Security Management

The security module ensures that only authorized users can access specific equipment and pools, report inspections, or perform other procedures within the system.

The Umler security module supports an administrator’s ability to manage access rights for intra-company users, manage access rights given to other companies, manage access rights given by other companies, and transfer access rights to another company. When managing access rights for intra-company users, Umler security allows the administrator to add, edit, delete, and/or clone access rights. When managing access rights given to other companies, the Umler security module allows the administrator to view existing rights, grant new rights, and/or revoke existing rights. When managing access rights given by other companies, the EMIS security module allows the administrator to assign and/or relinquish those rights to users within his company. This module also allows every user to view his access rights.

Note: It is important to note the distinction between a company, a SCAC, and Equipment Initials. For the purposes of this system, a company owns one or more SCACs (Standard Carrier Alpha Code), and each SCAC owns one or more Equipment Initials. Umler relies on the IRF (Road Mark Register) to define the relationship between SCACs and Equipment Initials.

Access rights are assigned in Umler by the company Umler administrator. Access rights include pool-related rights, equipment-related rights, inspection-related rights and view confidential data rights.

For each access right, the administrator must specify the following characteristics:

Timeframe of authority—The timeframe of authority defines the period (effective date/time to expiration date/time) during which the access right will exist.

Type of access—The administrator must specify the type of actions to which the access right applies:

Equipment Access Rights—For an equipment-related access right, the administrator specifies one or more of the following types of access:

· Update Equipment Management Codes

· Non-Owner Self-As-Lessee Removal

· Equipment - “Add to Pool”

· Equipment - “Remove from Pool”

· Update Equipment Maintenance Party

· Add Equipment

· Update Equipment

· Delete Equipment

Pool Access Rights—For a pool-related access right, the administrator specifies one or more of the following types of access:

· Add Pool Header

· Update Pool Header

· Delete Pool Header

· Pool Assignment / Unassignment

Inspection Access Right—For an inspection access right, the administrator specifies timeframe, marks, and equipment for which the user can report inspections.

View Confidential Data Access Right—For inter-company rights only, a view confidential data access right, the administrator specifies timeframe, marks, and equipment for which the user can view confidential data.

Range of equipment, pools, and inspection rights—For an equipment-related access right, the administrator specifies to which pieces of equipment the access right applies. The administrator restricts access to any one of the following:

All Equipment	The access right applies to all equipment controlled by the company.
SCAC(s)	The administrator may specify one or more SCACs (from the set of SCACs managed by the administrator) to which the access right applies.
Equipment Initials	The administrator may specify one or more equipment initials (from the set of car initials managed by the administrator) to which the access right applies.
Equipment Group(s)	The administrator may specify one or more equipment groups (e.g. box cars, tank cars, locomotives, etc.) to which the access right applies. See Equipment Group(s) in Exhibit 39.
Equipment IDs or Equipment Series	The administrator may specify one or more equipment IDs to which the access right applies.

Range of pools—For a pool-related access right, the administrator specifies to which pools the access right applies. The administrator restricts access to one of the following:

All pools	The access right applies to all pools controlled by the company.
Pool ID(s)	The administrator may specify one or more pool IDs to which the access right applies.

When the user selects Account Administration>Security Management, the Security Management page is displayed (Exhibit 287).

Exhibit 287. Security Management

$Description: U:\Technical Writer\EMIS\Graphics\A_Smenu1.PNG$

There are four security management task groups:

· Administer Access Rights Internal to My Company

· Administer Access Rights Involving Other Companies

· Search User Access Rights

· Transfer Access Rights Between Companies (Railinc Administrators only)

All access rights activities begin on this page.