The KwaMoja security scheme consists of the following parts:
These parts work together as follows. The user name and password combination entered at log on enables the system to identify the 'Security Role' for the User. The User's 'Security Role' determines what 'Security Tokens' are available to the User. The User is allowed access to any page with a 'PageSecurity' value equal to the 'Security Token' values available to that User.
Each KwaMoja page (script) is assigned a specific PageSecurity value. This page security value is stored in the scripts table of the database and read into a SESSION array on login (from the GetConfig.php script). At the time of writing this is a number between 1 and 15. If more levels of security are necessary then this can be expanded by an administrator or developer. The default PageSecurity values for each page can be inspected by browsing the scripts table
The user is allowed access to a page if the PageSecurity value of the page/script is a number contained in the SESSION AllowedPageSecurityTokens array as determined from the users access level (Security Role). The user access level Security Role) is an integer that represents the Security Role assigned to the user in the user set up page (WWW_users.php).
Access authority is checked in the session.php script for all pages (or PDF_Starter.php for PDF pages). The variable $_SESSION['AccessLevel'] is retrieved from the database when the user logs on - in session.php. This variable refers to the Security Role of the user. The SESSION['AllowedPageSecurityTokens'] array of numbers is retrieved from the database based on the users AccessLevel - or Security Role. Any page that has a $PageSecurity value equal to any value in this array is deemed to be an authorised page.
If you wish to add more Security Roles then you must use the Role Permissions script (WWW.Access.php). You must also specify the Security Tokens for the new Security Role. Users assigned to the new Security Role will have access to any page where the Page Security value is equal to a Security Token value assigned to the new Security Role. This mechanism allows the system administrator to control who can access what.
By changing the Security Role assigned to each users and the Security Tokens assigned to each Security Role the security access can be tailored for all users. When making these changes reference the default values in the tables below. PageSecurity values must also be known. The value of the default settings can be modified as needed from the Page Security script accessible from the Setup module
| Table.Field | Example Data | Comment |
|---|---|---|
| www_user.userid www_user.fullaccess |
demo 8 |
These fields are updated by WWW_Users.php. |
| securityroles.secroleid securityroles.secrolename |
8 System Administrator |
These fields are changed when a 'Security Role' is created or deleted at WWW_Access.php. |
| securitygroups.secroleid securitygroups.tokenid |
8 1 |
These fields are updated when 'Security Tokens' are assigned or removed from 'Security Roles'. at WWW_Access.php. |
| securitytokens.tokenid securitytokens.tokenname |
1 Menu and Order Entry Only |
15 default security tokens are defined. This data can not be edited using any KwaMoja tool. |
| KwaMoja page | CustomerInquiry.php $PageSecurity = 1; |
The PageSecurity value for each page is pre-defined and can not be edited using any KwaMoja tool. |
Below the default security roles and page security values are set out. However, be aware that all these settings are now modifiable in the database. The roles can be defined choosing which security tokens will be allowed. Also, as of version 4.0 it is now possible to change the PageSecurity of each script to allow access to be more tightly defined. The PageSecurity value for a particular script is mapped to the security token that is either available to a particular user or not. Without the security token being in the users list of allowed security tokens then the script will not be available to that user.
| Page (script) File Name | PageSecurity value |
|---|---|
| CustomerInquiry.php | 1 |
| GetStockImage.php | 1 |
| index.php | 1 |
| Logout.php | 1 |
| MailInventoryValuation.php | 1 |
| PDFStockLocTransfer.php | 1 |
| PDFStockNegatives.php | 1 |
| PrintCustTrans.php | 1 |
| PrintCustTransPortrait.php | 1 |
| reportwriter/FormMaker.php | 1 |
| reportwriter/ReportMaker.php | 1 |
