
  3. Meaningless codes. Use some mechanical rule for generating a code from the name. If the rule is simple, then later on we can re-guess the code from the name easily. Unfortunately looking at the code usually does not remind us of the name.

The real aim of coding, if you think about it for a while, is to be able to know the code to enter it quickly even if all you know is the name. Therefore method three is the most useful.

Surprisingly, the main aim is NOT to know the name on seeing the code which is natural instinct of most people when coding. Meaningful codes are indeed pretty but usually it is difficult to remember the exact code for data entry.

Interestingly, it is common to find NEOSYS clients who have never met each other to be using identical codes for the same clients and suppliers etc.

Using Four letter coding system

This four letter coding system has proven over many years to be easy to use and surprisingly good at avoiding duplicate codes where there are thousands of records.

Follow these steps rigorously:

  1. If there is a well known abbreviation for something use that regardless of how many letters there are. e.g. IBM or UNESCO
  2. Remove all standard words from the name to be encoded. Egg The, Company, Al, Incorporated, Ltd etc
  3. If there is only one word left in the name take the first four letters otherwise take the first two letters of the first two words and ignore any following words.
  4. ACCIDENTAL DUPLICATIONS: If the code accidentally duplicates with another code, simply add a 2 or 3 or 4 onto the end of the code. DO NOT INVENT YOUR OWN CODES.
  5. PREDICTABLE DUPLICATIONS: If you know in advance that there are several similar accounts with almost the same name then first use the four letter rules rigorously ... and then add two letters e.g. country, town, currency etc to distinguish the duplicates.

Examples of four letter coding

NESO - NEOSYS Software Ltd. (rule 3: easy to take the first two letters of the first two words)

KHAL - Al Khaleej (rule 2 and 3: Remove the standard word Al and take the first four letters of the only word)

IBM - IBM Corporation (rule 1: Standard abbreviation although in practice would probably have a geographical location appended)

STBU - Stephen Burns (rule 3: Personal names code well in using four letters)

STBU2 - Stephan Butros (Rule 4: An accidental duplication .. simply add 2)

GUOIDU - Gulf Oil Dubai (Rule 5: We know there are many Gulf Oil records so we add two letters for the location)

GIOIJE - Gulf Oil Jeddah (Rule 5:)

What is NEOSYS password policy?

NEOSYS automatically generates short, memorable passwords for users and sends them to their registered corporate email address. Users can request their initial password, or a new password, at any time as long as their account is valid.

A NEOSYS automatically generated password is a four letter "word" in the pattern "CVCV" - consonant, vowel, consonant, vowel. These are short and memorable like "KILA". This reduces the occurrence of users noting down their passwords in insecure locations and therefore tends to increase overall security. Also, since users cannot pick their own passwords, weak passwords are avoided thereby tending to increase overall security.

Three failures to login, for whatever reason, causes a user account to become locked until a new password is requested. Automatic lockout makes password guessing attacks infeasible despite the shortness of the NEOSYS password. Users can unlock their own account by simply requesting a new password.

When a login is refused, no specific reason is given, only a message that lists all the possible reasons for login failures. Either the username or password is incorrect or the account has been locked and a password reset should be done. Not being told the specific reason for failure to login is rather unhelpful for legitimate users but it is considered to be a standard security practice to avoid providing any information that might facilitate unauthorised access attempts.

Users can update their own email address, but only after logging in successfully, and only to the companies corporate email servers. The email address part after the @ sign is restricted. This prevents password resets being sent to third party email systems which are outside the control of the company (like gmail.com etc.) unless specifically allowed.

Forcing users to change password regularly

Enforcing periodic change of user passwords is an optional policy set per database in NEOSYS. The maximum number of days between password changes can be set and applies to all users. If a user does not change their password within the maximum period then their account is locked and they cannot login until they request a new password in the usual way from the login screen.

Enforcing periodic change of user password is often considered an essential component (but only a component) of overall computer security. The concept is that people who improperly gain, or retain, access to the system, but do not have access to corporate email and therefore are unable to avoid password expiry, will not have access permanently.

For example: Someone leaves the company and a) has been been granted partial or unrestricted access to NEOSYS from outside the office and therefore continues to have physical access to NEOSYS despite having left the company and b) has not been removed or expired from the NEOSYS authorisation table due to administrative oversight. In this case, the person will *not* have permanent access to the system because they will not be able to renew their NEOSYS password because, having left the company, they no longer have access to their corporate email account. Note however that THEY WILL HAVE ACCESS although for a limited period of time. In the worst case, if they renew their password just before leaving, either by accident or design, they could have unauthorised access after leaving the company for a maximum period of the number of days specified for password renewal.

Potential disadvantages of enforcing periodic password renewal:

  • May DECREASE security if it results in people writing down their password in insecure locations even though the passwords are memorable four letter word
  • Inconvenient for infrequent users like management - although management level access should really have greater security not less
  • Unpopular with users

Giving access to users using Authorisation file

Only NEOSYS Support are authorised to make changes to the Authorisation File.

A designated person within the client company must approve of requests to make changes.

Find more information: Authorisation File

Splitting single NEOSYS report columns like 1000.00USD into two columns in Excel

Many NEOSYS reports put currency amounts in a single column like 1000.00USD, ie as a single number followed by a currency code. It does this to keep reports compact and to provide multi-currency totals in a single column.

In order to support pivot table or export into other systems it is sometimes necessary in spreadsheets like Excel to split the number and currency code into separate columns.

In Excel, strangely there is no built-in way to split numbers from letters but the following steps will achieve the same or better.

  1. Select the column that you want to split, and duplicate it to get two identical columns by inserting a column and copying the original column into it.
  2. Remove the currency codes from the first column by selecting it and doing Edit, Find and Replace (Ctrl+H), select "Regular expressions" under "Other options". Search For [A-Z] and Replace With nothing.
  3. Do the same on the 2nd column and Search for \d and Replace With nothing.

Using Macros

These steps can trivially be recorded as a macro, maybe called Split Currency Amount, and re-performed on request on any future sheets. This makes splitting even easier than any built-in function.

In order to record the macro, select the column then perform the steps, then stop recording and save the macro maybe as "Split Amounts". Assign a hot key like Ctrl+Shift+S to be able to repeat it easily in future.

In order to redo the work on another column, select the column then replay the macro, or if you assigned a hot key, press that combination.

Showing signatures for people who are not users of NEOSYS

You can issue documents on behalf of anybody by typing in their name as the executive when creating the document, however this does provide a signature.

Solution:

  1. Create NEOSYS user to represent the “issuing” users. Email address: support@neosys.com. (Do not give password to client)
  2. Upload signatures onto the User File for the issuing users. To update users other than yourself, you need to be authorised to do “USER UPDATE”
  3. When creating documents on behalf of issuing users, enter the user code of the issuing user as the Executive. The default executive/issuing user can be setup per client and/or brand in the Client/Brand File if desired.

Using Google to search NEOSYS wikis

Mediawiki's built in search is nowhere near as smart as Google's but Googles search often lists non-NEOSYS pages.

Search like this:

neosys wiki "exchange rate"

Putting Exchange Rate in "" quotes searches for the exact phrase instead anywhere either word appears