Search
User's guide /

Security

We at OBS look at the information security as a mixture of organizational and technical activities aiming to prevent security related incidents. Keeping the information safe and preventing unauthorized access to confidential information is crucial and requires a well-established company policy and constant efforts in that direction.
OBS ERP centralizes the information and provides it in a well-structured and easy to use way. In that regards, it is vital to define role based privilege groups allowing the users to access only the information they are allowed to. In addition, you need to terminate the access of leaving employees (preferably before their last working day). These are only few of the best practices that needs to be followed in order to keep you data safe. 

Privilege groups
OBS ERP controls the access to the information using role based privilege groups. For example, you might want to create the following groups:
  • Accountants - providing access to module "Finance" and "CRM",
  • HR - providing access to module HR,
  • Operations - access to the Time tracking module, projects and tasks,
  • Administration - full access everywhere
  • etc...
By default, OBS ERP creates only one privilege group - "Administrators". This group has full access to all ERP modules. 
Privilege groups are created via the module  "Privileges" located in Administration"-> Settings menu. The module allows you to delegate read or write permissions over an OBS ERP component to a user. 

Create a privilege group
Navigate to Administration -> Settings -> Privileges and click the Add button. Give the group a name and a short description and press "Save". After the changes as saved, you will see a full list of modules as shown on Fig. 1


Fig. 1

Choose "Read" or "Write" access where applicable and press "Save". This concludes the configuration of the privilege group. Now you can assign this group to a user in module "Administration" -> Settings -> Users

Create an user
Navigate to Administration -> Settings -> Users and click the Add button. Fill-in the form shown on Fig. 2 and press "Create". 

Fig. 2
This will create a new users. Please note the "Privileges" field. It allows you to pick a privilege group for the user. 
The field "Account owned by" is related to the "Staff" module. You can pick an employee you provide the account to. 

Deactivate user account
You can terminate the access of an employee by click on switching off the "Active" checkbox in the user's profile shown on Fig. 2
IMPORTANT Note: cloud users are charged based on the number of users marked as "Active"

Two factor authentication
To enable two factor authentication, you need to click the "Settings" link on the bottom bar of OBS ERP, then click on "Security" and "Show two factor authentication status" 

Fig. 3

OBS ERP will generate a QR code and it will invite you to scan it with your favorite authenticator app.
Note: By the time of writing, the most popular is Google Authenticator, however you might use whatever you like. 
After scanning the code, your authenticator application will produce a code you need to fill in the form under the QR code shown on Fig. 3 

Then you need to click "Activate" to enable two factor authentication. 
From this step on, OBS ERP will require you to login with security code as well as password as shown on Fig. 4 and Fig. 5

Fig. 4


Fig. 5

IP Address restriction

You may choose the IP addresses allowed to log in to the system. The setting is available at module Administration -> Settings -> ip_address_restriction