| SelectCompletedOrder.php | 1 |
| SelectOrderItems.php | 1 |
| AgedDebtors.php | 2 |
| AgedSuppliers.php | 2 |
| BOMInquiry.php | 2 |
| BOMListing.php | 2 |
| ConfirmDispatch_Invoice.php | 2 |
| CustomerTransInquiry.php | 2 |
| CustWhereAlloc.php | 2 |
| DebtorsAtPeriodEnd.php | 2 |
| EmailCustTrans.php | 2 |
| FTP_RadioBeacon.php | 2 |
| InventoryPlanning.php | 2 |
| InventoryValuation.php | 2 |
| OrderDetails.php | 2 |
| OutstandingGRNs.php | 2 |
| PDFCustomerList.php | 2 |
| PDFLowGP.php | 2 |
| PDFPriceList.php | 2 |
| PDFQuotation.php | 2 |
| PDFStockCheckComparison.php | 2 |
| PeriodsInquiry.php | 2 |
| PO_OrderDetails.php | 2 |
| PO_PDFPurchOrder.php | 2 |
| PO_SelectOSPurchOrder.php | 2 |
| PO_SelectPurchOrder.php | 2 |
| Prices.php | 2 |
| PrintCustOrder_generic.php | 2 |
| PrintCustOrder.php | 2 |
| PrintCustStatements.php | 2 |
| reportwriter/admin/ReportCreator.php | 2 |
| SalesAnalReptCols.php | 2 |
| SalesAnalRepts.php | 2 |
| SalesAnalysis_UserDefined.php | 2 |
| SelectCustomer.php | 2 |
| SelectProduct.php | 2 |
| SelectRecurringSalesOrder.php | 2 |
| SelectSalesOrder.php | 2 |
| SelectSupplier.php | 2 |
| ShiptsList.php | 2 |
| StockCheck.php | 2 |
| StockCostUpdate.php | 2 |
| StockCounts.php | 2 |
| StockLocMovements.php | 2 |
| StockLocStatus.php | 2 |
| StockMovements.php | 2 |
| StockQuantityByDate.php | 2 |
| StockSerialItems.php | 2 |
| StockStatus.php | 2 |
| StockUsage.php | 2 |
| StockUsageGraph.php | 2 |
| SupplierBalsAtPeriodEnd.php | 2 |
| SupplierTransInquiry.php | 2 |
| Tax.php | 2 |
| WhereUsedInquiry.php | 2 |
| Z_CheckAllocs.php | 2 |
| Areas.php | 3 |
| Credit_Invoice.php | 3 |
| CreditItemsControlled.php | 3 |
| CreditStatus.php | 3 |
| CustomerAllocations.php | 3 |
| CustomerBranches.php | 3 |
| CustomerReceipt.php | 3 |
| Customers.php | 3 |
| PDFBankingSummary.php | 3 |
| PDFChequeListing.php | 3 |
| PDFDeliveryDifferences.php | 3 |
| PDFDIFOT.php | 3 |
| PDFOrdersInvoiced.php | 3 |
| PDFOrderStatus.php | 3 |
| SalesPeople.php | 3 |
| SelectCreditItems.php | 3 |
| StockSerialItemResearch.php | 3 |
| PO_Header.php | 4 |
| PO_Items.php | 4 |
| PurchData.php | 4 |
| SpecialOrder.php | 4 |
| StockReorderLevel.php | 4 |
| Payments.php | 5 |
| PrintCheque.php | 5 |
| StockQties_csv.php | 5 |
| SuppCreditGRNs.php | 5 |
| SuppInvGRNs.php | 5 |
| SupplierAllocations.php | 5 |
| SupplierCredit.php | 5 |
| SupplierInvoice.php | 5 |
| Suppliers.php | 5 |
| SuppPaymentRun.php | 5 |
| SuppShiptChgs.php | 5 |
| SuppTransGLAnalysis.php | 5 |
| SalesGraph.php | 6 |
| BankMatching.php | 7 |
| BankReconciliation.php | 7 |
| GLAccountInquiry.php | 8 |
| GLBalanceSheet.php | 8 |
| GLCodesInquiry.php | 8 |
| GLProfit_Loss.php | 8 |
| GLTransInquiry.php | 8 |
| GLTrialBalance.php | 8 |
| SelectGLAccount.php | 8 |
| BOMs.php | 9 |
| Currencies.php | 9 |
| Z_CreateChartDetails.php | 9 |
| AccountGroups.php | 10 |
| AccountSections.php | 10 |
| BankAccounts.php | 10 |
| COGSGLPostings.php | 10 |
| CompanyPreferences.php | 10 |
| EDIMessageFormat.php | 10 |
| GLAccounts.php | 10 |
| GLJournal.php | 10 |
| PaymentTerms.php | 10 |
| SalesGLPostings.php | 10 |
| WorkOrderEntry.php | 10 |
| WorkOrderIssue.php | 10 |
| ConfirmDispatchControlled_Invoice.php | 11 |
| CustEDISetup.php | 11 |
| DiscountCategories.php | 11 |
| DiscountMatrix.php | 11 |
| EDIProcessOrders.php | 11 |
| FreightCosts.php | 11 |
| GoodsReceived.php | 11 |
| GoodsReceivedControlled.php | 11 |
| Locations.php | 11 |
| Prices_Customer.php | 11 |
| ReverseGRN.php | 11 |
| SalesCategories.php | 11 |
| ShipmentCosting.php | 11 |
| Shipments.php | 11 |
| Shipt_Select.php | 11 |
| StockAdjustments.php | 11 |
| StockAdjustmentsControlled.php | 11 |
| StockCategories.php | 11 |
| StockLocTransfer.php | 11 |
| StockLocTransferReceive.php | 11 |
| Stocks.php | 11 |
| StockTransferControlled.php | 11 |
| StockTransfers.php | 11 |
| TaxAuthorityRates.php | 11 |
| EDISendInvoices.php | 15 |
| PaymentMethods.php | 15 |
| SalesTypes.php | 15 |
| Shippers.php | 15 |
| SystemParameters.php | 15 |
| TaxCategories.php | 15 |
| TaxProvinces.php | 15 |
| UnitsOfMeasure.php | 15 |
| Z_CheckAllocationsFrom.php | 15 |
| Z_index.php | 15 |
| Z_MakeNewCompany.php | 15 |
| Z_poAddLanguage.php | 15 |
| Z_poAdmin.php | 15 |
| Z_poEditLangHeader.php | 15 |
| Z_poEditLangModule.php | 15 |
| Z_poRebuildDefault.php | 15 |
| Z_Upgrade_3.01-3.02.php | 15 |
| Z_Upgrade_3.04-3.05.php | 15 |