User's guide /



We at OBS look at the information security as a mixture of organizational and technical activities aiming to prevent security related incidents. Keeping the information safe and preventing unauthorized access to confidential information is crucial and requires a well-established company policy and constant efforts in that direction.

OBS ERP centralizes the information and provides it in a well-structured and easy to use way. In that regards, it is vital to define role based privilege groups allowing the users to access only the information they are allowed to. In addition, you need to terminate the access of leaving employees (preferably before their last working day). These are only few of the best practices that needs to be followed in order to keep you data safe. 

Good security practices recommended by OBS2GO and implemented in OBS ERP: 

1. Deactivation (withdrawal of access) of leaving employees before the last working day
2. Requirement of complexity of passwords - minimum 8 characters, including special characters and numbers
3. Restrict the access to an ERP system to certain IP addresses only
4. Obfuscation of personal data (GDPR)
5. Two-factor authentication
6. Regular overview of system access logs
7. Session termination after a specified time of inactivity
8. Regular verification of the access granted to employees

Privilege groups
OBS ERP controls the access to the information using role based privilege groups. For example, you might want to create the following groups:
  • Accountants - providing access to module "Finance" and "CRM",
  • HR - providing access to module HR,
  • Operations - access to the Time tracking module, projects and tasks,
  • Administration - full access everywhere
  • etc...
By default, OBS ERP creates only one privilege group - "Administrators". This group has full access to all ERP modules. 
Privilege groups are created via the module  "Privileges" located in Administration"-> Settings menu. The module allows you to delegate read or write permissions over an OBS ERP component to a user. 

Create a privilege group
Navigate to Administration -> Settings -> Privileges and click the Add button. Give the group a name and a short description and press "Save". After the changes as saved, you will see a full list of modules as shown on Fig. 1

Fig. 1

Choose "Read" or "Write" access where applicable and press "Save". This concludes the configuration of the privilege group. Now you can assign this group to a user in module "Administration" -> Settings -> Users

Create an user
Navigate to Administration -> Settings -> Users and click the Add button. Fill-in the form shown on Fig. 2 and press "Create". 

Fig. 2
This will create a new users. Please note the "Privileges" field. It allows you to pick a privilege group for the user. 
The field "Account owned by" is related to the "Staff" module. You can pick an employee you provide the account to. 

Alternative process for user creation:
You can create an user in module "Staff" -> Edit record -> Create user as shown below:

Select a privilege group and password for the account and then press "Submit" to complete the process.

Deactivate user account
You can terminate the access of an employee by click on switching off the "Active" checkbox in the user's profile shown on Fig. 2
IMPORTANT Note: cloud users are charged based on the number of users marked as "Active"

Two factor authentication
To enable two factor authentication, you need to click the "Settings" link on the bottom bar of OBS ERP, then click on "Security" and "Show two factor authentication status" 

Fig. 3

OBS ERP will generate a QR code and it will invite you to scan it with your favorite authenticator app.
Note: By the time of writing, the most popular is Google Authenticator, however you might use whatever you like. 
After scanning the code, your authenticator application will produce a code you need to fill in the form under the QR code shown on Fig. 3 

Then you need to click "Activate" to enable two factor authentication. 
From this step on, OBS ERP will require you to login with security code as well as password as shown on Fig. 4 and Fig. 5

Fig. 4

Fig. 5


OBS ERP implements AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197. In order to activate encryption in a certain module, navigate Administration -> Constructor -> Find Module -> Edit -> Activate "Encrypt uploaded files". This way the uploaded files in the module will be encrypted.

IP Address restriction
You may choose the IP addresses allowed to log in to the system. The setting is available at module Administration -> Settings -> ip_address_restriction 

With reference to the General Data Protection Regulation, the data on our servers is obfuscated, the passwords encrypted with AES256 (Advanced Encryption Standard) and the personal data - protected.