© Sage Software, Inc. All rights reserved. The Sage logo and the Sage product and service names mentioned herein are
registered trademarks or trademarks of Sage Software, Inc., or its affiliated entities. All other trademarks are the property of their
respective owners.
Managing and Understanding MAS500 User Accounts
with Sage MAS 500
Product: MAS 500 ERP
Description
This course is intended to provide you with information on how to manage and understand
MAS500 user accounts. Overview of maintaining user accounts, security groups, permissions,
license use, and logins are discussed. Topics that will be covered include:
Creating, Removing, and Modifying User Accounts
Enabling Security Groups for users and permissions
Understanding User License Consumption
Difference Between SQL and Windows NT Authentication Login process
Application Role and Its Purpose
Common Troubleshooting Tips for user accounts
Learning Objectives
At the end of today‟s session, you will be able to:
Add / Remove / Modify User Accounts
Learn to work in Security Group(s)
Understand User License Validation
Learn the differences between the SQL and Windows NT Authentication Login
Review Application Role and Its Purpose
Managing and Understanding MAS500 User Accounts
2 of 14
Creating New MAS500 User
Adding a new user for SQL and Windows account
System Manager, Maintenance, Maintain Users,
Type the name of an existing SQL Server or Windows user
If the user is in the current domain, the field adds the domain automatically when you
leave the field.
Assign Default Security Group, Task Menu, and Company
Save and Exit
Instruct new user to login and set password in User Preference (if using SQL login)
User Preference is applicable to SQL user login. System Manager, Tools, Users
Preferences
Managing and Understanding MAS500 User Accounts
3 of 14
Note: „SysAdmin‟ or System Manager user security group membership is required to
perform the tasks
Tip: Requiring Password can be enabled at Maintain Site “Require Password” in Option Tab
To create a logon for a user in a different domain, first create a SQL Server logon for the
user, then specify the user name with the domain in this format: domain\ login name.
Managing and Understanding MAS500 User Accounts
4 of 14
Removing /Deactivating Existing User Account
In order to remove existing user, user performing the task must have administrative rights to
SQL database and MAS500
System Manager, Maintenance, Maintain Users
Type or Lookup User Account
Use the Delete “X” button or CTRL-D (short key)Accounts Payable, Maintenance, Maintain
Vendors
Confirm the deletion by clicking OK
Permanently removing user name from database Delete user from MAS 500
(Maintain User task). Then open SQL Studio Management and delete the user from the
MAS 500 database and from the SQL server Security\Login folder.
Managing and Understanding MAS500 User Accounts
5 of 14
Note: Deleting the user from MAS500 will not affect the transactions history created by the
deleted user account. The user will remain in the user list but will have No status under “Is
Sage MAS 500 User” column.
Modifying Existing User Account
User can be assigned to multiple security groups for one or more companies; however, if the
user is assigned to more than one security group within the same company, the system grants the
user access permissions of the security group with the highest access permissions level.
Changing User Name
Once the user name is established, it cannot be changed. But can be added after removing the
user name from SQL database.
Reason : Editing the name in Active Directory does not assign a new SID (Security
Identifier). Thus, adding the new user name in MAS 500 uses values already in use in SQL.
Managing and Understanding MAS500 User Accounts
6 of 14
How to Set, Change, and Clear User Password (applicable for SQL login
users)
User can create password during initial login prompt screen
Admin can clear the user password from Maintain Users > clear Password button
SQL admin can clear password from SQL Server
UPDATE tsmUser SET DBPassword = NULL,
Password = NULL WHERE UserID = '<username>„
After executing the script above,
go to Server ROOT > Security (LOGIN) and clear out the password under Properties.
Managing and Understanding MAS500 User Accounts
7 of 14
Security Group(s) Assignment and Setting
Note: „SysAdmin‟ or „System Manager‟ user security group membership is required to perform
the tasks
Security Group(s) can be created to assign users to specific tasks, permissions, and roles. Benefit
of using security group includes time saving administration, global security settings, and efficient
user account management
System Manager, Maintenance, Maintain Security Groups
Type new security group name and description
Select Module ID from dropdown menu and assign appropriate permission level
To locate the permission tasks, use Display Tracker to identify the task
Levels of permissions are Excluded, Display Only, Normal, and Supervisory
Excluded - Prevent users in the security group to view the task. Task may be bypassed,
button not visible, or dialog box not display
Display Only – Allow users to view the data only. Users cannot change values or use buttons
Normal – Allow users to enter or change data. Buttons and Dialog boxes are available to
users
Supervisory – Allow users to enter or change data with administrative rights. Example, user
can post private batches. Positional roles dependency
Tips and Tricks for managing Security Group(s)
Identifying the task name using Display Tracker tool. On the Tools menu, click Display
Tracker. Look for Task Description from the tool.
Also can simply right-mouse click on task and select properties. Look for MAS500 Task
Name.
