You can require users to log into a database to protect a database from unauthorized use. The database Administrator can assign specific Access Levels, limiting what a logged-in user can access.
Database security consists of several parts: Setting up Employees with logins, Assigning Access Levels, and Requiring Users to Log Into Databases. Setting up Employees is covered in Related Articles, we discuss Assigning Access Levels and Setting Databases to "Require Logins" below. First up is defining the different roles (Access Levels) you can assign to employees logging in.
Access-levels and employee rights can be a little confusing. If you have any questions on how to setup your employees,
Contact Support.
Notes about Security
- Employees and Access Levels are database specific so each database can have different users/access levels.
- Access Levels for employees are set from the Employee List (Master).
- Access Levels are recommended when multiple users are sharing a database (SQL, of course).
- To use Database Security, and to require Logins, there must be at least one user assigned the Access Level of "Administrator."
- Database security is not Bid-specific. Changing a user's Access Level/Rights can affect their access to every Bid in the database. Understanding the consequences of making changes to database security is important before implementing.
- By default, when On-Screen Takeoff is installed, only the "Administrator" access level is created, follow the instructions below to create new Access Levels, based on your needs.
- When you import a bid package created from a Secured databases, a new database will be created so that your current database's security does not get changed - you can always copy and paste the Bid from that new database to your existing database, if you like.
Creating and Assigning Access Levels
Creating an Access Level
To access the Security Access Levels screen, you open an employee record for an employee who has Enable Logins checked (see Related articles for information on setting up Employees).
- Click Access Levels, the Access Levels dialog box opens
- Click New - a blank line is added under the Description field
- Type in the Description (name) for this Access Level and press <Enter>
If employees assigned to this Access Level are to be have Administrator functions (ability to change Database properties and add/modify employees), put a check in the box next to Set as System Administrator. This Access Level will have Full Access to all Database tables regardless of the specific table settings.
Set Access Levels for a specific Database table by clicking on the cell next to the Database Table under the View column to select the cell, set Access Levels for each table or function (see the chart below for a description of what each setting does)
Click OK to return to the Employee (Master) dialog
Access Level Explained
Below is a explanation of the various options available for setting security rights in On-Screen Takeoff. Bid-related rights are based on who is shown as the "Estimator" on a Bid's Cover Sheet.
Database Table (shown in Access Levels dialog box) |
Full Access |
Read Only |
No Access |
Other's Bids |
Employee can view and edit all Bids in the database whether they are the Estimator or not. |
Employee can view but will not be able to edit Bids for which they are not the Estimator. The employee would see all other users' Bids on the Bids Tab, though. |
Employee will not be able to access any Bids for which they are not the Estimator. The Bids list will display these Bids, however, the employee will not be able to open or edit them. The employee would be able to Send another employee's Bid out as a Bid Package. |
Bids List (the Bids Tab) |
Employee can add, modify and delete any Bid that displays on the Bids Tab, regardless of who the Employee is. |
User will not be able to create new Bids, however, based on "Other's Bids" setting, may be able to delete or modify an existing Bid. Employee cannot Add, Delete Base Bids, Folders or Import a Bid, however, they can add/modify/delete Alternates and CO's for existing Bids. |
Employee will not be able to see any Bids in the database nor will they be able to add any information to the Bids Tab (they cannot create Bids). This is often used for a database administrator - someone who is responsible for setting up Master records/Styles/Sets/Employees, etc., but doesn't perform takeoff or access Bids. |
Master |
Employee can add, modify, delete all options on the Master Menu. See Related articles for more information. |
User can view all Master Menu options but will not be able to make changes to the data within the Masters unless he or she is specifically granted "Full Access" rights to Styles/Sets, below (allowing access to Styles/Sets overrides the "Read Only/Masters" restriction). |
Employee will not be able to view any Master Menu selections unless they specifically have Full Access or Read Only rights to Styles/Sets. All menu items on the Master list will be inactive/greyed-out. |
Styles/Sets |
Employee can Add/Modify/Delete Styles and Style Sets. Regardless of what Access Level is selected under "Master" |
User can access the Styles and Style Sets lists, however, they will not be able to save any changes. |
User will have no access to the Styles and/or Style Sets lists (from the Master Menu). They can still insert Styles and Style Sets (use stored information to create new Conditions) to a Bid, but they cannot invoke the actual list from the Master menu, nor can they save changes to any Style or Style Set. |
Database Table Explanation
The drop down list indicates Full Access, No Access, or Read Only privileges for each of the 4 different Database Tables.
Others' bids
Bids for which the Estimator, as listed on the Cover Sheet, is not the current logged-in user.
Bid List
The Bids Tab - a list of all bids/projects in the database. If the logged in user has Read Only rights to the Bids list, they will not be able to create new bids, but he or she could edit existing Bids.
Master
Anything listed when a user clicks Master from the main menu bar.
Styles/Sets
The Master Style Library and Sets lists. Even restricted users can use existing Styles and Style Sets (to create Conditions), however they can be prevented from making changes to the Master Styles/Sets.
Contact Support or Training for any questions on how to properly configure and implement security settings.
Assigning Employee Access Levels
Access Levels for employees are set in the Employee Detail dialog. Access Levels are recommended, especially when multiple users are sharing a database. To use Database Logins, there must be at least one Administrator and each estimator must be assigned a login name and password.
To assign an Access level to an employee login,
Open an Employee Detail dialog box
Check Enable Login (if not already checked)
Click Access Levels - the Access Levels dialog displays
Select an Access Level from those in the Description field - by default, when On-Screen Takeoff is installed, only the Administrator access level is created, follow the instructions above to create new Access Levels as needed
After the access level is created, select it and click OK to assign it to the selected Employee.
To enforce these restrictions, you'll need to set the database to require users to login, see the next article.