Restrict Access

Integrator Notes

You can use the Role Based security in Multifront to limit access depending on user role. If you modify the behavior of the user roles, keep the amount of information accessible by users to a minimum.  Roles should only have access which is explicitly given. Never give all users default access to a resource. Generally, you will want to restrict customer billing name and address. Role based security does not apply to Credit Card numbers as they are not saved in the system.

User Role support is only included in some editions of Multifront. For those editions where it is not included all your admin users will have full access to the system. Be sure to only give this access to users that need this capability.

You will need a formal policy on access control to maintain your PCI-DSS compliance.

Configuration Notes

The role based security of the admin can be modified using the web.config file in Web\Admin\Secure\web.config.