The task names on the grid can be sorted alphabetically by clicking on column header with
mouse
Managing and Understanding MAS500 User Accounts
8 of 14
Clicking on top left corner cell will highlight all task for master change
Use the Security List and User List Reports from System Manger
User License Consumption
There are two types of MAS500 User Desktop Licenses. First is called Standard MAS500 user
license and second is known as Business Insights (BI) user license. Both Licenses are consumed
or validated according to the task/application launch
Business Insights license consumed when following applications are launched:
– Business Insights Explorer
– Business Insights Analyzer
– Business Insights Dashboard
Example: A company purchases five (5) standard Sage MAS 500 application user licenses
and two (2) Business Insights user licenses. Seven sessions can be started with active tasks,
five standard application tasks and two Business Insights tasks.
User License Release
Both Standard MAS500 User license and Business Insights User license are released when user log outs of the MAS500 desktop.
Simply closing task(s) or view(s) will not release the license(s).
Changes for how MAS500 releases Licenses will be in 7.40 version
The license consumption will release when All tasks/application window close. Users will
NOT have to completely log out of the desktop.
Managing and Understanding MAS500 User Accounts
9 of 14
Understanding Windows Vs. SQL Authentication Login
MAS500 currently supports two types of login credential validation. Windows and SQL
Authentication method are used for MAS500 login. SQL Authentication is also known as Mixed
Mode.
Windows Authentication - Enables Windows Authentication and Disables SQL
Server Authentication
SQL Server performs the authentication itself by checking to see if a SQL Server login
account has been set up and if the specified password matches the one previously recorded
If SQL Server does not have a login account set, authentication fails and the user receives an
error message stating Login failed for user „xxxx‟
SQL Authentication (Mixed Mode) - Enables both Windows Authentication and SQL
Server Authentication. Windows Authentication is always available and cannot be disabled
SQL Authentication is the environment that all of your users are part of a Windows domain
In SQL Authentication, access to SQL Server is controlled by Windows account or group,
which is authenticated when you log on to the Windows operating system on the client.
Managing and Understanding MAS500 User Accounts
11 of 14
Enabling Windows Authenication for MAS500 Desktop
Client Configuration Utility is required for the following task. Windows authentication can bet
setup in two areas for MAS500 desktop.
Launch MAS500 desktop, Login window
Check „Use Windows Authenication‟ option box for current user
Alternately, setting can be set for individual or all MAS500 user using the Client
Configuration Utility.
All Programs, Sage Software, Utilities, Client Configuration Utility
Select Current User or All Users and check the “Use Windows Authentication” option.
Click OK
Note: The client configuration utility will apply changes to the the machine user only if “Current
User” is selected. The machine user must have MAS500 Database access
Managing and Understanding MAS500 User Accounts
12 of 14
Understanding Application Role Setting
Application role allows users to access Sage MAS 500 databases through the Sage MAS 500 client
software, but not other applications.
Application Role - database principal that enables an application to run with its own,user-
like permissions. You can use application roles to enable access to specific data to only those
users who connect through a particular application (MAS500).
User can perform normal processing against the data while in Sage MAS 500; however, this
user has no permissions against the database objects when using other applications such as
Query Analyzer, Crystal Reports, etc.
Important: If Credit Card is installed, you must select this check box for each user to
process credit card transactions.
„Allow Read Access‟ Option - Select this check box to grant users read-only access to Sage
MAS 500 databases from other programs. This check box is available only if the User
Application Role check box is selected.
Managing and Understanding MAS500 User Accounts
13 of 14
Common Troubleshooting Tips and Frequently Asked Questions
For additional information, please reference the following Knowledgebase Resolution IDs
via Sage InfoSource:
“Unable to set the application role - either the approle does not exist or incorrect
password”
When two database sets exist, the passwords must be the same for SQL Server logins and the
AppRole. The error mostly relates to some kind of data corruption of Role Password. Run
Maintain Site to re-set password for Application Role usually resolves the issue.
Knowledgebase Resolution ID: 1978
How to clear user passwords in Sage MAS 500
As an administrator, you can use the Clear Password function in System Manager / Maintenance
/ Maintain Users. If the Clear Password button is disabled, a password does not exist, you do not
have the necessary permissions in Sage MAS 500 or SQL Server to reset the password, or the
user is a Windows Authenticated login. Windows Authenticated logins are maintained at the
domain, not SQL Server or Sage MAS 500; however the login does need exist in SQL Server
and Sage MAS 500.
Knowledgebase Resolution ID: 1310
How to find the task description for a task to maintain security in Sage MAS 500
There may be instances where the task description to set the security for the task is not evident or
do not belong in the module that it is found. To figure out the task description and which module
it belongs, simply go to the task itself, right click and select 'Properties'.
Also can locate task description name by using Display Tracker tool
Knowledgebase Resolution ID: 518961
Managing and Understanding MAS500 User Accounts
14 of 14
How to produce a list that displays security and access permissions
There are two reports to list all MAS500 users security group information for administrative
purpose. The report will display security group codes, descriptions, and the assigned access
permissions
Knowledgebase Resolution ID: 525318
How to require password entry when loggin on to Sage MAS500
By default, password is not required for SQL user login accounts. However administrator can
enable the password requirement. "Require Password" box in Maintain Site needs to be checked
in order to require the password when logging in Sage MAS 500
Knowledgebase Resolution ID: 410908
Summary
You have learned how to:
Add / Remove / Modify User Accounts
Create and Change User Security Group(s)
Understand User License Validation
Learn the Difference the SQL VS. Windows NT Authentication Login
Enable the Application Role and how it affects MAS50