Re: 1.3 server setup over the internet

[John Griessen <..hidden..>]

On 07/22/2011 02:39 PM, Chris Travers wrote:
> SSL is currently supported.
>
> The second question has to do with supporting appropriate types of
> PostgreSQL authentication methods.  Do you have a need to authenticate
> against some form of single sign on server?  If so, we can support
> LDAP and PAM as methods of authentication right now

I don't have any LDAP server yet.  I use PAM with debian linux and am
switching to ubuntu and will use PAM.

> The thing you have to think about regarding security for an accounting
> system is the fact that an internet attack can mess up your data in
> ways that can be painful, but an insider attack is far more dangerous
> because it can be used to cover for theft, pointing evidence at other
> people and the like.

I'm a one person company just now.  Soon I'll be using a fab shop separate from
the house though, so multi location is important for me.
I'll be setting up some tasks with separation
of duties accounts and doing them myself and all from one location for a while first...:-)

I've read the manual as far as understanding there are approvals needing to be
done by another in one mode.  That's probably what you are suggesting -- to set
up with approvals required from the start.

What user roles make sense to set up?
You always want chief/CEO/owner as a role, and at least one person who can do
bookkeeping and needs approvals to post invoices purchase orders, write checks.
How about web sales or POS bookkeeping? Does that role have different permissions than generic bookkeeping?
How about inventory counting, shipping?  Is there a special bookkeeping role with limited permissions
you like to create for that set of tasks?

John Griessen