9700 Security Guide

1Sim
9700 3.x
Security Guide
In This Document
This document describes 9700’s security design, features that monitor
actions that employees take on the System, and features that restrict
employee access to the database, reports, and operational procedures.
Declarations......................................................................................... 2
Overview ............................................................................................. 3
Authentication ..................................................................................... 5
Authorization/Privileges...................................................................... 7
Encryption ........................................................................................... 50
Audit Trail ........................................................................................... 51
Security Maintenance.......................................................................... 56
9700 3.x Security Guide MD0006-090

Declarations
Declarations
Warranties
Although the best efforts are made to ensure that the information in this document
is complete and correct, MICROS Systems, Inc. makes no warranty of any kind
with regard to this material, including but not limited to the implied warranties of
marketability and fitness for a particular purpose. Information in this guide is
subject to change without notice. No part of this guide may be reproduced or
transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information recording and retrieval systems, for any
purpose other than for personal use, without the express written permission of
MICROS Systems, Inc.
MICROS Systems, Inc. shall not be liable for errors contained herein or for
incidental or consequential damages in connection with the furnishing,
performance, or use of this guide.
Trademarks
Windows is a registered trademark of Microsoft Corporation.
FrameMaker is a registered trademark of Adobe Corporation.
Printing History
New editions of this guide incorporate new and changed material since the previous
edition. Minor corrections and updates may be incorporated into reprints of the
current edition without changing the publication date or the edition number.
Edition Month Year Software Version
1st July 2007 3.x
2 MD0006-090
Overview
Overview
Security features in 9700 are divided into the following areas:
• Securing the client’s property with 9700 applications and database servers
• Keeping servers, Windows® operating systems, and 9700 applications up-to-

date with security fixes
• Setting up operating systems and database users with the following security
guidelines:
• No master password
• Allow password changes
• Grant minimal privileges whenever possible
• Authenticating workstations on the Network
• Protecting data during storage and transmission
• Monitoring functionality via Audit Trail
• Enabling Authorizations and Privileges via Employee IDs, Employee Levels,

Employee Groups, Access Levels, Employee Classes, and Workstation
Privileges
What to Protect
• Permanent data stored on the 9700 database server: The database will contain
a mix of sensitive information (credit cards, employee social security
numbers, employee identification numbers), less sensitive data, configuration
information, and sales figures.
• Temporary data cache: Flat files on the workstation contain a cache of the
configuration data needed for the workstation to operate in offline mode and
store transaction data during operations. Transaction data can contain
sensitive information, such as credit card information.
• Data that is transmitted between the workstation and the server during normal
operations and during data playback.
9700 3.x Security Guide 3

Overview
9700 Technical Design
• Any Credit Card data is wiped out of memory as soon as it is used
• Encrypted authorization and transactional data is kept in the database
• Pathway between WinStation to OPS is clear
• Pathway between SAR and POSSRV is encrypted using CryptoAPI
• Pathway from processes to CC driver is encrypted
• Pathway from CC driver to Agency is beyond MICROS control
Credit Card Settlement
• Retention of Credit Card detail is kept for 6 weeks in the CHECKS table and
purged automatically
• Any Credit Card data available on receipts or check images is masked/

encrypted
4 MD0006-090
Authentication
Authentication
Overview
Authentication is the process of ensuring that people on both ends of the
connection are who they say they are. Applicable to not only the entity trying to
access a service, Authentication is also applicable to the entity providing the
service.
EMC Authentication
All users’ credentials of the 9700 System are stored in the central database.
Anyone who has access to the Enterprise Management Console (EMC) must
provide a login of a valid username/password. No two MICROS users can have
the same username.
MICROS Systems, Inc. mandates client sites maintain proper configuration and
adhere to privilege level restrictions based on a need-to-know basis. For security
purposes, each user’s activities are traced via Audit Trail.
To ensure strict access control of the 9700 application, always assign unique
usernames and complex passwords to each account. For more information, please
see the 9700 PABP Compliance document specific to the site’s software version.
Note The 9700 System does NOT use the Windows Login.
Workstation Authentication
User Authentication
A user must authenticate themselves through the workstation by signing in using a
unique employee ID number or an employee magnetic card.

