Administration & Security in Sourcing and Contract Management Version

Contents

Contents of this topic:

Links to other topics:

Search Online Doc
Spend Types
Current Release Notes

Overview

The following sections discuss administration and user security for Sourcing and Contract Management. This document is for System Administrators.

The Administration menu in the main Contents contains the tools for system administration at your site. In particular, the User/Security Settings panels let you define new users and give them access to the areas in which they will work.

To set up a user at your site, you need to enter identifying information and system feature authorizations for the user into the system. A user profile is the repository for user identity information, and for the security settings and permissions that give the user access to system capabilities and organizational/department data. A user profile includes the user's name, ID, password, email address, etc. When you create a new user profile for a staff member, you assign the user a role and a data profile.

A role specifies application areas and features — called role objects — that users assigned to the role may work with. For example, the Contract Manager role includes the ScheduleJobs role object, which lets the contract manager schedule the running of batch jobs as needed. Roles determine the features and functions that a user can access, and the level of access. Several roles are provided for your use when during implementation, but you can edit these, copy them, and create others.

Each user profile also has a data profile associated with it. A data profile specifies the regions, organizations, and departments whose data the user can work with.

Independently of role and data profile settings, you can allow a user access to patient data, or deny access. This topic is covered in detail in Securing Electronic Protected Health Information (ePHI).

Security

To display roles, data profiles, and user settings, you must have the "Administration" role object set minimally to View. Higher settings are required to create or edit user authorizations and security settings.

User Profiles

You can view a list of users, edit current user information, and add new users.

  1. From the Administration menu (Supply or Services tab) on the main Contents, click User/Security Settings > All Users.
    The list of users appears (Figure 1) with the Search panel on top. (You can use the Search box to look for individual users.)

Figure 1 - List of Users

  1. Click any User ID to view or edit user information.
    The User Info panel appears. From the User Info panel, you can add a note about the user, edit the user's profile, copy the user profile, audit user profile changes, or delete the user profile. If you create a note, the yellow note icon appears next to the user on the Users list panel (Figure 1). (See User Notes.)
  2. Click Create User to enter information for a new user. User roles and data profiles are explained in subsequent sections.

User Lists - Security

The contents of user lists is restricted by data profile and default organization. Table 1 displays user lists that are subject to data profile organizations and departments.

Table 1 - Users Lists and Locations

List Path
Users List Main Contents > Administration > User/Security Settings > All Users
Users by Data Profile Main Contents > Administration > User/Security Settings > Data Profiles >
    select data profile > Valid Users
Users by Role (Inquiry) Main Contents > Administration > User/Security Settings > Roles >
    select role > i > Users tab
Sign-on History Main Contents > Administration > User/Security Settings > Signon History
Security Log Main Contents > Administration > User/Security Settings > Security Log

The Signon History list allows you to monitor invalid sign-on attempts.

User Roles

When your system was implemented, several user roles were defined. You can assign these roles to users at your site, as needed, and you can create new roles as well. For quick setup of users, copy a role. Then, edit the copy to tailor the role to your own needs.

To view roles and role objects for your site:

  1. From the Administration menu (Supply or Services tab) on the main Contents, click User/Security Settings > Roles.
  2. The list of roles appears. Figure 2 is an example from the middle of a list.

Figure 2 - List of Roles

Role objects (sometimes called "security objects") define the system features that users in a particular role can work with. Figure 4 is a list of role objects for the Contract Manager role.
  1. To view the role objects associated with a role, click the Role. The Role Info panel appears (Figure 3).

Figure 3 - Role Info Panel

  1. Click Open Full View.
    The "Work with Role" page appears. The example in Figure 4 displays possible security level settings for a high-level user with some administrative privileges. Security level settings at your site will differ for various users.
  2. In the center of the page on the Role Objects panel, mouse over the role Object Name and click the edit icon next to any role object to change its security level.

Figure 4 - Role Objects for Contract Manager Role

What is a security level?

Users in different roles may have different levels of access set for the same role object, depending on their jobs. The Administrator assigns a security level to the various role objects in a user's role. The Security Level column in Figure 4 displays the settings. Security levels from greatest to least scope are:

All - Users can delete, create, modify, or view data.

Create - Users can view, modify, or create data.

Modify - Users can change data.

View - Users in the role can view data, but not change it in any way.

None - Users have no access to the data or function.
When the role object is set to None for a feature (such as Dashboards), the feature does not appear on the main Contents for the user.

To view user information and the user's role:

  1. From the Administration menu (Supply or Services tab) on the main Contents, click User/Security Settings > All Users.
    The list of users appears.
  2. Locate the user of interest.
  3. Click the User ID. The User Information popup panel opens.
  4. Click Open Full View.
    The "Work with Users" page appears (Figure 5).

Figure 5 - The "Work with Users" Page

Figure 6 - User Edit Panel

  1. Click the User Roles tab. (This tab is called "Security" in the stand-alone system.) The user's current role is in the Role field (Figure 7).
    - To add a role for a new user, or change a role, click the Role prompt and select a role. Then click Submit.
    - The Security Level field is for services contracts. If your site uses Sourcing and Contract Management, and has services contracts, see Security Levels and Contract Types in the services contract documentation. You will need to select a security level for the user, or accept the default.

