The Access Editor is located under the Tools pull down menu in the main Back-Office screen.
This option allows the creation and modification of Back-Office access levels.
There are 9 levels of access in Maitre’D. Level Zero is the highest and can access levels 1 to 8. Level 1 may access levels 2 to 8. A lower level access may not have more accesses than a higher level. E.g. Level 5 may only have access to those options available in 6 to 8.
This access is restricted to Maitre’D Certified technicians and installers. All other access levels are unable to see or grant this access. The properties of this access level cannot be modified, and except for certified technicians, no one should ever have this access, no matter the reason.
The System Owner access level is restricted to the restaurant management. Only top-level managers should have this access, as this allows them to create and delete other users, as well as take media reports with decrypted credit card PANs and expiration dates. This access cannot see or modify the distributor access.
These levels can be fully customized. Each access level can change the properties of the lower access levels, but not the higher access levels. These levels can be assigned to anyone with a business requirement to use the back-office software. These access levels are typically assigned for price maintenance tasks, report taking, batch closing, etc.
The default language used throughout the Maitre’D Back-Office and POS workstations is determined by the language configured for the System Owner access level. All access levels can be assigned different languages, but it’s the System Owner language that will decide which one is the default.
Upon opening the Access Editor tool, you will be prompted for an access level. Select the access level which you want to edit. Note that the Distributor access level cannot be edited.
Type in the quick-access password to use to open the Maitre’D Back-Office with this access level. This essentially allows the user to login by typing only a password, without a username.
NOTE: When the Use Username Login option is enabled under Server Control / View / Options / Advanced / Miscellaneous, the Password field is disabled and cannot be used. This is because this feature is incompatible with PCI-DSS compliance rules and needs to be completely disabled on systems where integrated credit cards are in use.
Enabling the Fast Access option allows you to create scripted tasks for Maitre’D Back-Office users with this access. Instead of gaining full access to all the features of the Maitre’D Back-Office, the user will be forced to perform specific tasks.
Enable this option to enable the Fast Access feature and gain access to the Advanced Access option and Settings button. If this option is enabled without any other option, users will be constricted to their scripted tasks, without any possibility of performing any other action in the Maitre’D Back-Office.
With this option enabled, users will be able to access all the features of the Maitre’D Back-Office once the scripted tasks have been executed.
This option only affects access levels 2 to 8. Enable this option to allow users to use the blue shortcuts throughout the Maitre’D Back-Office.
Click the Settings button to configure the scripted tasks for this user access.
Select the Maitre’D Back-Office language to be used by this user access. Available choices are English, French or Spanish.
NOTE: The language selected for the System Owner access level will determine the default language for the whole system, including POS workstations.
Fast Access Settings are accessed by clicking the Settings button on the Password Editor Screen. This dialog allows you to setup the tasks that users will be able to perform.
Select an existing task and click the Execute button to perform this task.
Click the Add button to create a new task and add it to the list.
Select an existing task and click the Remove button to delete it from the list.
Select an existing task and click the Edit button to change its properties.
Click the Save button to save settings and exit.
Click Cancel to exit without saving.
The access editor allows you to fully customize the Maitre’D Back-Office modules and menu options that users can or cannot access.
The access editor can be used in conjunction with the Fast Access feature to further restrict access to only the features that are necessary for specific employee job function.
NOTE: The Distributor Access Level cannot be restricted.
A green checkmark indicates that this user can access a module or menu.
A red “X” indicates that this user cannot access the indicated module or menu.
Use the “+” and “-“ signs to expand or collapse branches and sub-branches.
Select a branch or a menu option and click the Toggle button to switch between the green checkmark and red “X”. Toggling the top level of a branch will cause all the sub-elements under that branch to be toggled in one operation.
Click the Apply button to save settings without exiting.
Click OK to save settings and exit.
Click Cancel to exit without saving.
After the initial logon and initial user creation is completed, other user accounts will need to be created. These accounts can be used for various tasks, ranging from basic reporting to all types of configuration changes. Due to the sensitive nature of the data that can be accessed through the Maitre’D Back-Office, its access needs to be protected adequately by usernames and passwords.