Authentication
Database User Management

MICROS Systems, Inc. mandates that users create a strong, PCI compliant
password for the EMC user account within the EMC’s Personnel | Employees
module after initially logging into the EMC for the first time. The password must
be PCI compliant, containing at least 8 alphanumeric characters with both letters
and numbers. For more information, please see the 9700 PABP Compliance
document specific to the site’s software version.
During 9700’s installation, the wizard prompts for the creation of a Database
Administrator username and password. The Database Administrator is used to log
into the SQL Server 2005 database (or the Oracle 10g database, depending on the
site’s setup).
9700’s installation wizard also prompts for the creation of a MICROS Database
User. 9700’s code uses the MICROS Database User to access the database during
communication with services. Before any code can make SQL (or Oracle)
statements to the SQL database (or Oracle database), the SQL database requires a
username and password in the SQL string. Always assign strong usernames and
passwords.
When creating the usernames and passwords for the Database Administrator and
MICROS Database User during the 9700 installation, users are advised to create a
strong password for the user account consisting of at least 8 alphanumeric
characters including both letters, numbers, and special characters for all 9700
accounts. Whenever possible, always assign strong application and system
passwords.
Database credentials are stored in the configuration file on the 9700 application
server, which is encrypted. No applications, except for the application server, need
access to the database directly. After initial authentication, the application server
performs a check of the authorization for the given user to perform the requested
action.
6 MD0006-090
Authorization/Privileges
Overview
Setting Authorization/Privileges establishes strict access control, explicitly
enabling or restricting the ability to do something with a computer resource.
User access control for Employees Levels, a way of controlling how employees
can view other employee information, is defined within the EMC | Personnel |
Employees module.
User access control for 9700 System elements is defined within the EMC |
Personnel | Access Levels and Report Writer Access Levels modules.
User authorization/privileges are configured by Employee Class configured
within the EMC | Personnel | Employees module.
Workstations also have their own EMC privileges module, Hardware | Device
Table module.
Employee IDs
The Employee ID field consists of a ten-digit number that identifies the operator
when attempting to sign in to POS Operations on the User Workstation or when
attempting to clock in or out at the User Workstation.

Enabling
ID
Enter an ID number to be used to identify the employee on workstations.
If you wish to assign employee IDs from magnetic cards, you must do this
though UWS Procedures.
Employee Levels
The Employee Levels feature may be used to create up to nine levels of employee
access. Employees assigned to a specific Employee Level can only access (i.e.,
view or change) information about other employees whose own Employee Level
is equal to or higher than their own.
The 9700 System only displays information about employees who have an equal
or higher number.
This feature is used to create an Employee Level to control an employee’s ability
to:
• Access privileged operations in the EMC
• Access privileged operations in UWS Reports
• Access privileged operations in UWS Procedures
• Access privileged operations in Report Writer
8 MD0006-090
Usage
Example 1: Employee Levels

In a large restaurant, Employee Levels are used to allow an Assistant Manager
to have access only to information about other Assistant Managers and
subordinate employees. Assistant Managers are then prevented from
accessing information about their General Managers or other employees to
whom they are subordinate.
Level 0 Employees
Level 1 Employees
Level 2 Employees
not
Level 3 Employees displayed
Level 4 Employees
Assistant Manager Level 5 Employees

Employee Level #6 Level 6 Employees
Level 7 Employees
Level 8 Employees
Example 2: Employee Levels Combined With Employee Groups

Employee Levels can be used with the Employee Group feature on page 11, to
further restrict access to employee information.
Employee Group # Level # Access?
Employee #231 5 No
197
Employee #232 7 No
Employee #234 4 No
Employee #235 5 No
198
Assistant Manager Employee #236 6 Yes
Employee Group #198
Employee Level #6 Employee #237 7 Yes
Employee #238 199 8 No

Employee Levels Configuration
Configuration within the EMC | Personnel | Employees module determines the

