====== Password management ======

:!: To create new accesses in the user administration or to change existing ones, you need supervisor rights in Pcc.

With the password administration, Pcc offers you the possibility of granting individual users different access rights to individual functions. You can access this via **//System/Password administration//** to access the main menu of this function.

{{de:einstellungen:passwortverwaltung:2018-07-02_08h53_30.jpg|}}

When creating passwords, we distinguish between **//single accesses//** (1) and **//access groups//** (2). Old accesses are [[en:einstellungen:passwortverwaltung:passwortverwaltung#zugaenge_aendern_loeschen|deactivated]] and remain in the list (3). This is the only way to assign movements in the past. 
You also have the option here to define basic basic settings (e.g. automatic logout after a certain time, etc.) (4).  

:!: Please note that the password query must be switched on due to the cash register guidelines. 

===== Create individual access/password =====

An individual access is created if you want to give individual rights to a person. 

TIP If you have several employees who are to be given the same permissions, work with [[en:einstellungen:passwortverwaltung:passwortverwaltung#zugangsgruppe_anlegen|Access groups]].

Go to the menu via the button **//New//** button and select the desired option (single access or New entry as a copy of the selected one). 

{{de:einstellungen:passwortverwaltung:2018-07-02_09h00_02.jpg|}}


In the following dialogue, the desired settings are made to define the staff members' access rights. 

{{de:einstellungen:passwortverwaltung:2018-07-02_09h01_35.jpg|}}

====Authorisation====

  - Define a password for the respective employees after entering the name and the abbreviation. The newly created user can enter his or her own password when logging in for the first time. To do this, activate the function **//Must change password//** (5).
  - Define the account areas to which the corresponding user is to have access. The released account areas are listed separated by a semicolon (semicolon). {{en:einstellungen:passwortverwaltung:pwkontenbereiche.png|}}\\ So that you do not have to store the archives individually, you can work with e.g. UMSATZ;UMSATZ/*;CLUB. This would give the employee access to the account areas turnover and all turnover archives as well as the account area club. If you do not enter an account area, the employee has access to all account areas.
  - Now assign the individual access rights. Note that you also have different setting options for the different categories. For example, the following selection is available for persons: \\ {{en:einstellungen:passwortverwaltung:pwpositionauswahl.png|}}\\ :!: If an account belongs to a group and should also receive its permissions, it is sufficient to leave the individual categories set to "according to group". A description of the restrictions of the individual settings can be found further below in the chapter [[en:einstellungen:passwortverwaltung:passwortverwaltung#einstellung_der_zugangsrechte|Setting access rights]]
  - Passwords can also be assigned for a limited period of time. Define the time frame in which the access should be active. 
  - When an employee leaves, deactivate his or her password here. You should not delete the password under any circumstances, as otherwise all bookings made by the leaving employee will be set to N.N.. According to the cash register guidelines, it must remain visible who made the booking. 

====Special====

The password management of PC CADDIE allows you to regulate the individual passwords individually. For this purpose, there are several special functions and blockings (e.g. of individual fields, etc.) which can be stored under Special. These additional restrictions allow you to block individual specific fields for editing (an example of this could be the membership field in the person mask). You can find more on this in the chapter [[en:einstellungen:passwortverwaltung:passwortverwaltung#besonderes_einschraenkungen|Special/Restrictions]]. 

{{de:einstellungen:passwortverwaltung:2018-07-02_09h04_58.jpg|}}

The [[en:online:infodesktop:infodesktop|]] can only be activated here by the supervisor. 

====Groups====

Define the group(s) to which the selected access should belong. The advantage here is clearly the standardisation of rights and the time saved in contrast to individual installations. 

{{de:einstellungen:passwortverwaltung:2018-07-02_09h16_52.jpg|}}

You can find out more about this topic in the chapter [[en:einstellungen:passwortverwaltung:passwortverwaltung#zugangsgruppe_anlegen|Creating an Access Group]].

====CRM\DMS====

{{de:einstellungen:passwortverwaltung:2018-07-02_09h06_41.jpg|}}

  - If a task is created for a certain group, it can be determined here which of these group entries should also be displayed for this individual employee. 
  - If the employee opens a new CRM\DMS entry, this entry should be created or visible for the corresponding person or group by default. 
  - Via the settings of the Windows rights, it is possible that Pcc accesses Windows with other permissions than the logged-in user. This can be an advantage if, for example, form letters have to be created that are located in a folder to which the logged-in user has no access via the Explorer. 

