Access to the 
system is provided through the Access Controller tool within the Desktop GUI. Users (including logins and passwords) and groups may be created and permissions may be mapped. Permissions are defined on two levels:
Application level – permissions defined per window. A user group may be configured to be denied access to a specific window, or perhaps to have access although with no ability to remove system log entries.
Configuration level – permissions defined per configuration. Three levels are available; read, write and execute. Read access allows users of the group to view the configuration. Write access allows users of the group to modify and save the configuration. Execute access allows users of the group to run the workflow. When a user creates a new configuration, the default group for the user will be the group with read, write and possibly execute permission for that configuration.
Additionally, this application access to any configuration can be further limited through the permission setting on an individual configuration such as a workflow.
Below is an example of the access group application permission set-up using the Access Controller tool.
Example of application permission setup
The following is an example of how a configuration object’s permissions are represented in the Configuration Browser. The owners and groups selected below are defined as Users and Access Groups in the Access Controller.
Example of configuration object's permissions
Access to the operating system and the database are controlled through the normal security methods provided within the corresponding software.
The client security features, such as idle-time log out, additional password configuration and password expiration will be handled in the client’s configuration.