Furthermore, to ensure compliance with PCI-DSS, individual user accounts need to be created for each user requiring access to the Maitre’D Back-Office. Sharing accounts or disclosing passwords will automatically make your site non-compliant against PCI-DSS rules.
Logon to the Maitre’D Back-Office with appropriate credentials. (Distributor or System Owner)
From the main back-office screen, click on the Tools menu, and select the User Editor option.
The User Editor window will be displayed. All existing users with access levels equal or lower than yours will be listed here, if any.
Click the New button to create a new user.
Click the Delete button to permanently delete an existing user
This button is only available to PayFacto technicians to reset an account’s password history for troubleshooting purposes.
Click the UnLock button to unlock a locked account.
Click the Discard button to clear information that was entered during the process of creating a new user.
Click OK to commit changes and exit out of the User Editor tool.
Click Apply to commit changes without exiting from the User Editor Tool.
Click Cancel to exit out of the User Editor tool without saving changes.
Type a user name for this account. The user name should allow the person logging in to be identified.
Choose an access level for this user:
Distributor
This access is restricted to Maitre’D Certified technicians and Resellers. All other access levels are unable to see or grant this access.
System Owner
The System Owner access level is restricted to the restaurant management. Only top-level managers should have this access, as this allows them to create and delete other users, as well perform any administrative task on the Maitre’D system.
Access Levels 2 through 8
These access levels can be fully customized. These access levels can be used for anyone requiring access to the Maitre’D back-office software.
Type in a password for the new user. The password must be at least 7 characters, and comprised of a mix of letters and numbers.
Confirm the password for this new user.
Enable this option to force the user to change the login password during the next login. This option should be used for every new account and afterwards if there is a doubt that an account password may have been compromised.
Click the Apply button to create the user without exiting the User Editor. This will allow you to create more users.
Click OK to save your changes and exit.
Maitre’D will automatically force users to change their passwords every 90 days. Also, Maitre’D keeps a history of each user’s passwords so that the last 4 passwords cannot be re-used. In case a password becomes compromised or if you have any doubts to that effect, you can force any user to change their password by checking the User must change password at next login box in their account’s properties. Of course, you need to be logged in with Distributor or System Owner access in order to do this.
After 5 unsuccessful login attempts, Maitre’D will automatically lock the user account. To unlock an account, someone with Distributor or System Owner access needs to login, access the user editor, select the locked account and click the Unlock button.
Locked accounts are marked with a padlock icon:
Never share your password with anyone, for any reason, under any circumstances.
Use complex passwords. Maitre’D already forces you to use a minimum of 7 characters with a mix of letters and numbers, however:
Try using 8 or more characters. Long passwords are harder to guess.
Avoid using combinations like 123abcd, or 123456a, or abcdef1, etc. These combinations are easy to guess and can get your system compromised.
Avoid using combinations of adjacent letters and numbers on the keyboard, such as “qwertyu8”.
Avoid using common words with letters replaced by numbers or symbols, such as “P@ssw0rd” or M1cro$0ft. Unfortunately, hackers know these tricks, too.
Try using 8 or more characters mixed in with capital letters, numbers and special characters. A very effective technique is to choose a phrase which only you would know, then take the first few letters of each word to start building your password. Then, throw in a few numbers and add a special character or two.
Do not use any word from any dictionary in any language. Hackers can use sophisticated dictionary attacks; therefore, any dictionary words are not safe to use as passwords.
Compare your password against "Most Common Password Lists", such as NordPass' annual list: NordPass Top 200 Most Common Passwords. If your password (or a close variant) appears on this kind of lists, change it immediately.
Never use any kind of personal information as your password, such as your spouse’s name, children’s names, birth dates, anniversaries, etc.
Make sure that only key personnel have Distributor or System Owner access. Give lower access to everyone else.
If you have even the smallest doubt that someone may know your password, have it changed immediately.
When an employee quits or is terminated, immediately delete this person’s account from Maitre’D. If you need to keep the account for audit purposes, then immediately change the password.
Strictly enforce passwords management policies with all employees using any part of your computer system.
.
Maitre'D User Editor
Maitre'D Access Editor