Employee Level granted to each employee.
One of nine Access Levels can be granted to an Employee. The Master Access
Level, 0, allows unrestricted access. The lowest Access Level, 8, grants the lowest
level of permission.
Access Progression
Employee Levels are progressive. That is, an employee with an Access Level
of 4 can use files or functions that are themselves assigned Access Levels of 4
through 8. Files with an Access Level of 4 may be opened by employees with
an Access Level of 0 through 4.
Enabling
Level
Navigate within the EMC to Personnel | Employees | Sort By Employee
and enter the access level of the employees that this employee is allowed
to access when performing privileged operations in the EMC, UWS
Reports, UWS Procedures, or Report Writer.
If this field is set to zero, access is unrestricted. If this field is not zero, the
employee is allowed to access other employees of a high-numbered level.
For example, Level 3 employees may perform any operations for which
they are privileges, only on employees with Levels 4 through 9.
Employees with Level 0 can access all employees.
10 MD0006-090
Employee Groups
This feature may be used to create up to 300 distinct groups of employees within
9700, whose members cannot access information about each other.
When a privileged employee performs any operations that involve other
employees, 9700 only displays information for other employees who have the
same Group number. Since Employee records reside on the Enterprise Level, this
feature can be used to isolate information access to a Property or a single Revenue
Center.
This feature is used to create an Employee Group to control an employee’s ability
to:
• Access privileged operations in the EMC
• Access privileged operations in UWS Reports
• Access privileged operations in UWS Procedures
• Access privileged operations in Report Writer
Usage
Example 1
In a large restaurant, Employee Groups are used to prevent General Managers
in the Catering Revenue Center from accessing information about employees,
including other Managers, in the Lounge Revenue Center.
Example 2
In an airport concessions complex that uses 9700 to manage multiple
Properties, this feature may be used to prevent employees in the Pizza Shop
from accessing information about employees in the Gift Shop.
Employee #2301 Group #197

not displayed
Employee #2302
Employee #2304
Pizza Shop Manager Employee #2305 Group #198
Employee Group #198
Employee #2306
Employee #2307 Group #199
not displayed
Employee #2308

For an example of how Employee Groups can be used in combination with

Employee Levels, refer to page 9.
Employee Groups Configuration
Configuration within the EMC | Personnel | Employees module determines the

Employee Group granted to each employee.
Enabling
Group
Navigate within the EMC to Personnel | Employees | Sort by Employee and
enter the number of the group that this employee is allowed to access when
performing privileged options in the EMC, UWS Reports, UWS Procedures,
or Report Writer. If this field is zero, access is unrestricted. If this field is not
zero, the employee is allows to access other employees of an equal group
number.
12 MD0006-090
Access Levels
Description
The Access Levels module determines the access level required for an employee to
open and modify modules in the 9700 Configurator within the EMC. The lowest-
numbered levels are the most powerful. For example, if the access level required
to add or change records in the Cashiers file is 3, a user must have an access level
setting of 3, 2 or 1 in order to perform these functions. There are a total of nine
access levels, eight of which are user-defined. Access level 0, Master, is the
highest level in the System and allows employees access to every file, function,
and report. This level cannot be changed or deleted.
Set the access level for

each employee on the
Employees | General tab
(Personnel | Employee Maintenance |

Sort By Class | Privileges tab)
0 Highest Level
MASTER
2
S
LE
Levels are cumulative,

ES
which means that a

3 level 3 also has the
V
access rights of levels

C
EL
4 through 8.
4
AC
Lowest Level
8

Programming Access Levels

An employee’s access level is determined by the Employee Class that they belong
to. Since this designation must be made when you set up the Employee Classes, it
is recommended that you define the Access Levels module first.
There are six tabs in the Access Levels module, one for each main component of
the 9700 System.
The five Record Access Level fields shown below on the General tab
determine the access level required to perform each of several module
maintenance functions.
The fields contained on the remaining tabs, such as the Menu tab shown
below, determine the access level required to open each specific module
within the Configurator.
14 MD0006-090
Access Level Granted to an Employee Class

An employee’s access privileges to the EMC | Configurator are determined by the
setting of the Configuration Privilege Level for the Employee Class to which
they belong. (The Report Writer Privilege Level controls use of Report Writer.)
The Personnel | Employe Maintenance | Sort by Class | Privileges tab is shown
below.
Report Writer Access Levels
Description
The Report Writer Access Levels module determines the access level required for
an employee to take and reset reports in 9700 Report Writer.
There are a total of nine access levels, eight of which are user-defined. Access
level 0, Master, is the highest level in the System and allows employees access to
every file, function, and report. This level cannot be changed or deleted.
Access Level Required by Report Writer

