Security Groups
Security Groups
In TransVirtual there is the ability to create Security Groups that can be used to control and monitor what each user has access to in your account. This article will detail how to create and edit Security Groups as well as how to assign users to a Security Group.
Note: This article will only be relevant for Management or SuperAdmin users of an account as only these users have the required access to make these changes.
1. To navigate the above page, go to Configuration > General > Security Groups, the security group list will display as shown below.
By default, your account will likely have SuperAdmin, Customer and Agent Security Groups.
A. SuperAdmin: Superadmin type users have access to everything in an account and this security level should only be provided to staff who are management/owners/directors/etc of a company.
B. Customer: Customer type users only have access to their own customer specific information such as any consignments they have in your account. By default, they are only limited to being able to search for and open any consignments where they are the customer or consignments that they have created.
C. Agent: Agent type users typically do not have access to anything in the web portal in your account except the Help menu. Agent logins are normally only used when your agent will login to your account and load and scan freight via a device; they don't typically need access to anything in your account.
Creating a New Security Group (Optional)
1. If required, you can create a new security group by clicking on the Add Security Group button at the top of the page, add a new security group popup will display as shown below.
When creating a new Security Group ensure you name the new group appropriately. The name should be reflective of the type of user that will be in this group.
2. Now fill the details as described below.
a. Default General Security: This means of the pages this group has access to in Transvirtual, what can they do with those pages? Can they make changes (Read/Write) or are they only able to view (Read) the page content? Typically, we would recommend leaving this as RW (Read Write) because each user will only have access to the pages they are approved to view.
b. Default Menu Security (recommend NONE): Similar to the above setting just at a menu level; for example, if a security group gets access to the Manifest column under the Home menu, if new pages are added to this section, will this group have access to these new pages by default (Read Write = YES means they would)? This setting also means if a group has been setup as RW here, then they will have access to ALL pages under that menu without you needing to provide access to the pages within that menu - for example, if you set a group to be RW access and give that group access to the Manifest menu, the group will have default access to all pages under the Manifest menu (Agent (Onforwarder) Manifest, Customer Manifest, General Manifest, etc).
We STRONGLY recommend leaving as NONE for all security groups; typically, the pages each user is able to view have been setup and approved and this should not be subject to change without approval first.
We STRONGLY recommend leaving as NONE for all security groups; typically, the pages each user is able to view have been setup and approved and this should not be subject to change without approval first.
c. Copy Security From: This can be used to assist with setting up a new security group. If you are creating a security group that is modified version of the default customer security group, you could set this field to copy settings from the default Customer group. When you do this the new group will be created exactly as the group it has been copied from making setup quicker and easier.
3. If needed, you can update the security group detail. To do it, first click on the applicable security group, the detail of that security group will display on the right side of the page and then follow the instructions as described in step 2.
4. Once you have created a new group you can modify that group by entering the Security Mode.
Security Mode can be enabled/disabled by clicking on the drop-down arrow at the top-right of the page near your login name and clicking the Enter/Exit Security Mode as shwon below.
- When enable it, it shows Enter Security Mode while disabling it shows Exit Security Mode.
5. Once in Security Mode has enabled, then you will see a series of padlocks appear next to each field and menu as shown below.
6. These padlocks allow you to edit the access a Security Group has to a certain page or to menus etc.
You do not have to create new security groups if you do not wish. The above simply explains how you can create new groups if you require - you may wish to create a new group that is a variation of an existing group - if so, the above is what you would need to start with.
Example - Security Group setup
In this example we are going to give the Customer Security Group access to the Customer Manifest page so that they can view their own Customer Manifests.
1. To do this, first enable the Security Mode as describe in the above paragraph.
2. Once you enable it, the page will automatically refresh and the padlocks appear, click on the padlock next to the home menu at the top of the page as shown below.
2. Once you enable it, the page will automatically refresh and the padlocks appear, click on the padlock next to the home menu at the top of the page as shown below.
3. As per the above, you'll see a series of configuration columns appear:
- Set Security: Used to define who has access to the field this padlock relates to.
- Security Groups: To define the general security for each group in relation to this field.
- Impersonate: Allows you to replicate what the group can and can't see within your login.
4. In this example will make use of the Set Security - most of the time this will be what you will use to make changes to a Security Group, click on the Set Security, then select Customer, then give them RW (Read Write) access as shown below.
5. When you click the Read Write option you will see this message appear on your screen indicating the settings have been successfully updated - the Customer Security Group has now had these settings applied:
6. From here, you then need to give the Customer group access to the Manifest column heading as the Manifest page sits under Operational task as shown below:
7. From here, give the Read and Write access to the Manifests column/section as shown above.
Remember, if wanting to give access to a particular page, you'll need to ensure that the Security Group you are modifying has been given access to each menu down, starting with the menus at the very top of the page (Home, Finance, EDI, etc) - for example, in our example the Customer Security Group will not be able to access to Customer Manifest page unless they have been given access to the Home menu and then the Manifest menu.