Figure 7 - User Roles Tab on the Users Panel

To set role object levels

  1. Locate the role of interest on the Roles list (Figure 2).
  2. Select Role Objects. The list of role objects appears. The security levels have an initial default of All (unless you have copied a role).
  3. Next to a role object, click Edit. The Role Object panel appears.
  4. Select a new security level from the Security Level drop box. The choices are: All, Create, Modify, View, None.
  5. Click Submit. The Role Object list appears.
  6. Click Refresh to see the changed security level.

Role objects associated with Sourcing and Contract Management

The following security role objects are used in Sourcing and Contract Management:

Table 2 - Security Role Objects Used in Sourcing and Contract Management

Role Object Controls access to:
Contract The Supply Contract Workbench. Permits users to work with the key features
of Sourcing and Contract Management.
The setting must be View (at the minimum) to allow users to see the menu options.
To import contracts, the setting must be Modify or higher.
- The View setting allows users to search for a contract, and then drill down on the Items Found On count
or the Matched Items Found On count. Also, users can view contract item details.
CATables Tables containing contracts components: region, organization, vendor, manufacturer, and others.
(Applies to both supply contracts and services contracts.) This role object must be set to Modify,
at a minimum, for a user to be able to change table data;
for example, to create a region/organization association.
CAAnalysis The Analysis Workbench and analysis tools
Work with analysis projects.
ServicesContract Work with services contracts.
SharedSvcsAnalysis Analysis workbench for shared services contracts.
ContractSecurity The contract Security feature. The contract Security feature lets you identify the organizations/regions
whose users are allowed to view the contract.
CAAlerts Set up and edit alerts for other users.
PriceActivation Vendor price activation for supply contracts.
Dashboard Lets users view and (depending on the setting) configure dashboards.
CARegistration Lets user create entities and register them to manufacturers and vendors.
Users who register local vendors or manufacturers will need this role object set to "Modify" or "All."
(The default setting is "View.")
CADept Allows the user to edit supply department names in the Departments table.
(The default setting is "None.")
Used (mostly during implementation) to merge old and new contracts.
Work with documents attached to a supply contract
(controls the Documents tab on the "Work with Contract" page).
Also allows users to work with emails and notes on the Correspondence tab.
Work with documents attached to a services contract (controls the Documents tab
on the "Work with Services Contract" page).
Also allows users to work with emails and notes on the Correspondence tab.
Work with documents attached to an analysis project (controls the Documents tab
on the "Work with Project" page).
Also allows users to work with emails and notes on the Correspondence tab.
CAFees Incentive setup and monitoring.

Details about Role Objects

Contracts - The View setting on the "Contracts" role object allows inquiry only on a contract for users who can access the contract based on their data profiles and the contract's security level. Figure 8 is the information that View users can display.

CAAnalysis - Users must have a minimum setting of View to work with the Analysis Workbench.

CAProjects - Users must have a minimum setting of View to open the Projects feature. To create an analysis project, the minimum setting is Create. To add or remove an analysis group (spend for a group of items), the minimal setting is Modify. On the Group By and All Items views, to include or exclude items from an analysis group, the setting must also be Modify. To work with the Proposals tab, the minimum setting is View.

Minimal settings for the Proposals tab:
- Find a Proposal - Modify
- Find a Contract - Modify
- Create Contract Template - None
- Remove - Modify
- Use For Price Comparison - Modify
- Show Savings - Modify
- Add a Note - None

CARegistration - Allows users to register vendors and manufacturers.
The initial setting for this role object is View.

To perform these actions, the minimum setting for this role object is Modify:

CAAlerts - Allows you to set up and edit alerts for other users. For the Users with Alerts (setup) panel, the required settings are:

Add User – Create
Edit – Modify
Delete – All

ServicesContract - To open the Services Contracts Workbench and display contract information, users must have a minimum setting of View for this role object.
- To create a services contract, the setting must be Create or All.
- To delete a services contract, the setting must be All.

ContractSecurity (supply contracts) - The Contract Security feature lets you identify the organizations/regions whose users are allowed to view the contract. The list of organizations/regions is displayed when you click the Contract Info panel's Security link (Figure 8). Details about the contract security feature are in the subsequent section Restrict user access to a contract.

Figure 8 - Contract Info Panel Security Link

PriceActivation (supply contracts) - The security settings All or Modify allow the user to create vendor price activation headers for supply contracts. (Users with the role object Contracts set to View can activate items, once a header has been created.) At the setting Modify, users can also do these tasks:

Contract Lines panel: delete a contract line from item details.
Exceptions panel: accept or reject items and enter a rejection Reason.
Activate Vendors panel: deactivate items; deactivate all vendors, manually activate items.
Search Results panel for items: delete item details.

Important: Activating prices on a supply contract is not secured by the user's data profile. Price activation activates all selected items in a contract, regardless of the user's data profile settings.

CADept - Permits users to change department names in the supply Departments list (Administration > Region/Org/Department > Departments). Also, note that users can only display and work with departments permitted by their data profiles.

ContractDocuments - Requires a minimum setting of View to allow a user to see the Documents tab (SCM main Contents > Supplies > Contracts > Contract Workbench > open a contract > Documents tab). A setting of All is required to delete documents, emails, and other attachments. The actions available on the Correspondence tab are also controlled by this role object.

