Security Controls Currently Available in StingRay Vendor  Vendor
Audit security changes to user and group permissions.    
System and application controls MUST ensure that inputs are properly valued and completely recorded by system    
Provide security to limit the ability to create, maintain, view or delete information to only those areas that have responsibility for that information - down to the field level    
Security at field level    
Security at database object level    
Security at menu and sub-menu level    
Requires users to log on the system, providing a unique user ID that is passed through to subsequent levels of the system    
Passwords NOT displayed on terminals or reports    
Encrypted passwords when stored in security database    
Maintainable passwords by the user    
Forced password change intervals    
History of previous used passwords to prevent reuse    
Requires a minimum user ID and password length - (six characters)    
Lock account after X invalid login attempts    
Ability for security administrator to disable or reset the log on ID for any user    
Ability for Help Desk personnel to reset the login ID for any user    
Security administrator should not be able to view password    
Define activities each user is authorized to access; indicate a start/end date and definable hours    
Ability to interface to single sign-on. (Must be LDAP compliant)    
Allow for alpha-numeric passwords    
Role-based security    
Security integrated among all modules (including reports, interfaces, import/export, etc)    
Ability to copy group or user rights to another group or user    
Ability to prevent deletion of key financial data for both active and inactive data    
Lock objects while they are being edited/changed or processed by other users in the system    
Reporting      
Provide the ability to report security violations including the date and time of attempted access, the user ID under the attempted access denied and the reason why denied    
Ability to provide user/group/command/transaction permission or authorization listings    
Ability to provide Statistical reports (i.e. login history)    
User/group inclusion/exclusion down to the field level    
Apply user-based security to ad-hoc reporting, including field restrictions    
Flexibility to define import/export groups    
Provide a report highlighting the user security setup parameters by module    
Account disabled on no activity in X days