The Report Writer Access Levels module determines the Access Level required to
perform each of two reset options located on the General tab:
• Reset Access Level Number
• Reset-no-print Access Level Number

Additional fields in this module determine the Access Level required to take each
specific report.
Access Level Granted to an Employee Class

An employee’s access privileges to Report Writer are determined by the setting of
the Report Writer Privilege Level for the Employee Class to which they belong.
The Personnel | Employe Maintenance | Sort by Class | Privileges tab is shown
below.
Employee Classes
Employee Classes allow you to group
employees according to the duties that
they perform, such as servers, bussers, Property
Manager
Expert
and cooks, then assign the same
privilege and option settings to all
employees in a particular class. For Cashier Server
example, the employee class Bartenders
EMPLOYEE
is privileged to use one-touch sign in CLASSES
keys. The default touchscreen (Bar
Bartender Cooks
Main) is programmed to display two
one-touch keys, one for each bartender
on duty. Without classes, you would Busser Retail
have to assign privileges to each
individual employee, which can be a
very repetitive and time consuming
task. Besides easing your workload, employee classes also allow you to generate
reports for specific kinds of employees based on the class they belong to.
When adding employees to the System, you must specify which class they belong
to. So, in order for the list of classes to be available when defining the employee,
you should create the employee classes first.
16 MD0006-090
Working with Employee Classes

To work with the Class forms in the Employees | Maintenance module, you must
set the Sort By field on the Employee | Maintenance window to Class. The tree
view displays the list of classes in alphabetical order that exist in the database.
The + sign to the left of the class name indicates that there are employees linked to
that class. To display the linked employees, click the + sign to expand the list.
If a + sign displays to the left of an employee name, at least one Revenue Center is
linked to that employee. To display the linked Revenue Centers, click the + sign to
expand the list.
Linking Employees to Employee Classes

The diagram below illustrates that each employee is linked to a single employee
class. This designation is made on the General tab when sorting Employee
Maintenance records by Employee. For each employee record, enter the
Employee Class number from the Employee Class file.
Employee General Form
Employees Class
401 Chris 101-Server

402 Alex 101-Server
403 John 101-Server
Employee Class Shared Privileges

101 Server
If there are “special cases” among the staff who don’t fit any of the general
classes, create a class just for them. For example, Sheila usually works as a server,
but occasionally tends bar, and also fills in as a manager when necessary. She
needs to be able to perform the duties of all three of the employee classes (Server,
Bartender, or Manager). Create an employee class that combines the privileges
required to perform as either a bartender or a server and allows the access levels
required of a manager. Label this new class “Utility”, or perhaps “Sheila”, and
select it as her Employee Class in her Employee record only.
The number of classes that can be created is limited only by the size of system
memory. So, if you have several of these “special cases,” take comfort in knowing
that you can set up whatever you may need to handle the situation.

Class Privileges
They are a variety of privileges that can be assigned to each Employee Class.
When sorting by Class, you will see the eight tabs shown below, which contain the
option settings for each of these categories.
General Privileges
The General tab, shown below, contains options relating to timekeeping and
transaction privileges.
Authorize/Perform Reprint of Time Card

Select this option to allow employees associated with this class to reprint
a timecard using the [Reprint Timecard] key and to authorize non-
privileged employees to do so as well.
Change Revenue Center at Clock-In

Select this option to allow employees associated with this class to
authorize changes in the Revenue Center assignment of other employees
who are clocking in.
18 MD0006-090
Clock in at Rate 1
Select this option to allow employees associated with this class to Clock
in at Job Rate 1.
Authorize Clock In
authorize other employees to clock in.
Authorize/Perform Clock In/Out Outside Schedule or Scheduled

Breaks
Select this option to allow employees associated with this class to clock in
or out at times that conflict with their assignment in the Time Clock
Schedules module.
ON = Minor Employees; OFF = Regular Employees

Some jurisdictions have labor laws that apply specifically to minors age
16 and under. This option is used in conjunction with the Time Clock
Parameters, in the Parameters module, that allows the creation of
separate definitions of paid and unpaid breaks for minors and regular
employees.
Select this option to designate employees associated with this class as

minors. Do NOT select this option to designate employees associated
with this class as regular, adult employees.
Authorize Changing Revenue Center at Clock In

Select this option to allow employees associated with this class to change
their Revenue Center assignment when clocking in.
Clock Out with Open Checks

Select this option to allow employees associated with this class to clock
out at the end of a shift even if they still have open guest checks. If this
option is enabled, it overrides the setting of the “Cannot Clock Out with
Open Checks” option in the Job Codes module.
Authorize/Perform Clock Out in the Future

Select this option to allow employees associated with this class to clock
themselves out at a time ahead of the system time or to authorize an
employee without this privilege to clock out at a time ahead of the system
time.
Change Revenue Centers

Revenue Centers by signing into a workstation that belongs to a Revenue
Center that is different from RVC to which the employee is currently
assigned.