ServicesDocuments - Requires a minimum setting of View to allow a user to see the Documents tab (SCM main Contents > Shared Services > Contract Workbench > open a contract > Documents tab). A setting of All is required to delete documents, emails, and other attachments. The actions available on the Correspondence tab are also controlled by this role object.

AnalysisProjectDocs - Requires a minimum setting of View to allow a user to see the Documents tab (SCM main Contents > Supplies > Projects > open a project > Documents tab). A setting of All is required to delete documents, emails, and other attachments. The actions available on the Correspondence tab are also controlled by this role object.

Work with Data Profiles

Data profiles specify the department, region, and organization data that a user may access. A data profile is assigned to each user. For example, a buyer's data profile identifies which organizations the buyer can make purchases for. Many other features are sensitive to data profiles; for example, the Department table (Administration > Region/Org/Departments > Departments) only displays departments permitted by the user's data profile.

To create a data profile, you first define the data profile in a header and then add organizations and regions to the profile.

  1. From the Administration menu (Supply or Services tab) on the main Contents, click User/Security Settings > Data Profiles.
    The Data Profiles panel appears with a list of data profiles (if any have been established). See Figure 9.

Figure 9 - Sample Data Profiles List

  1. Click Create Data Profile. The Data Profile header panel appears.

  2. Complete the fields in the header.
  1. Click Submit. The Data Profiles panel reappears.
  2. Click Refresh to view the new data profile header in the list.
To add regions, organizations, and departments to a data profile:
  1. From the Administration menu (Supply or Services tab) on the main Contents, select User Settings > Data Profiles.
    A list of data profiles appears (Figure 9).
  2. Locate the data profile of interest.
  3. Click the data profile name. The Data Profile Info panel appears (Figure 10).

Figure 10 - Data Profile Info Panel

  1. Click Open Full View. The "Work with Data Profile" page contains tabbed panels for selecting organizations, region, and asset locations (Figure 11).

Figure 11 - The Work with Data Profile Page

  1. On the Regions panel, click Add Region (Figure 11, black arrow).
    The Select or Omit Regions panel appears.
  2. On the Select or Omit Regions panel, check the box in the Select column to add each region to the data profile. Uncheck the Select box to remove regions from the data profile.
  3. Click Submit.
  1. Click the Organization tab (Figure 11) to open the Organizations (Figure 12) panel,
  2. Click Add Org (red arrow).

Figure 12 - The Organizations Panel

The Select or Omit Organizations panel appears.

  1. On the Select or Omit Organizations panel, check the box in the Select column to add each organization to the data profile. Uncheck the Select box to remove organizations from the data profile.
  2. Click Submit.

Departments

  1. Click the Departments tab (Figure 11) to open the Departments panel (Figure 13).
  2. Click Add Department.
    Note: On the Departments panel, clicking View All Departments displays the complete list.

Figure 13 - The Departments Panel

The Select or Omit Departments panel appears.

  1. On the Select or Omit Departments panel, check the box in the Select column to add each department to the data profile. Uncheck the Select box to remove departments from the data profile.
  2. Click Submit.

The Asset Locations panel (click the Asset Locations tab, Figure 11) is similar to Organizations and Departments. You can add asset locations to the user profile by clicking the Add Asset Location link, and following the same steps as for departments or organizations. The Asset Location panel only applies to sites that have the  ERP Materials Management system.

Users
The Users panel (click the Users tab, Figure 11) displays a list of all users to whom the data profile is assigned.

To assign a data profile to a user:

  1. From the Administration menu (Supply or Services tab) on the main Contents, click User/Security Settings > All Users.
  2. Locate the user of interest.
  3. Click the User ID. The User Information panel pops up.
  4. On the User Information panel, click the edit icon to edit the user. The Users edit panel appears (Figure 6).
  5. Click the User Roles tab (Figure 7).
  6. Click the prompt for the Data Profile field and select a data profile.
  7. Click Submit.
    The data profile is assigned to the user.

Work with Departments, Organizations, and Regions

Your site's operational structure may include several organizations, each with multiple departments. One or more organizations can be assigned to a Region. You can view, edit, and create organizations, regions, and services departments from the Administration menu. You can also display and edit the names of supply departments.

Authority: To modify region, organization, or department tables, the user's "CATables" role object must be set to Modify, at a minimum.
Also, to edit a supply department's Name, the role object "CADepts" must be set to Modify or higher.

Departments

Two department tables are available: a table for services departments and a table for supply departments. Both tables are sensitive to the departments permitted by the user's data profile.

A list of departments appears.

Editing a supply department's name

For sites with the  ERP - Materials Management, spend is automatically generated from charge-to department transactions. The system enters departments used to generate the spend in the supply Department list. You can edit department names.

For sites with a materials management system from another vendor, Sourcing and Contract Management generates spend from the site's data upload. However, when the department name cannot be determined, the supply department list contains the entry "From department issue spend" for the department name. Users should edit the department and enter the correct department name.

To edit a supply department's name
  1. From the Administration menu on the main Contents, click Region/Org/Departments > Departments.
    The list of supply departments appears.
  2. Locate the department of interest and mouse over the department number.
  3. Click the edit icon . The Edit Department panel appears (Figure 14).
    (Note: The role object "CADept" in the user's role must be set to Modify or higher; otherwise, the edit icon will not work.)
  4. Edit the department name as needed.
  5. Click Save.