====Details====

{{de:einstellungen:passwortverwaltung:2018-07-02_09h11_46.jpg|}}

  - These details are primarily informative. However, they become important if, for example, you have licensed the mail dispatch via PC CADDIE. You can configure the template so that the data entered here automatically appears in the mail. For this purpose the commands <USERNAME.> for the name, <USERMAIL.> for the mail address and <USERTELE.> for the direct extension number. 
  - If available, assign the access to the corresponding [[en:timetable:bereichebearbeiten:bereichebearbeiten|timetable area]]. This is especially important if you want to enter CRM appointments in your timetable. If you are working with PC CADDIE time recording, also tick the appropriate box. 
  - An absence message can be stored for each access and a substitute can be defined. This information is visible in the CRM system and in the timetable. Use this option if you are going on holiday or will be absent for a longer period of time. This will ensure that no CRM/DMS tickets are switched to you and remain until your return. If you become a deputy during your absence, you can enter this person here as a substitute. Your open entries will then be visible to your substitute and can be edited.   
  - If you are working with waiter locks, you can see here which code the key of the corresponding waiter lock has. [[en:einstellungen:programmeinstellungen:kassebedienerschluessel|operator lock]] has. 
===== Create access group =====

The same basic principles apply to the creation of access groups as to individual access. If you want to assign rights to an individual access that do not correspond to the standard settings of the access group (e.g. if an employee of a group should have more rights than all others), change this directly in the individual access. These settings have priority over the group rights. 

====Authorisation====

The settings here are identical to those for [[en:einstellungen:passwortverwaltung:passwortverwaltung#einzelzugang_passwort_anlegen|Individual access]] and apply to everyone who is assigned to the respective group. 

{{de:einstellungen:passwortverwaltung:2018-07-02_09h20_19.jpg|}}

The functions of the individual settings are described below in the menu Setting access rights.



====Special====

The restrictions under special are created in the same way as those in the tab [[en:einstellungen:passwortverwaltung:passwortverwaltung#spezial|Special]] of the individual access, except that they apply to the whole group and not to one person.

{{de:einstellungen:passwortverwaltung:2018-07-02_09h24_05.jpg|}}

=====Setting the access rights=====

How do I set the individual access rights? We have described basic information on the individual categories in the following table. For authorisations/blockings that only refer to individual functions or input fields in PC CADDIE, please contact our support.

Important: if an access is parameterised with "no", this "no" always has priority! Regardless of whether it is stored in the settings for the person or in those for a group, no is just no. If individual persons (for example, at the reception desk) are to be given more rights than others, then the corresponding setting (for example, for turnover) in the group (reception desk) must be set to "neutral" and the rights of the individual employees are given/denied directly to the corresponding person. The most frequently used special commands for additional rights or refusals are listed under the description of the settings. These must be entered in the respective access in the tab //Special// tab.

====Supervisor====
|no |No access to the //password management// in the **System menu**                                                  |
|according to group/neutral |No supervisor rights unless it is set to "yes" in the assigned group    |
|yes |In the **System menu** Access to password management. Has all permissions.                                   |                                        


====Persons====
|no |Can be selected in the **People menu** cannot access any option in the People menu and therefore has no rights to view personal data. |
|according to group/neutral |Group setting counts.               |
|all |Can do everything in/with the persons      |
|restricted |In the **People menu** access to //Send SMS, the CRM todo and day list, the duplicate check and// and to the //automatic allocation of playing rights// is blocked. In the **person mask** are the tabs //2. address, bank, info and memo// are deactivated. The feature 02 //Membership// cannot be edited. The date of birth and the entry and exit dates are hidden. The buttons //Copy, ASG/DGV card, Select no., Letter salutation// are greyed out, the button //Online// is greyed out, the release of the cross-link function is disabled. //Event, Cashier, Timetable// are dependent on the corresponding settings.        |
|only create new |In the **People menu** is the access to //Send SMS, the CRM todo and day list, the duplicate check and the// and to the //automatic allocation of playing rights// is blocked. In the **person mask** are the tabs //2. address, bank, information and memo// are deactivated; the date of birth and the entry and exit dates are hidden. The buttons //Change, Delete and Copy// are greyed out, the button //Online// button is hidden; the release of the function of the cross-links //Event, Checkout, Timetable// are dependent on the corresponding settings.  |
|Create new, only names |In the **People menu** only the access to //scorecards (print) and e-mail// is given. In the **person mask** are the tabs //Address, 2nd address, Bank, Info and Memo// are deactivated; the date of birth and the entry and exit dates are hidden. The buttons //Change, Delete and Copy// are deactivated; the button //Online// is hidden; the release of the function of the cross-links //Event, Checkout, Timetable// are dependent on the corresponding settings.      |
|look |In the **People menu** there is only access to Check Association Card, Appointment Window (open only), Telephone & Fax Message, E-mail (Supermailer not) and FTP Export. In the **person mask** are the tabs //Address, 2nd address, Bank, Info and Memo// are deactivated; the date of birth and the entry and exit dates are hidden. The buttons //New, Change, Delete, Copy// are deactivated; the buttons //Print, Word/Export and Online// are hidden. |