Authorize Changing Revenue Centers

Select this option to allow employees associated with this class to Change
Revenue Centers and to authorize non-privileged employees to do so as
well.
Allow Sign-in to a Workstation

Select this option to allow employees associated with this class to sign
into a workstation or a Mobile MICROS unit. Do not select this option to
prevent employees from performing any operations other than clocking in
and out unless they gain authorization from a privileged employee. (Refer
to the “Authorize/Use the [Keyboard Select] Key” option.)
Authorize Sign-in to a User Workstation

Select this option to allow employees associated with this Class to
authorize a non-privileged employee (one for whom the “Allow Sign into
a Workstation” option is disabled) to sign in to a workstation or Mobile
MICROS unit.
Guest Checks Privileges

The Guest Checks tab, shown below, contains options relating to guest check
editing and control authorization privileges.
20 MD0006-090
Authorize/Add Team Member to Check

Select this option to allow employees associated with this class to use the
[Add Team Member] key to add additional servers to a check.
Authorize/Perform Edit of a Guest Check ID In a Closed Check

Select this option to allow employees associated with this class to edit a
Guest Check ID of a closed check using the [Guest Check ID] key and to
authorize non-privileged employees to do so as well.
Authorize/Perform Edit of a Guest Check ID In an Open Check

Select this option to allow employees associated with this class to edit a
Guest Check ID of an open check using the [Guest Check ID] key and to
Authorize/Remove Team Member from Check

[Remove Team Member] key to remove servers from a check.
Authorize/Add Guest Information to Check

Enable this option to allow employees associated with this class to use the
[Enter Guest Info] key to enter guest information when creating a special
event check on the workstation and to authorize non-privileged
employees to do so as well.
View All Team Detail

A guest check must be started with the [Begin Party Check] key (keycode
#399) to use this Employee Class option.
Enable this option to allow employees associated with this class to view
the detail posted by all team members on a special event check and to
authorize non-privileged employees to do so as well. If this option is
disabled, employees associated with this class can only view the detail
they have posted to the guest check.
Authorize/Perform Pickup of a Check that is “Open on System”

Select this option to allow employees associated with this class to pickup
checks that already have an “open” status and to authorize non-privileged
employees to do so as well. Checks with an “open” status are checks that
are considered in use at another workstation or by another process.
Allow Pickup Of Checks from other Revenue Centers

Select this option to allow employees associated with this class to pickup
checks in other Revenue Centers using the [Pickup Check, RVC] keys.
Disable this option to prevent employees from picking up checks in other
Revenue Centers.

Authorize/Perform Closed Check Pickup (Reopen a Closed Check)

[Reopen Closed Check] key and to authorize non-privileged employees to
do so as well.
Authorize/Use the [Block Transfer] and [Auto Block Transfer] Keys

Select this option to allow employees associated with this class to transfer
an entire block of checks from another operator and to authorize non-
privileged employees to do so as well. This function is useful with a shift
change, when an entire group of checks must be turned over from the
operator who is leaving to the operator who is just signing in.
Create New Checks using [Begin Check] Key

Select this option to allow employees associated with this class to begin a
guest check.
Authorize Adding of Checks Between Revenue Centers

Select this option to allow employees associated with this class to add
checks (to be in a check and add another check to it) from another
Revenue Center and to authorize non-privileged employees to do so as
well.
Authorize Adding of Checks in the Same Revenue Center

checks (to be in a check and add another check to it) within a Revenue
Center and to authorize non-privileged employees to do so as well.
Authorize Transfer of Checks Between Revenue Centers

checks from another Revenue Center and to authorize non-privileged
Authorize Transfer of Checks in the Same Revenue Center

checks from another operator within the same Revenue Center and to
Authorize/Perform Open of Checks for Multiple Groups at a Table