Figure 14 - Editing a Supply Department's Name

To create a services department
  1. From Administration > Shared Services, click Services Departments to open the Services Departments list.
  2. Click Create Services Department.
    The Department edit panel appears. Enter the department Name.
  3. Click Save.

Note: Services departments created from within Sourcing and Contract Management are not tied to an organization or department identifier. Essentially, creating a department this way only creates a department name, which you can use with the services contract Security feature.

To delete a services department
  1. Mouse over the department name.
    The delete icon appears.
  2. Click .
    - If the department name is not currently being used for security with any contract, the department name is deleted right away.
    - If the department name is being used for contract security, a confirmation panel appears (Figure 15).
  3. Click Delete.

Figure 15 - Confirming the Removal of a Department Name

To edit a supply or services department name
  1. Open the appropriate department list (supply or services).
  2. Locate the department of interest on the list and mouse over the department Name.
    An Edit panel appears.
  3. Make changes to the name as needed.
  4. Click Save.

Organizations

Your site may include several organizations, defined in its SCM tables. You can define groups for organizations and assign organizations to those groups. For example, you may have an organization group called "Clinics" to which you have assigned all the clinics at your medical center. Or, you may have a group of physical therapy centers for your medical center grouped under "PT."

To view organization information
  1. On the SCM main Administration contents (Supply or Services tab), click Region/Org/Departments > Organizations.
    A list of organizations defined for your site appears.
  2. Click any organization identifier.
    The Organization Info panel appears. Figure 16 is an example.

Figure 16 - Accessing the Organization Info Panel

  1. From the Organization Info panel, you can do the following:
To create an organization (Org):
  1. On the SCM main Administration contents (Supply or Services tab), click Region/Org/Departments > Organizations.
  2. Click Create Organization.
    The Organization edit panel appears.
  3. Complete the fields on the panel.
    Note: Click the Help button or ? help for details on fields.
  4. Click Submit.
To create an organization group (Org Group):
  1. Open the Create - Org Group panel from the SCM main Administration contents (Supply or Services tab) in one of the follow ways:
  2. Enter a unique identifier in the the Org Group field and a brief description of the group in the Description field.
    For example, an Org Group titled Rehab might have the following description: Group of all rehab centers in our system.
  3. Click Save.

Note: You cannot delete an Org Group once it has been created.

Assign organizations to groups

You can assign organizations to groups from two different locations: the Org Groups/Org Associations page and the Org Groups page.

To assign an organization to a group using the Org Groups/Org Associations page:

  1. On the SCM main Administration contents (Supply or Services tab), click Region/Org/Departments > Org Groups/Org Associations.
  2. Click the Add Org link below the Org Group to which you are assigning an organization.
    The Select Organization panel appears.
  3. Click Select next to the organization you want to add.
    The organization is added to your group.

To assign an organization to a group using the Org Groups page:

  1. On the SCM main Administration contents (Supply or Services tab), click Region/Org/Departments > Org Groups.
  2. Click the name of an existing group in the Org Group column.
    The Org Group Info panel appears.
  3. Click the Open Full View link.
    The Work with Org Group page appears.
  4. Click Add Org.
    The Select Organization panel appears.
  5. Click Select next to the organization you want to add.
    The organization is added to your group.

Note: When assigning organizations to Org Groups, the following information applies:

Add user-defined fields to an organization group

If user-defined fields are set up for your organization groups, you can enter values in the fields for each group.

  1. On the SCM main Administration contents (Supply or Services tab), click Region/Org/Departments > Org Groups.
  2. Click the name of an existing group in the Org Group column.
    The Org Group Info panel appears (Figure 16).
  3. Click the user fields icon .
    A panel appears for entering user field values (Figure 17).
  4. Figure 17 - Adding a User Field Value to an Organization Group

  5. Enter values as needed.
  6. Click Save.
To search for an organization
To search for an organization, use Search on the "Select Organization" page.
  1. From the Administration menu (Supply or Services tab) on the main Contents, click Region/Org/Departments > Region/Org Associations.
  2. Click Add Org under one of the organizations listed.
    The Select Organization panel appears (Figure 18).
  3. Figure 18 - Select Organization Panel with the Search Field

  4. Click the search icon to open the Search box (Figure 18).
  5. In the Search box, enter characters from the organization name, description, or any tag value that you have assigned to the organization.
    Note: Tags are a special type of free-form, user-defined field that allow you to assign one or more keywords to a contract, user, or organization. See Using Tags Fields for details.
  6. Click Search.

Regions

Large health care systems may contain regions to which hospitals and other organizations belong. You can create and display regions for your health care system, and assign organizations to each region.

To view region information
  1. From the Administration menu, click Region/Org/Departments > Regions.
    A list of regions defined for your site appears.
  2. Click any region identifier.
    The Region Info panel appears.
    From the Region Info panel, you can edit or copy the region; view audit information, output the region information to Excel, and assign a user field value to the region.
To create a region
  1. Click Create region.
    The Region edit panel appears. Complete the fields on the panel.
  2. Click Submit.
To associate an organization with a region:
  1. From the Administration menu, click Region/Org/Departments > Region/Org Associations.
    A list of regions appears. If organizations have already been assigned to regions, the organizations are listed under each region.
    Grayed out organization/region values are not available because access to them is not permitted by your data profile.
  2. On the Region/Org Association panel (Figure 18), locate the region that you wish to assign the organization to.
  3. Click Add Org.
    A select list of organizations appears.
  4. Locate the organization of interest on the select list.
  5. Click Select.
    The Region/Org Association panel refreshes, and the organization is added to the region.