^ Command in the tab //Special eintragen://^Was this^What must be set|
^ PEED_NOCODE|Member number should be unchangeable|t.b.a.|
^ PEED_GEBD3|still be able to see the date of birth|t.b.a.|
^ PEED_ALL3|all 5 personal tabs are also visible to operators with only restricted rights (otherwise only the first two tabs are visible). | restricted |
^ PEED_GEDIT3|This makes guests editable, even if the rights for the logged-in user are restricted to "Create new only". | Create new only |
^ PEED_NOMERK03|Feature 2 (membership) can be viewed but not edited. This setting can be extended accordingly to features 3 and 4.|All restrictions|
^ PEED_HIDEMERK03|Feature 2 (membership) is completely hidden, also for print functions. This setting can be extended accordingly to features 3 and 4. There is no guarantee that someone will not still be able to access the data somehow.|all settings|
^ PEED_SECUINFO7|Additional blocking of corresponding line in tab **//Info//** (of additional fields e.g. Caddiebox etc.) possible (in the example field 7).|independent|
^ PEED_INFO07|To be entered for certain users or localities, so that editing of the corresponding info is possible for these users or workplaces.|independent|
^ SECU_IMMER_GEBD|The line with the date of birth, entry date and exit date can be edited, despite restricted rights for the persons.|t.b.a.|
^ PEDR_SECUALL|Print lists.  Personal rights are also sufficient, but nothing underneath such as "Create new"|t.b.a.|
^ INFO_ALL|The info window (with current information from the intranet, birthdays, etc.) is also displayed for staff members who do not have full access to people management.|For people rights below "All".|

====CRM====
|no |In the **People menu** there is access to the //Appointment window//but it cannot be edited. The alarm window opens for information, but can only be closed. The options //Todo list// and //Daily list// are locked. In the **Menu Settings** at //Programme settings// access to //CRM settings// is blocked. In the CRM window in the **person mask** only the button //Options// button is locked. All other functions are visible and editable/printable |
|according to group / neutral |**Group setting counts.**  |
|yes |Access to all functions in the CRM system except for the //basic settings//these are locked. In the **Settings menu** at //Programme settings// access to //CRM settings// is blocked.                                                  |
|restricted |In the **People menu** there is access to the //Appointment window//but it cannot be edited. The alarm window opens and can be edited. The options //Todo list// and //Daily list// are locked. In the **Menu Settings** at //Programme settings// access to //CRM settings// is blocked. In the CRM window in the **person mask** only the button //Options// button is locked. All other functions are visible and can be edited/printed. __Where is the difference here to no__ ???|




====Handicaps====
|no |No access to the master sheets. In **Handicaps menu** only the printout for //Player of the year// and //CR table// and the function //calculate all master sheets// activated. If the release is activated for //persons// is set to ALL, the print //HCP master sheet// and //Handicap list// will be released. If the release is set to //Tournament// is set to YES, the print //Handicap changes// and the function //Tournament completion// function are enabled. In the **person mask** you can activate the //intranet adjustment// can be started for all persons and the HCP can be changed. |
|according to group / neutral |**Group setting counts.**|
|yes |May do anything with the HCPs according to association regulations.               |
|restricted |Access to the master sheets, but existing entries cannot be edited and the button //Cancellation// button is greyed out. If the release is set for //persons// is set to YES, in the **Handicaps menu** all functions except //Delete master data sheet entries// are enabled.  |

^ Command in the tab //Special eintragen://^Was this^What must be set|
^ EDS_SECUALL|All staff, regardless of PW rights, can print and enter EDS.|t.b.a.|