8. From here give the Customer group access to the Customer Manifest page as shown below.
To go to customer Manifest page, go to Transport > Operational Task > Manifests, click on Customer Manifest tab as shown above.
9. Now, enter the Customer Manifest page and ensure that there isn't anything in this page that you don't want to see the customers.
10. This page is simply a list of available Customer Manifests. Keep in mind that customers will only be able to see manifests where they are the customer, which will be different to what you can see (which is everything for all customers).
Typically, there isn't anything of too much concern to hide from the customer in this page, but please review to ensure so.
Each time changes are made to a security group it is advised that you check and ensure that changes are as expected.
11. If you need to restrict access for a particular field (or page), simply hover over the field/heading click Set Security, Customer, then click None to remove access for this security group as shown below.
The setup for our example is now complete as we were simply adding the Customer Manifest page to the access this group already had.
Checking the Setup Once Configuration has been Completed.
1. Once you have finished setting up/configuring a Security Group, you can impersonate their access to see what a user of this group can and can't see. To do this, hover over any padlock, click on impersonate, then select the group you want to impersonate and then click enable impersonation as shown below.
2. Now, refresh the page, and you'll see what a user of that group would see if they logged into TransVirtual through your account as shown below.
3. As you can see, the Menus at the top will display like the above if they only have access to a few pages. The Customer group in our example does not have access to the EDI, Finance menu etc.
Note: In the above image, when a customer logs in they would only see their own consignments and own manifests - this function applies by default where customer users can only see their own data.
4. To disable the impersonation simply hover over any padlock, click impersonation, then click disable impersonation. If setup is complete, you can exit Security Mode via the drop-down menu top-right next to your login name.
Note: Impersonation is a good way to see what each Security Group has access to. However, the best way to test and confirm all settings are as expected is to login as a user with that security access!
Adding/Changing a User's Security Group
1. The last thing to do after the Security Group has been configured is to put users into the new group (optional and only required if transitioning them to a new group).
2. If you want to add a new staff member to a particular Security Group, you'd need to do so from their staff card; Home > Card Files > Staff List > Double-Click appropriate user and enter their card and simply tick the group that this user should be part of, then 'un-tick' to remove the user from the previous group as shown above.
Note: Users can be added to multiple groups if required but this can cause conflicts and possibly unexpected results as, for example, one group may have access to something and the other doesn't. We recommend only allocating a user to ONE Security Group where possible as this can assist in ensuring all access is as expected.
3. When adding customer or agent logins via an agent or customer card, the type of login that user is assigned will be the default agent or customer login.
If you wish to add an agent or customer user to a different Security group, go to the Customer Card they are part of, click the logins tab and double-click the user login you wish to change:
1. It is not advised to provide a customer/agent login with staff-level type Security access.
2. If for any reason this is required, it is recommended that the user acquires a second, or new login, with the appropriate access.
3. Ensure thorough testing is carried out and all is as expected - before providing a user with access to you account.
2. If for any reason this is required, it is recommended that the user acquires a second, or new login, with the appropriate access.
3. Ensure thorough testing is carried out and all is as expected - before providing a user with access to you account.
Extra Information
1. When creating new logins, be that staff, customer or agent, they will acquire a default security group on creation as determined via the below settings in your account:
These settings can be found under Settings > General > Global Setup > General Tab > Scroll down and near the bottom-right within the 'Other' section.
2. If needed, you can double-click and change the initial group for each of these to be another group - please ensure to take care when changing these values.
Keep in mind that the question mark icons help explain what each setting does!
3. Changes to Security settings will take some time to reflect. Typically, it takes around 20 minutes for any changes to be seen. Keep this in mind when testing the setup of a new Security Group.
Related Articles
Invoice Groups
Invoice Rules Invoice Group - Customer and Agent Rule Setup Invoice Group rules in TransVirtual are used when you need to create multiple invoices for the same customer/agent within the same invoice period. The two pages that can be used to carry out ...Card Files (Staff)
Create a New Staff Card 1. To create a new staff card, in your Transvirtual web portal, go to Transport > Configuration and Setup > Card Files (Customers/Suppliers/Staff), click on Staff (Users) tab, the staff list will display as shown below. 2. On ...Dictionary List
Dictionary List In TransVirtual there is a page known as the Dictionary List. This list is a place that allows you to create things like scan tags, vehicle types, Customer Service Ticket Responses, simple lists that are used throughout TransVirtual. ...Global Setup
Global Setup General General Field Descriptions This section allows you to define default general settings for mobile devices. Auto Updates Enabled: As updates to the mobile application are rolled out, notifications will be automatically sent to the ...Google Authentication - 2 Factor Login
If required, Transvirtual can allow the setup of 2-factor authentication on logins, providing an extra level of security to your user logins. This feature is particularly useful when a user's login could become compromised. A user login may be ...