Select this option to allow employees associated with this class to open
multiple checks at the same table. Each succeeding check is assigned a
successive check number. An employee who is authorized to split checks
(option “Authorize/Use the [Split Check] key and Perform Memo
Tenders”) is also authorized to open checks for multiple groups at a table.
22 MD0006-090
Authorize/Use the [Split Check] Key and Perform Memo Tenders

Select this option to allow employees associated with this class to split
guest checks and to perform memo tenders and to authorize non-
Authorize/Perform Pickup of a Check Belonging to Another

Operator
Select this option to allow employees associated with this class to pick up
another operator's checks and to authorize non-privileged employees to
do so as well.
Authorize/Perform Closed Check Adjust

[Adjust Closed Check] key and to authorize non-privileged employees to
do so as well.
A closed check adjustment allows the user (if privileged to void Tender/
Media from a previous round) to adjust the Tender/Media or Service
Charge on a closed check.
Authorize/Perform Pickup of a Check that is “Owned by Offline

UWS”
If a check is rung on a workstation that proceeds to go offline, the check is
considered “Owned by an Offline Workstation.” Select this option to
allow employees associated with this class to pickup these checks from
another workstation and to authorize non-privileged employees to do so
as well.
Authorize/Perform Lock/Unlock of Guest Checks

Enable this option to allow employees associated with this class to use the
[Lock Guest Check] and [Unlock Guest Check] keys and to authorize
non-privileged employees to do so as well.
Authorize/Perform Memo Tenders

Enable this option to allow privileged employees associated with this
class to perform memo tenders and to authorize non-privileged employees
to do so as well.
Enable Limited Split Check

Enable this option to prevent an employee from performing the Split
Check function more than once on a check. If this option is enabled, the
Authorize/Use Split Check option must be disabled. Note: This option
was created to safeguard against the “floating soda” technique.

Authorize/Perform Creation and Pickup of Unassigned Checks

Select this option to allow employees associated with this class to begin
and pickup “Unassigned Checks” and to allow non-privileged employees
to do so as well.
An “Unassigned Check” is a check that is begun in the system (usually by

a professional services application or other MICROS peripheral product,
such as Guest Connection or Suites Management) without an owner.
When an Open Check SLU is used, Privileged Operators will see their
own checks, as well as any “Unassigned Checks” in the Revenue Center,
but they will not see other operators’ open checks.
Auth/Perform Adjustment of Closed Checks from Prev. Business

Days
Select this option to allow employees associated with this class to Adjust
Closed Checks from business days other than the current business day. If
this option is enabled, an operator in this class will have access to the
[Adjust Closed Check from Previous Business Day] function key.
Auth/Perform Reopening of Closed Checks from Prev. Business

Days
Select this option to allow employees associated with this class to Reopen
Closed Checks from business days other than the current business day. If
this option is enabled, an operator in this class will have access to the
[Reopen Closed Check from Previous Business Day] function key.
24 MD0006-090
Printing Privileges
The Printing tab, shown below, contains options relating to guest check,
receipt, and tender media authorization privileges.
Authorize/Perform Printing of Memo Checks

Select this option to allow employees associated with this class to print
memo checks and to authorize non-privileged employees to do so as well.
Authorize/Perform Reprinting of Memo Checks

memo checks and to authorize non-privileged employees to do so as well.
Authorize/Perform Reprinting of Closed Checks

a guest check after it has been closed and to authorize non-privileged
Authorize/Perform Unlimited Reprinting/Printing of a Check

Select this option to allow employees associated with this class to perform
two functions. #1: Allow On-Demand operators to print guest checks
more than the maximum number allowed in the Revenue Center
Parameters Module. #2: Allow By-round operators to use the [Reprint
Check] key. This privilege also allows employees associated with this
class to give authorization to non-privileged employees for these
functions.

