Security

There are many levels of security involved with AMAPS+PLUS.  The LAN Operating system, Windows, and the database management systems provide various levels of security.  This security discussion, however, focuses of the major security features within AMAPS+PLUS.  First, all the users of the AMAPS+PLUS must be identified and assigned a password.  The passwords within AMAPS+PLUS are encrypted using a form of one-time pad.  If the system was compromised and the passwords were acquired they would be of no use since the encrypted password is not the one that AMAPS+PLUS is expecting.  If a hacker repeatedly entered a password to attempt to determine how it was encrypted the password is still protected. 

Each time a password is updated a different encryption key is used.

When a user is defined to AMAPS+PLUS, application privileges must be granted.  These privileges indicate which application that user may access such as Customer Order Entry, Purchasing, Inventory Control, and Lot Traceability.

Once the user has access to an application, then security is specified for each window within that application.  A window may be in any of three states: Inquiry Only, Update Allowed, or Inquiry and Update Not Allowed.  If for example, a user had access to the Customer Order Administration Module they may be allowed view only privileges for customer data, allowed to update salesman data, but prohibited from either updating or viewing or price data.

The most detailed form of security is data element security.  With this security approach specific data elements are either hidden or inquiry only.  A user, for example, could update customer data but not see year-to-date sales figures.  The approach works equally well with product cost data.