====Turnover====
|No |In the **Turnovers menu** menu, only the operator's statement can be printed. In the **person mask** the buttons //Turnover account// and //discount// are hidden and the cross links //Checkout// is locked. No access to any other account area. The cash register and all options in the **menu 
Article** menu are locked. |
|According to group / neutral |**The setting in the respective group is decisive.**       |
|All |In the **Turnover and Article menus** all functions are enabled. In the **person mask** the cross-links //cash register// is blocked and there is no access to the cash register. Provided that under //Accounts// is not entered, access to the other account areas is given.|
|Restricted |In the **Turnovers menu** is the access to the functions //Automatic contribution allocation//, //Year-end closing (with all sub-functions)//, //Cash//, //Daily closing// and //Old financial statement detailed//, //Card payment and credit// blocked. In the **person mask** the cross-links //cash desk// is blocked. In the **Article menu** the function //Article with stock 0// is blocked. //Button// Discount in the payment window: this access is given by default - this can be varied with special parameters (see table below). Provided that under //Accounts// access to the other account areas is given.|
|See |In the **Turnover menu** are the functions //Automatic contribution allocation//, //Subscription list//, //Voucher list//, //Read Disk//, //Budget//, //Payment interface// and //charge-off of the direct debit//, //Accounting export//, //Annual financial statement// (with all sub-functions), //contribution types and articles//, //Checkout//, //Daily closing//, //Old balance detailed//, //List of price changes//, //Post open customers to account//, //Cash log//, //Cash book// and //card payment and credit// locked. At **Article menu** menu, all functions except the printing of //labels// and the //small article sheet (in which you can/can switch to e.g. article list).// Locked.|

Settings that refer to the articles:
^ Command in the tab //Special eintragen://^Was this ^What must be set|
^ ARED_EDITLOCK | Editing of articles is generally blocked. Therefore, it is better to use this command for specific persons or areas|t.b.a.|
^ ARED_VIEW3 | the article can be viewed, but not edited|look only |
^ ARED_NOTNEW | It is not possible to create new articles | Yes |
^ ARED_NOTNEWFG | No new articles can be created and no new colour-size combinations can be added to existing articles for further sub-articles|t.b.a.|
^ ARED_NONEGVAL | No negative stock change possible in the edit mask|t.b.a.|
^ ARED_DELNOTEFORCE | Stock changes can only be made with delivery note |t.b.a.|

Settings related to the cash register
^ Command in tab //Special eintragen://^Was this ^What must be set|
^ KASS_STORNO3 | Despite limited rights, the ARTICLE can still be cancelled in the cash register |look only|
^ KASS_RGSTORNO3 | Despite limited rights, the INVOICE can still be cancelled in the cash register |look only|
^ KASS_RABATT3 | Despite limited rights, discounts can be given |look only|
^ KASS_RABATT1 | Button discount in the payment window appears only with full access |Yes |
^ KASS_ABSCHLUSSALL | Daily closing may be carried out by all operators|t.b.a.|
^ KASS_AUTOLOCK:300 | the cash register is automatically locked after the defined time, the password request window appears after 5 minutes in this example, :300 (seconds) = 5 minutes |t.b.a.|
^ KASS_NONEG | Prohibits minus entries in the cash register |look only |

Settings related to the contribution account:
^ Command in tab //Special eintragen://^Was this ^What must be set|
^ BEED_NOTNEW | No contributions can be created in a contribution area either |t.b.a.|
^ UMSA_PRNTSECU2 | to be able to print a turnover statistic, one must have at least the right "RESTRICTED" for SALES. Persons who have only set "look" in the password administration for UMSATZ receive an error message => No authorisation |t.b.a.|


====Cards====
|no |In the **Menu Settings** at //Card system// only the vending machine control window can be opened but not edited. In the **person mask** the buttons //Card// and //Lock// buttons are hidden. |
|according to group / neutral |**Group setting counts.**               |
|yes |In the **Settings menu** at //Card System// the vending machine control window can be opened but not edited, access to //Print card list// and //Print usage list//. In the **person screen** is the button //card// button is visible but locked, the //Lock// button is enabled and also grants access to the card history.  Other special powers are regulated by parameters, among other things, see table below. |
|restricted |t.b.a.||




====Tournaments====
|no |In **Betting Games menu** the access to all betting game functions is blocked. The //Course & Event Module// can be opened and edited, the //Leaderboard// and the print //simple start time list// is enabled. In the **person mask** the cross-links //Event// locked|
|according to group / neutral |**Group setting counts.**  |
|yes |Free access to all betting game functions.|
|restricted |In the **Matches menu** access to //Enter players/Division of starting list//, //Export Tournament//, //Import Tournament//, //Annual course statistics//, //Result messages// (under multiple tournaments and golf weeks) and //Participants for several tournaments// locked. In the **main mask** are the buttons //Change// and //Delete// are greyed out. New tournaments can be created and existing tournament data can be copied in. Access to //Players// and to the //entry fee//function is blocked. Results can be entered and the tournament can be closed. Access to all print functions. Access to the settings in the buttons //Internet// and //Online// is given. In the person mask, you can access the multi-tournament entry and print there (theoretically also the list of participants for several tournaments), but you cannot enter the player for tournaments.          |