Displaying the Signon History List and the Security Log

The Signon History list and the Security Log let you see who is signing on to Sourcing and Contract Management, and monitor invalid or unsuccessful sign-on attempts.

To access the Signon History list and the Security Log,

Figure 19 - Accessing Security Data from Administration

Figure 20 is an example of the Signon History panel.

Figure 20 - The Sign-On History Panel

The Security Log lists invalid sign-on attempts and the reason the sign-ons are invalid; for example: "Invalid password," "User account is not active," "User password has expired," etc. The information also includes the user ID, user name, IP address, and sign-on URL.

Figure 21 is an example:

Figure 21 - The Security Log

Allow User Access to a Supply Contract Based on Organization/Region

The contract security feature lets you specify the organizations/regions whose users are permitted to access the contract. The Security link on the Contract Info panel displays the organizations/regions for selection.

Note: Services contracts also display departments, in addition to organizations and regions. You can restrict a user's access to a services contract by department. See the section Shared Services Contract Security.

Selecting an organization/region (or a services contract department) limits access to the contract only to users with those organizations/regions (or departments) in their data profiles. If no organizations/regions (/departments) are selected with the Security link, all users can access the contract.

To allow user access to a supply contract based on an organization/region:

  1. Click Security on the Contract Info panel (Figure 8) to display regions; organizations associated with regions; organizations not associated with regions (Figure 22), and for services contracts, departments (Figure 23). Each organization/region/and department has a select box.
  2. Click the select box to make the contract available to users in the organization/region/department. Users in other organizations/regions/departments will not see the contract.
  3. Click Save.

Note: For services contracts, you can also change the Security Level from this panel. See Raising a services contract's security level setting.
Also, in services contracts, you can set security for users in a department as well as in organizations/regions. See Allow User Access to a Contract Based on Organization/Region/Department.

System alerts displayed on the My Alerts panel take into account the organization/region/department security limitation: Users do not receive alerts for contracts that they are not able to view.

Figure 22 - Organizations/Regions for Restriction on a Supply Contract

Figure 23 - Organizations/Regions/Departments for Restriction on a Services Contract

Access to the Security link on the Contract Info panel requires the setting Modify for the "Contract Security" Role Object, at minimum. If the role object setting is View or None, the security link is grayed out. A discussion of this role object is in the previous section Role objects.

A report object - "Supply Contract Security" - lets you identify supply contracts that have been secured, and those that have not.

Fields are:

ContractBeginDate
ContractEndDate
ContractEntity
ContractName
ContractNo
Org
OrgDesc
Region
RegionDesc

Creating a File of MIN Changes for Export

When contracts contain corrections or changes to MIN (Manufacturer Item Number) values, you can write the changed MIN values for all contracts to an Excel worksheet. You can then export the worksheet to merge the changes into your item file.

To create the Excel worksheet:
  1. From the main Contents (Supplies or Services tab), select Administration.
  2. On the Other menu, click Get MIN Changes (Figure 24).

Figure 24 - The Administration Contents

A prompt appears for opening or saving the Excel worksheet of MIN changes.

  1. Click Open to view the changes.
    The worksheet appears. Figure 25 is an example.
    - You can alternately choose to Save the worksheet directly to a network folder without opening it.

Figure 25 - Sample MIN Excel Worksheet for Download

- Click File > Save As on the Excel toolbar to save the worksheet to your local network for import to your item file.

Alternately,

For sites that have Sourcing and Contract Management as a stand-alone application,

Setting Up IP Address Access

Your site probably has a key group of users who work with Sourcing and Contract Management all the time. You may also need to grant access to users with computers that have IP addresses outside of the key group. For example, you may have users in another building, or in a remote location. Or, you may wish to give some users access from their home computers.

You may also wish to restrict access to an IP address that would normally belong to the main group. For example, you may have a special purpose computer that you do not want to be used for work with Sourcing and Contract Management or Materials Management.

You can control access based on a computer's IP address. The setup process for IP permissions has these components:

  1. Discuss your need for access by IP address with the Help Desk. The Help Desk will set a system parameter to enable IP address permission.
  2. For users at your site, set the Restrict access using IP Permissions field on the relevant user profiles. This field is on the Users edit panel -- General tab).
  3. Enter the users' IP addresses into the IP Permissions list, and set access to "Yes".

To create restrictible IP addresses and set access:

  1. From the main Contents (Supplies or Services tab), select Administration.
  2. Select Tables > IP Permissions.
    The IP Permissions table appears with the list of IP addresses in the left column.
  3. To specify an IP address, click New. The IP Permission panel appears.
  4. Enter the IP address and a description.

    The elements of an IP address are called "octets." Each octet has one to three digits, and every IP address has four octets.
    The value of an octet can range from 0 to 255. Only integers are valid in an octet; alphabetical characters are not valid.

