Legler Systems Company | Features | Contact Us | Help | Home |

Accounting Software Security Features

The accounting software security features apply to the online accounting software by Legler Systems Company and result in improved access control, audit control, accuracy and completeness of information stored in the online database (DBSMST). Procedure DBxx refers to procedure number xx on the Database Control System menu.

The major accounting software security features are described below:

  1. Each time a data record is changed in the online Master File (DBSMST), the current system date, procedure number and User-ID that made the change are stored in the data record, so any time that record is queried the last user that changed it is identified.

  2. Procedure level access control is implemented for all users that have access to any financial procedure by setting up a User Control Record (DB08) which identifies the User-ID, user password and each procedure within each system that user can execute. For data entry procedures, a user can be limited to only query capability with no updating. User level security means that the user must first sign-on to the accounting software (procedure "ON") by entering a valid User-ID and user password before executing any accounting procedure.

  3. After three attempts to enter a valid User-ID and User-Password, error message "E228" is displayed and the financial application must be restarted. This access test provides added security by preventing automatic hacking programs from determining a valid user password.

  4. The user password is automatically encrypted before being stored in the online database for added security by the "PW" command on the main financial menu. Also, an edit is made to test the strength of the user password, if weak a warning message is displayed on the screen. A strong user password contains uppercase letters, lowercase letters, numbers and special characters.

  5. Once a user has signed on to the financial systems, that same User-ID cannot be entered to sign on from another terminal without first signing off the original terminal or personal computer. This feature is overridden by setting the Active-Flag to "M" for the User-ID in procedure DB08.

  6. Many codes are user definable, such as GL account code and location code. These codes are predefined by a Code Definition Record (DB01) before a code is entered and accepted by the system. Each group of codes is defined by a unique Code-Type (e.g. "AC" for account codes and "LC" for location codes).

  7. A master control record, Company Control Record (DB03), is referenced by all accounting procedures and this master record is used to control the current payroll periods and accounting periods, as well as other key system options used to customize the functioning of the financial software. Separate Company Control Records can exist for each application to minimize data entry problems (wrong accounting period) at month-end.

  8. User activity is recorded automatically by updating an indexed User Log File (DBSUSR) each time a procedure is executed by the user. The activity reports printed by procedure DB13 are based on this User Log File that identify the specific procedures and times the user performed them. The execution time is shown in hundredth of a second, as well as the number of disk file accesses.

  9. Departmental level control is available to restrict a user in one department when selecting and processing revenue/expense data. The GL account code structure must be defined to support a 2-digit department number plus a 4-digit account code. Refer to System-Option-26 in procedure DB03.

  10. All clerical procedures produce a hardcopy control report or detail accounting report for positive audit trail, except data entry and inquiry procedures.

  11. Multi-level transaction data logging capability for positive audit control. Just deleted data records are written to a separate Transaction Log File (DBSTRN.LOG) or the before and after image of any data records changed are written to the Transaction Log File depending on the setting of the Tranlog-Code in procedure DB04. Procedure DB15 is used to print these data records in the Transaction Log File.

  12. Accounting period control of financial related transactions is provided by a 4-digit number composed of year and month (YRMO) regardless of the date of the transaction. Separate accounting periods can be setup by application by specifying separate Company Control Records for each accounting application.

  13. Batch numbers (user assigned or computer assigned as the system date) are associated with a group of input documents for clerical control and balancing.

  14. Two alternative methods of passing (posting) accounting records from one application to another (direct or indirect) are available as a system option. For example, the AP system can create General Journal Records directly in the GL system (same online Master File) or can write the General Journal Records to a sequential Transfer File (DBSTFR) for subsequent importing by the GL procedure GL13 or exporting to an external computer application.

  15. The online Master File input/output operations are controlled by specifying a transaction code on data entry screens to identify the type of disk I/O to be performed for a single data record. A Trans-Code of "Q" is used to read (retrieve) a record from disk. A Trans-Code of "D" is used to delete a record from the online Master File. A Trans-Code of "M" is used to re-write (modify or change) a record to disk. A Trans-Code of "A" is used to write a new data record to disk.

  16. Individual transaction records in prior accounting periods (data already posted to the GL System) cannot be deleted in the current accounting period using a Trans-Code of "D". An adjustment in the current period must be made to correct an error in a prior period transaction.

  17. Purging of old data records from the online database is user initiated and controlled within each application module by a separate procedure available to supervisory personnel only. Whenever old data records are purged (physically deleted) from the online Master File, they are also written to the Transaction Log File for backup and safety. In this way, the user controls the amount of history to be maintained in the online database.

  18. Eleven support file names required by various applications are reserved. These support files cannot be directly entered by the user when defining external print file or export file to avoid accidental file destruction. Uppercase and lowercase file names and paths are considered the same.

  19. Any code field or master record can be flagged as "inactive" by using the Active-Flag field to prohibit an online entry, yet permit it to be retrieved for reporting purposes.

  20. The accounting period control ensures that the correct accounting period is closed, since both the current and prior accounting periods are predefined in the Company Control Record.

  21. All dates the user can enter must be valid (month and day), as well as fall within a predefined high-low date range specified in the Global Control Record (DB04). All date fields are internally stored in the YEARMODA format (8 digits).

  22. After all hard disk read, write, delete and re-write operations, the file status code (internally set by the operating system) is tested. Any unusual error condition is identified and the file status code is displayed at the bottom of the screen for operator follow-up.

  23. All numeric data, such as dates, accounting periods and dollar amounts are internally stored in the online database as binary (COMP format) in either 2 bytes, 4 bytes or 8 bytes. Binary data is difficult to read and interpret directly. To view numeric fields requires a record description (copy member) and computer program to convert these fields to a readable format.

  24. Each data record format in the online database is identified by a unique single character Record-Type code which is part of the primary key of ten characters. The definition of the primary key depends on the Record-Type code.

  25. The entry accounting period of new transactions must match the entry period in the Company Control Record to ensure the accounting transaction is recorded in the proper year and month (accounting period).

  26. Backup copies of all accounting data, programs and files can be written to a CD-ROM or USB flash drive or thumb drive for off-site storage. The burned CD-ROM or USB drive can be read on any personal computer to easily reprint accounting reports without copying data to a hard disk. Accounting data on CD-ROM cannot be changed.

More Information on the Software Security Features:

To receive additional information on the Legler Systems online accounting software, e-mail Bill Legler in the San Francisco Bay Area, California or go to the Online Business Accounting Software Overview page.

Version 11.8 (2018). All rights reserved by Legler Systems Company.