Comprehensive document security is a combined effort on the part of AIM software AND the Windows Server operating system.
AIM security controls search results within AIM. Windows operating system security controls access to attached documents in Sage 300 CRE.
Windows Security:
Each AIM document type will have its own folder under the TimberScan Image folder where all document images are stored on the server. Appropriate security should be placed on each AIM document type folder.
For example:
AIM Security:
In AIM, security is established for:
• AIM users - field level
• TimberScan users
• Document category
• Document type
• Company data folder (if applicable)
AIM Users in TimberScan User Maintenance:
There are four permissions in admin setup that determine whether an AIM user can (1) Acquire, (2) Entry (code), (3) Edit and/or (4) Search for a document. Addition permissions include AIM Approve, Route on the Fly, Override Route, Cancel Workflows, Send To, Reject Tasks, Attach Documents, Delete Documents, Remove and Add pages, and View All.
NOTE: In AIM version 1, only the AIM user who acquireed the document could code the document. This has changed in AIM v3 as documents acquired are sent to an entry queue where any user assigned to that entry queue can enter the indexing (coding).
TimberScan Users:
• Any TimberScan user with the “admin” login has full rights to all AIM setup options.
• TimberScan user rights are inherited. Users who see invoices based on coding will see all documents for that coding. For example, a TimberScan user who has rights to access invoices for job 03-001 will see all AIM documents for that job. Similarly, a user who has security to see invoices for a particular GL Prefix (Company) 10 will see all AIM documents for Company 10. To avoid inherited security, substitute an AIM Custom Field for the Sage 300 CRE field. In the examples cited above, use of a custom job or GL company field will mean that documents coded with those fields will not inherit any search rights based on TimberScan invoice viewing rights. This applies to Approval Groups as well as individuals. AIM V3 introduces other methods of security that include by document type or field access security that would allow the user to access all documents that have the value of that field indexed to it and that is assigned to that user.
NOTE: The “View All” permission in User Maintenance does confer search rights in AIM. With “View All”, a user can see all AP Invoices automatically indexed by AIM.
Document Category:
Users assigned to an AIM category can see ALL documents for that category regardless of how the document is coded. For example, users assigned to an Internal Payroll category will have search rights to all documents in this category, such as W4s and other sensitive documents.
Document Type:
Users assigned to an AIM document type can see ALL documents for that type regardless of how the document is coded. This narrows the search from the category level. For example, in a Public Payroll category, if a user is assigned to a type called Certificates, that user will only be able to search and have access to documents in the Certificates folder and no other folders in that category (unless assigned).
Company Data Folder:
In the case of multiple companies in multiple data folders, AIM search is limited to only documents within the logged-in company data folder.
Security Notes:
Users should not be assigned to Document Categories or Document Types if you want to restrict the documents they can search for to be limited to those coded/indexed to the criteria assigned to their routing rules and/or those indexes/codes assigned to them in AIM Users menu button – Field Access.
If users should only access documents based on certain criteria/ index coding and are not in an approval workflow, the criteria for what they can search for would be added in AIM User menu button – select the Field Access tab > Add Field Access button > Select the field and the value if the user can access ALL document types that have the selected value. In the document types tab – select the document types that can be accessed. Fields can be assigned to limit what documents can be accessed for that selected document type
If a user can access all documents within a particular Document Category regardless of coding, the user is added in the Document Category setup > Assigned Users tab. If a user can access all document of a particular document type, regardless of coding, the user in added in the Document Type setup > Assigned Users tab