    You specify an IP address as four octets separated by periods. For example, 152.163.9.2. If you want to set the IP permission
    for a group of IP addresses, you can enter a mask. You create masks using wild cards, positional substitutions, ranges, and lists. For example, 181.169.* .* is an IP address mask. The asterisk (*) is a wild card and matches any value. So, this mask will include IP addresses from 181.169.0.0 to 181.169.255.255.

    Here are the characters that you can use for masks:

    *   Represents any value.

    ,   (comma) Separates individual values.
        For example, 245.120,124.333.17 means 245.120.333.17 and 245.124.333.17.

  5. :   Indicates the beginning and end of a range.
        For example, 245.120:124.333.17 means all the values between (and including) 120 and 124 in the second octet:
        245.120.333.17, 245.121.333.17, 245.122.333.17, 245.123.333.17, 245.124.333.17

    ?   Positional wild card. Matches only as many elements as there are question marks.
        For example, ? matches 0 to 9, but not 10 because 10 is two places. ?? matches 10 to 99.

    [ ]   Optionally groups numbers and operators together, as needed, for clarity.
        For example, 245.122.199,20?.[17,20:24].

  6. Check the Activate box if you want to grant permission for the IP address to access Sourcing and Contract Management.
  7. Leave the Activate box unchecked if you wish to prevent the IP address from accessing Sourcing and Contract Management.
  8. Click Submit. The IP Permissions list appears.
  9. Click Refresh to see the new IP address and its access setting.

    Note: You can edit the IP address at any time to change access, without deleting and re-entering the address.

View the Connector Status

Connectors are database-specific routines that extract purchasing data from other manufacturers' supply chain products, and make the data available to Sourcing and Contract Management. When the application finishes working with the purchasing data, it sends updates back to the database via a connector.

The Connector Status panel provides information on the entire connector gateway, and on each running connector. Connector errors are displayed so that they can be worked.

Notes on specific systems:

Lawson - The Lawson connector sets the vendor agreement effective date to the "contract start date" when creating or updating a vendor agreement.

To view the connector log:

Restricting PO/Invoice Price Change on Contract Items:  ERP - Materials Management

For hospitals with Materials Management, price changes to contract items on a purchase order, or during invoice matching -- clearing a price exception -- can be restricted for individual users, organizations, and entire hospitals. The restriction forces payment of an invoice at the PO price.

The field Restrict PO/Invoice Price Change on Contract Items restricts contract item price changes.

Figure 26 displays the restriction field on the User Profile Authorities tab. Figure 27 shows the field on the Organization MM Information tab. Figure 28 displays the field on the System Values Other tab. When the field is selected (as in Figure 26), the restriction is in effect for the particular level (user, organization, or site-wide). When the field is not selected, price changes for contract items are allowed.

Figure 26 - Restricting Contract Item Price Changes at the User Level

Figure 27 - Restricting Contract Item Price Changes at the Organization Level

Figure 28 - Restricting Contract Item Price Changes at the System Level for an Entire Site

To use the restriction at the different levels:

User:

- If the restriction is not selected in a User Profile, the user can change cost/exception prices, as long as the restriction is not set at either the Organization or System Values level. Also, the user can select the Invoice Correct field when clearing price exceptions for contracted items.
- If the restriction field is selected, the user cannot change prices.

Organization:

- If the restriction is not selected, users in the organization -- who are not restricted individually -- can change contract item prices in purchase orders and invoices.
- If the restriction field is selected for the organization, no user in the organization can change prices.

System:

- If the field is not selected, price changes can be changed at the organization level and/or the user level.
- If the restriction field is selected in System Values, no one at the site can change a PO price for a contracted item.

Changing User Passwords

A user can change his/her own password.

Password Rules
  1. A password must contain characters from at least three of the following four categories:
  1. Passwords must contain at least eight characters, and no more than 15.
    (If you try to enter more than fifteen characters, a warning sound occurs, and you cannot type any further in the field.)

    - Examples of good passwords: #BeMeUp?, Oh3$TWO73, 17#51Prym.
    - Examples of "not-so-good" passwords: Password1, JanSmith3.

    Figure 29 and Figure 30 show a user in the process of changing her password to "#maserati".

Figure 29 - Change My Password from the Administration Menu: Selected Password is Weak

In Figure 29, the user has included only two of the four criteria: the password is long enough, and has a special character "#". Notice that the system provides feedback that the password is weak. This information appears as she is typing.

In Figure 30, the user has capitalized "M." This password is strong, and the system will accept it. The user could also have entered: "#8Maserati," which would be even stronger.

Figure 30 - User Has Entered a Stronger Password

Passwords must be changed periodically. The Customer Record for a site contains a field that determines how often passwords must be changed. This field is set at implementation following discussion with the site.

Similarly, a field for password aging is also on the customer record. This field sets the quantity of previous, different passwords remembered by the system for a user. The default is 20 passwords. A password cannot be reused if it is one of the passwords in the system's memory.

Note: If you need a default value higher than 20, contact the Help Desk.

You can change your own password from the Administration contents: User/Security Settings > Change My Password. Also, you can change your password from the User Information panel.

Similarly, administrators and others authorized to change user data can change a user's password by opening the User Information panel from the All Users list.

To voluntarily change your password or another user's password:
  1. Open the Change Password panel (Figure 31) for yourself, or for another user.

The Change My Password panel appears (Figure 31).