^ Command in the tab //Special eintragen://^Was this ^What must be set|
^ TURN_SELECTCLUB:TUR |Release password only for certain tournaments, e.g. if a captain is only allowed to edit certain betting games (tournaments) with his password. You can find the explanation of how to proceed here: {{de:pcc:wettspiele:passwort_turnier.pdf|}} |independent|
^ TURN_SELECTCLUB|As above, in this case the user code is automatically taken as the identifier. In the case of golf associations, it is thus possible to configure PC CADDIE in such a way that the golf clubs dialing in can only select their own tournaments for editing - the golf club user IDs must simply be assigned the four-digit national club number.|independent|

====Clubs====
|no |In the **Menu Settings** under //Clubs+Places// the access is only for //printing scorecards//, //import club addresses// and //exchange clubs in the personal data// released.     |
|according to group / neutral |**Group setting counts.**    |
|yes |In the **Settings menu** under //Clubs+Places// you have access to all functions. |

====Parameter====
|no |In the **menu Settings** at //Programme Settings// you can access the options //Lockers and Caddie Boxes//, //Green Fee Booking//, //FTP transfer//, //Swiss-Golf-Network//, //Cash register quick selection//, //Edit print templates// and //Configuration of the PC CADDIE interface// are given. In addition, the option //Additional information// option to swap or delete assignments and //Assign identifier to person group// and the button //Print// button can be accessed.|
|according to group / neutral |**Group setting counts.**            |
|yes |In the **Settings menu** is the access to the //password management// is blocked. At //Programme settings// access to ALL functions is given.        |
|yes, with password assignment |In the **Settings menu** menu, access to all functions and sub-functions is given.                    |

====Timetable====
|no |In the **Timetable menu** access is only possible to //Hotel room//, //Area overview//, //to the new course and event module//, //print simple start time list//, //transfer players to cash register// and //staff overview// given. In the **person mask** the cross-link Timetable is locked. In|
|according to group / neutral |**Group setting counts.**            |
|yes |In **Timetable menu** is the access to //Reminder, automatic actions//, //Statistics//, //Set timetable rules//, //Timetable colour settings//, //Timetable Administration// and //TT Self Service// locked. The functions //Edit areas// and //Edit timetable views// are opened, but cannot be edited. At **Timetable** all functions are available except for printing the //classical statistics// are enabled. These special powers are regulated by parameters, among other things (see table below).  |
|restricted |In the **Timetable menu** the authorisations are analogous to NO. In the **Timetable** no start times can be booked, copied or moved. Via the button //Print// you can only print the //occupancy list for this area// and the //bookings for one person// can be printed. In the **booking window** are the buttons //Book//, //Distribute// and //Post// hidden. **Question about the New button and the subsequent posting is with SK**   |

^ command in the tab //Special eintragen://^Was this ^What must be set|
^ TIME_AREAS:ABCD|TT booking only possible on a certain area. ABCD must be replaced by the abbreviation of the TT area. You can also allow for several areas, then separate them with commas|t.b.a.|

====Cash desk====
|no |In the **Turnover menu** access to the cash register is blocked. The //operator accounting// and the //payment terminal cash cut// can be made. At **Timetable** green fees can be collected.  |
|according to group / neutral |**Group setting counts.**  |
|yes |If the release at //Turnover// is set to NO, in the **Turnover menu** the access to //Cash register// only for the //operator accounting// and the //payment terminal cash cut// given. The functions //cash register log// and //cash book// are locked. In the **cash register** access to all functions including //Post deposits/withdrawals// is given. The execution of  //item or invoice cancellations// and access to the //articles// is blocked. No access to the //discount function// and to the button //Archive// (under Repeat). The blocked accesses are set via RESTRICTIONS (see the various tables for this). |

Note:
^ <secu_name.> |Place this command in the receipt layout so that the name of the person logged in from the password administration is also printed in a receipt, invoice. |
                                        



 





===== Change/delete accesses =====




You should not delete a user in the password administration, but rather block the access. Otherwise it is no longer possible to trace who did what and when. Only the person's ID is stored in the database and not the real name. 

If a new user wants to be created with the same identifiers that are already linked to an existing - albeit deactivated - access, PC CADDIE will send you a corresponding message. If an account has ever been deleted that had the same abbreviations as the new account, the new person is stored in all places where the old person was previously linked.

In particular, [[en:crm_erp:crmdms:crmdms]] users should always __not delete__ delete users. The blocked users are marked with a preceding "Z" or X in the password user administration. In addition, all tickets still open for the person leaving can be changed to another person.

{{de:einstellungen:passwortverwaltung:2018-07-02_09h35_20.jpg|}}


If you still have questions, please contact our support team.