User authorization: Overview
For each Kofax ReadSoft Invoices module you can enable or disable user authorization.
If user authorization is enabled
- A user who starts the
module must be authorized to do so. There are two types of user authorization:
- Local user – Kofax ReadSoft Invoices' built-in system to control user access. Users must enter a user name and password to log in to the module. Enabled by default.
Network authentication – Uses Microsoft Windows users and groups to control access to Kofax ReadSoft Invoices. More information.
When Kofax ReadSoft Invoices starts, the currently logged-in user is checked using Windows credentials. If the user exists in the Kofax ReadSoft Invoices' database, the user is logged in without any additional password check, and the user has the rights specified in the user profile.
If no user is found, local authorization is used instead.
If a user belongs to more than one group, the first group that the user belongs to (in alphabetical order) is used.
Limitation: In order for a user to be logged in as a member of a group, he must be a direct member of that group. He cannot be an member indirectly, for example if another group that he belongs to is a member of the group that has permission to access the module.Installing and Configuring Microsoft SQL Server describes how to set up Windows users and Windows groups.Installing and Configuring Microsoft SQL Server
- The program keeps track of the user who most recently changed each invoice in the process log. You can use the #ProcessLog or #UserName variables to export this information in the transaction description.
- You can give specific users the ability to do or keep them from doing the following:
- Only those invoice profiles that a specific user needs to see can be displayed in Verify.
If user authorization is disabled
- Any person who has "read" access to the Kofax ReadSoft Invoices program can start the module.
- All users have full administrator rights to the module.
The process behind user authorization
When a user starts a Kofax ReadSoft Invoices module, database authentication is performed first. Then:
- Kofax ReadSoft Invoices checks whether user authorization is enabled for the module. If not, the module starts and the user has complete access to all functionality within the module.
- If user authorization is enabled, Kofax ReadSoft Invoices retrieves the name of the currently logged-on Windows user, what domain the user is logged on to, and what groups the user belongs to.
- Kofax ReadSoft Invoices compares this information with the Domain and Account or Domain and Group data that was saved in its database when users were defined, and looks for a match.
- If a match is found, Kofax ReadSoft Invoices checks whether the user has access rights to the module.
If both of the previous steps are true, the module starts.
Only the names of domains, users, and groups are checked. Users’ Windows passwords are not used or validated in any way.
If no match is found in step 3, or if the currently logged-on
Windows user was found in step 4 not to have permission to use the module, the
user is prompted to log on as a
Note that this is the Kofax ReadSoft Invoices user name and password, not the Windows user name and password.
- Kofax ReadSoft Invoices compares the login information that the user provides with the details saved in its database. If a match is found, the user is logged on. Otherwise, an error message is displayed and the Login dialog is displayed again until “correct” credentials are supplied or the user clicks Cancel.