Figure 31 - The Change My Password Panel

  1. Enter your current password (or the other user's current password) in the Current Password field.
  2. Select a new password and enter it in the New Password and Confirm New Password fields.
    Be sure to follow the rules described on the panel, and previously.
    (Note: You can use up to 15 characters. If you try to type 16 characters, a warning sounds.)
  3. Click Save.
  4. Click Sign Out, then sign in again using the new password.

Expired Passwords

When you log in with an expired password, the password needs to be changed. In this case, the Change My Password panel appears, instead of the normal table of contents (Figure 32). The process is the same as if you were changing your password voluntarily. Except, the Current Password field does not appear.

Figure 32- Changing an Expired Password

To change an expired password:
  1. Select a new password and enter it in the New Password and Confirm New Password fields.
    Keep the rules in mind.
    (Note: You can use up to 15 characters. If you try to type 16 characters, a warning sounds.)
  2. Click Save (Figure 32).
    The panel refreshes, and Sign Out appears.
  3. Click Sign Out, then sign in again using the new password.

Display Audits of Data Profile and Role Object Changes

An audit facility is available on the Data Profiles lists and the Roles and Role Objects lists.

Data Profiles

Links to audited fields for a data profile are located on the "Work with Data Profile" page, Figure 33.

To display audited changes to the data profile's general information
  1. From the Administration main Contents, select User/Security Settings > Data Profiles.
    A list of data profiles appears.
  2. Click a data profile.
    A summary information panel appears.
  3. Click Menu > Open Full View.
    The "Work with Data Profile" page appears.
  4. Click the audit icon on the Data Profile Info panel (Figure 34, red arrow).
To display audited changes for Regions, Organizations, Departments, or Asset Locations
  1. Click the appropriate tabbed panel (Figure 33 displays the Regions panel).
  2. Click the audit icon on the panel (Figure 33, purple arrow).

Figure 33 - The "Work with Data Profile" Page

Roles and Role Objects

Links to audited fields for roles are located on the "Work with Role" page, Figure 34.

Figure 34 - The "Work with Role" Page

To display audited changes to a role's general information
  1. From the Administration main Contents, select User/Security Settings > Roles.
    A list of roles appears.
  2. Click a role.
    A summary information panel appears.
  3. Click Menu > Open Full View.
    The "Work with Role" page appears.
  4. Click the audit icon on the Role Info panel (Figure 34, red arrow).
To display audited changes to role objects' security settings:

- Click the audit icon on the Role Objects tabbed panel (Figure 34, purple arrow).

Inactive Users

The system provides a grace period for inactivity so that users who do not sign on to the system every day are not deactivated. The grace period is determined by each site, and set at implementation or by the Help Desk.

A process in the nightly maintenance procedure sets active users to inactive if they fall outside the inactive grace period determined by their site.
The process checks whether any user ID's NoActivityLockoutPeriod has expired. If the period has expired, then the Active YN flag is set to 0.

An audit record is created: AuditSource = 'Routine Maintenance' and AuditReason = 'No activity lockout period exceeded.'
System administrators can also view the sign-on history and security activity for their site. (See Displaying the Signon History List and the Security Log.)

Audited Fields on the User Record

The following fields are audited on the user record:

Active YN
Role
Data Profile
Hide Financial Data YN
Hide Medical Data YN
IP Restriction YN
Password
Lock Out Counter
Lock Out Date
Last Used User
Report Security Profile
Email Address
User Security Level

Miscellaneous Features on the Administration Menu and the Search Page

You can access several features (listed in the table below) from the main Administration contents. For example, you can view a log of contract activations by clicking on an Administration contents link.

The Administration Admin menu appears in Figure 35. Scroll down for the Tables menu.

Figure 35 - The Administration Admin Menu

Location of links for miscellaneous features

Several areas in the Administration contents are documented with the relevant features. For example, Tables - Shared Services topics (e.g., Approval Groups and Service Levels) are outlined in the Services Contracts chapter.

Below are administrative topics that are not discussed elsewhere.

Table 3 - Miscellaneous Features for Administration

Connector Status Location:
Administration contents > Admin menu
Clicking this link displays recent activity for connectors.
A connector is an element of the application used to pass data between
Sourcing and Contract Management and stand-alone MMIS systems, such as Lawson.
Only sites with an MMIS from a vendor other than  have connectors.
See View a Connector's Status for details.
Location:
Administration contents > Admin menu
Clicking this link displays the Document Management Setup panel.
You can create a new document group, and add new sub-groups within the same group.
You can also define Status values to assign to documents.
When you add documents to Supply Contracts, Supply Projects, and
Shared Services Contracts, you can add them to a document group and sub-group.
This makes it easier to drill down and view documents within a specific
contract or project, and by a certain group and sub-group.
See Manage Supply Contracts, Analysis Projects, and
Work with Shared Services Contracts for details.
Location:
Administration contents > Admin menu

Lists items that your site has designated as "non-contractible."
See Identify Non-Contractible Items.

Open Batch Jobs Location:
Administration contents > Admin menu
Displays batch jobs that have been opened. Batch jobs run in asynchronous mode.
Price Tolerances Location:
Administration contents > Admin menu
Sets a system tolerance for price changes. See Setting Price Change Tolerances.
Scheduled Jobs

Location:
Administration contents > Admin menu
Displays a list of scheduled jobs. You can create, edit, or delete a scheduled job.
See Set Up Schedules for Batch Jobs.

