Compiere provides a complete application-level security infrastructure, supporting role, data security, data encryption and auditing. These comprehensive security features enables the application architect to implement security policies that protect your valuable corporate data from inappropriate or unlawful access while enabling your trusted employees to effectively do their jobs.
Security policies are extremely flexible and are defined without programming.
Every Compiere user has a unique user account. Associated with each account are one or more roles that define what data and functions are available. Upon successful login, Compiere uses the role information to populate the menu of application functions, windows and reports that are available to the user.
The system uses an inheritance-based model to grant or revoke privileges according to role. Roles can be general to the whole enterprise or to an organizational unit within an enterprise. For example, everyone in the enterprise can view the end-user price list. Also, roles can be as specific as a single function. For example, only the CFO can change the chart of accounts.
In addition to role based-security, Compiere includes robust data-level security features. Data level security uses role-based information to restrict access to specific data records or fields. For example, a data security policy can restrict sales representatives from viewing sales orders from outside their territory. A different data security policy would enable accounts payable staff to process orders from all territories, but restrict them from changing prices. With data security you have the ability to automate internal controls using precise access rules, ensuring appropriate governance checks and appropriate segregation of duties for transactions. Data-level security is delivered as part of the Compiere Enterprise Edition.
As an additional layer of security, Compiere provides the ability to audit any transaction in the system, including changes to the application metadata. For example, if an administrator changes a user's role, a security policy or a field on an order screen, those changes can be logged and audited. New transactions, changes to existing data and even queries of specific records and fields can be tracked in the audit log.
The choice of how restrictive or open your security policies are in your control. Importantly, role and data security are implemented without programming.