Author: Nathan Batterbee - IT/Tech Support Specialist

BS&A Applied .NET Security Theory

General
Nathan Batterbee

The basics of computer security are more or less understood. A username is given a password and some permissions. If a user knows the username and password, they are given permission to print, run reports, or open files. The irony is that security frequently doesn’t become misunderstood until organization, with the intent of convenience, is applied.

Groups
Groups assign permissions to several usernames at a time. This is especially useful when permission to a feature needs to be given or taken away. Without groups, administrators would have to grant permissions one user at a time, whether there be 2 or 50.

The confusion introduced by groups is one of precedence. Should a user’s permissions conflict with its group’s, which permissions take precedence? In the case of BS&A, the least restrictive permissions do. So, should a user have permission to print and its group not, the user would be able to print. Conversely, if the user should not have permission, but the group does, then the user would still be able to print.

Active Directory Comparison
Active Directory controls permissions for Window’s networks. Comparing BS&A’s users to Active Directory’s removes the need to sign into BS&A’s software or memorize another username and password.
However, this sword has another edge. BS&A and Active Directory must agree on the credentials. Should a disagreement ever occur, the user would be locked out of BS&A’s software until it was resolved.

The Enterprise Admin
Presiding over all of this is the Enterprise Admin. The Enterprise Admin is a username and password that has permission to create users, assign permissions to users, and view everything. This access is given sparingly for obvious reasons.

Enterprise Admin access is usually granted at training. From that point on, BS&A will require the Enterprise Admin to log into the software before they can change, add, or remove any BS&A user. Furthermore, BS&A requires a written request, on letterhead, from the municipality’s supervisor or board member to make changes to the Enterprise Admin.

Why .NET?

General
Nathan Batterbee
A Brief Explanation of .NET
.NET is a library of pre-programmed functions. It provides our developers a quick, efficient way to add the features you’ve all come to expect from our programs: calculators, clocks, search fields, and windows, just to name a few. So in the same way a contractor might order a window from a lumber yard instead of building it himself, a developer can order a window from .NET.So, Why .NET?
Time is probably a company’s most valuable asset. Unfortunately, there is no way to create more, which is why investing time into improving its use is so worthwhile. By removing the need to build calculators, clocks, search fields, and windows from scratch, .NET saves valuable time. Because of .NET, BS&A is able to reinvest this time into developing feature-rich software at an affordable price.

Is the Upgrade Worth the Trouble?
The benefits .NET offers to BS&A are obvious; to our customers, less so. Features are nice, but why upgrade, especially when the older software works? The answer is .NET’s database engine, SQL. SQL has two advantages over the old database engine, Pervasive. The first is an intelligent database manager that has sole control over the data. The database manager keeps data and users separate, thus increasing data integrity as well as security. The second advantage is a tad ironic: SQL has become so “pervasive” that it is now the industry-standard. Because of its wide-spread use, there is a plethora of third-party software to perform backups, routine maintenance, data exports, and so on.

Do You Have Questions About the Upgrade?
Please don’t ever hesitate to contact us with any question or concern. We are here to help. You may call us toll-free at (855) 272-7638, or email us at [email protected].