Weekly Purge Location:
Administration contents > Admin menu
Allows administrators to purge obsolete records, such as old archived reports.
If you are also using  ERP, you may be interested in the
retention times table in Periodic Maintenance Tasks - Purging Obsolete Information.

Location:
Administration contents > Tables menu
Lists benchmarking companies that you use to compare item prices against
benchmark prices in analysis Projects. See Analysis Projects.
Contract Price Activations Log Location:
Administration contents > Tables menu
- The Contract Price Activations Log is a single, searchable list of price activations
for all contracts.
- For individual contracts, on the "Work with Contract" page Actions panel,
click View Contract Price Activations Log to display activated/deactivated items,
dates, and prices for the contract.
Delivery Locations for Distribution Location:
Administration contents > Tables menu
Delivery locations for distribution are used with incentives that have the header field
Include spend for... set to: All Spend from Internal Distribution Center.
See Set Up and Work With Incentives.
Enter External Stats Location:
Administration contents > Tables menu

This table is a convenience for sites who wish to have quick information
about key operating statistics while using Sourcing and Contract Management.
You can enter and display these statistics for your site:
Total Operating Expense
Net Patient Revenue
Adjusted Patient Revenue
Adjusted Discharge. To enter a statistic,
- Click the name of the statistic that you wish t enter in the filter on the left.
- Mouse over any month. The edit icon appears.
- Click the edit icon. The edit panel appears.
- Enter the value and click Save.

Group Purchasing Organizations Location:

Administration contents > Tables menu
Lists GPOs. You can edit GPO records from the list.

Location:
Administration contents > Tables menu

Contains the types of incentives that your site has defined for use with contracts.
You can define new incentives from this location. See Set Up and Work With Incentives.

Location:
Administrative contents > Tables menu Sets up and lists IP addresses
for remote/special users. See the previous discussion.
Payment Terms Location:
Administration contents > Tables menu
Payment terms are a payment schedule -- an agreement between a paying organization
and a vendor. Your site may have several sets of payment terms for different
vendors and organizations. Once you define a set of payment terms in this table,
you can associate the terms with any vendor who offers them.
- To define new payment terms, click Create Payment Terms.
- To delete or edit existing payment terms, click a name in the Payment Terms column.
A panel appears with icons for editing, copying, and deleting the payment terms.
Location:
Administrative contents > Tables menu
Lists and lets you define phases for your analysis projects.
You can assign a phase to a project as you move through the project activities.
Units of Measure Location:
Administration contents > Tables menu
Lists the units of measure established for your site.
- To define a new unit of measure, click Create Unit of Measure.
- To delete or edit existing units of measure, click the unit of measure name.
A panel appears with icons for editing, copying, and deleting the UOM.
From the panel, you can also establish an alias for the unit of measure.
UNSPSC Codes Location:
Administration contents > Tables menu
Lists UNSPSC codes.

Location:
Administration contents > Tables menu
Lets you define and use custom fields in various application elements,
such as contracts, projects, and others. See Work with User Defined Fields.
Signon History Location:
Administration contents > User/Security Settings Menu
Lists.
Security Log Location:
Administration contents > User/Security Settings Menu
Lists invalid sign-on attempts.

Assign Organizations to Entities:  Sites using the  Item Master (PIM)

Spend for a Sourcing and Contract Management organization propagates to Supply Analytics when the SCM organization and the matching Supply Analytics entity are associated. You can use this panel to create an association between an SCM organization and a  entity. You can also change and delete an association that you set up.

Note: This feature applies only to  sites with the Product Item Master (PIM) enabled.

To assign an entity code,

  1. From the Administration menu, select > Administration > Region/Org/Departments > Organizations.
  2. Click the  Entity Organizations panel.
    - You can see  Entity Organizations to the right of Organizations.
    - This panel contains a list of organizations with the columns: Organization, Description, Entity Code, Entity Name, and Entity City and State (Figure 36).

Figure 36 -  Entity Organizations Tab

  1. Find the organization you wish to assign an entity to, and click Assign Entity.
    - The Create -  Entity Cross Reference for Organization panel appears (Figure 37). The organization name and address appear, along with the Search for  Entity link and the Entity Code field.

Figure 37 - The Create -  Entity Cross Reference for Organization Popup

  1. Click the down arrow in the Entity Code field.
    A list of entities appears (Figure 38). These are the entities that were associated with your site for associating with your organizations.

Figure 38 - Selecting an Entity for the SCM Organization

  1. Select a value from the drop list.
  2. Click Save.
    The entity is associated with the organization.

The  Entity Organizations panel appears, with the added entity information (Figure 39).

Figure 39 - The Newly Added Entity Information

To Delete or Change an Entity Code

  1. Click the entity code next to the organization. (Figure 40).

Figure 40 - Edit an Entity Code

The Create -  Entity Cross Reference for Organization panel appears (Figure 38).

  1. To delete the entity/organization association, click the down arrow in the drop box and select the "blank" at the top of the list.
  2. To assign the organization to a different entity, click the down arrow and select the entity.
  3. Click Save.
    - The  Entity Organizations panel appears, with the updated entity information.