Updated: August 31, 2020 11:40am

Security

To use Prism, a user must log in with a valid username and password. All activity that the user performs is tracked and logged. Prism uses a role-based security system in which permissions to perform specific tasks are assigned to groups, and then employees are assigned to groups. To perform a specific task, the user must belong to a group that is assigned the appropriate permission.
The Prism Employee and Group Management areas enable you to define groups, assign employees to the groups and customize the permissions assigned to each group.
In addition, several Prism preferences provide additional tools to help retailers secure the POS environment, including:

  • Open Cash Drawer Prevents New Receipt
  • Require Customer option (Sale, Return, Manual Discount)
  • Auto Lock Workstation
  • Default Max Discount for Items
  • Required fields for individual tenders

First Login Security Considerations
The first time you launch Prism, you must log in using the default sysadmin/sysadmin credentials. These credentials enable you to enter the Admin Console - Connection Manager area and initialize the server with data from RIL. The Prism default SYSADMIN user is different from the SYSADMIN user in RIL. In Prism, the SYSADMIN user is read-only, as this user is not actually a person and is expected to inherit all permissions and assignments. This user will let you initialize Prism and configure Permissions. When initialization is complete, go into the Permissions area and configure permissions for security groups. Log out when finished and log in with a standard employee username/password.

Option Description
Allow If selected, group members can perform the task freely. Allow All: All permissions are set to Allow for the selected group.
Override If selected, group members can perform the task only if a manager or other override user logs in first. With Override selected, when a group member tries to perform the task, a login prompt is displayed. A user who belongs to a group with the permission must enter login credentials. Override All: All permissions are set to Override for the selected group.
If the Override radio button is selected, then when the employee tries to perform the task, a dialog is displayed. A manager or other user who belongs to a group with the "Allow" option for the permission must enter his/her username and password and click OK, and then RP Prism will allow the original user to perform the task. The override user is logged out and the original user is logged back in. If the action would require multiple overrides, the Multiple Permission Override dialog is displayed. This saves the override user from having to enter credentials into multiple separate dialogs.
Deny  If selected, group members are prevented from performing the task. The buttons or other interface elements associated with the task are disabled. Deny All: All permissions are set to Deny for the selected group.