Authorize/Perform Reprint of a Credit Voucher

a credit card voucher slip and to authorize non-privileged employees to do
so as well.
Void and Return Privileges

The Voids/Returns tab, shown below, contains options relating to void and
return authorization privileges.
Authorize/Use the [Transaction Return] Key

[Transaction Return] key and to authorize non-privileged employees to do
so as well.
The [Transaction Return] key is used when performing several returns in

a transaction—every menu item rung after pressing [Transaction Return]
will be a returned menu item.
Authorize/Perform Return of Menu Items Entered on Current Check

Select this option to allow employees associated with this class to return
menu items posted in the current round (using the [Return] key) and to
authorize non-privileged employees to do so as well. To perform voids in
the current round, the employee class option “Authorize/Perform Error
Corrects” must be enabled.
26 MD0006-090
Authorize/Perform Void of Menu Items from a Previous Round

Select this option to allow employees associated with this class to void
menu items that were posted in a previous transaction round and to
Authorize/Perform Void and Return of Menu Items Not on Check

and return menu items that were never posted to the guest check and to
Authorize/Perform Void of Discounts from a Previous Round

discounts that were posted in a previous transaction round and to
Authorize/Perform Void of Service Charges from a Previous Round

service charges that were posted in a previous transaction round and to
Authorize/Perform Void of Tender/Media from a Previous Round

tender/media entries that were posted in a previous transaction round and
to authorize non-privileged employees to do so as well.
Authorize/Use the [Void Check] Key

[Void Check] key, which will void all the items on the check and to
Authorize/Perform Voids in the Current Round

voids in the current round (i.e., last-item voids, direct voids, line-number
voids, and touch-voids).
Authorize/Use the [Transaction Void] Key

[Transaction Void] key and to authorize non-privileged employees to do
so as well. The [Transaction Void] key is used when performing several
voids in a transaction—every menu item rung after pressing [Transaction
Void] will be a voided menu item.

Authorize/Perform Void of Menu Items on Closed Checks

menu items from closed checks after they have been reopened and to
authorize non-privileged employees to do so as well. (In addition, the
“Authorize/Perform Void of a Menu Item from a Previous Round” option
must be selected.)
Authorize/Perform Void of Discounts on Closed Checks

discounts from closed checks after they have been reopened and to
authorize non-privileged employees to do so as well. (In addition, the
“Authorize/Perform Void of a Discount from a Previous Round” option
must be selected.)
Authorize/Perform Void of Service Charges on Closed Checks

service charges from closed checks after they have been reopened and to
authorize non-privileged employees to do so as well. In addition, the
“Authorize/Perform Void of a Service Charge from a Previous Round”
option must be selected.
Authorize/Perform Voids/Cancels of North American LDS Items

voids or cancels of menu items ordered through a North American Liquor
Dispensing System (NA LDS) and to authorize non-privileged employees
to do so as well.
Authorize/Perform Direct Voids

transaction items by pressing the [Void] key and then the key for the item
(e.g., a Menu Item key). Also, select this option to authorize non-
Authorize/Allow Voiding of Shared Check Items

items which are shared between seats or checks, and to authorize non-
28 MD0006-090
Utilities Privileges
The Utilities tab, shown below, contains options for access control to the
Control Panel, Credit Card Utilities, NetVupoint and Dataviewer utilities, and
other specific utilities.
Start the System and Operations from the Control Panel

Select this option to allow employees in this class to start the system and
POS Operations in the EMC Control Panel. Additionally, employees with
this privilege may start operations on individual workstations from the
EMC Workstation module.
Stop the System and Operations from the Control Panel

Select this option to allow employees in this class to stop the system and
POS Operations in the EMC Control Panel. Additionally, employees with
this privilege may stop or kill operations on individual workstations from
the EMC Workstation module.
Reload the System from the Control Panel

Select this option to allow employees in this class to use the “Reload”
button in the Control Panel.
Change Backup PC Number from the Control Panel

Select this option to allow employees in this class to sign in to the
EMC Control Panel and to change the Backup PC numbers.

Make PC Active on its Backup PC from the Control Panel

Select this option to allow employees in this class to sign in to the EMC
Control Panel and make a PC active on its backup PC.
Make PCs Active or Inactive from the Control Panel

Select this option to allow employees in this class to make PCs active or
inactive in a 9700 MOR (MICROS Operational Resiliency) environment.
Run the CC Batch Report Program

Credit Card Report module.
Run the CC Batch Transfer Program

Credit Card Transfer module.
Run the CC Batch Edit Program

Credit Card Batch Editor to edit batches.
Run the CC Batch File Creation Program

Credit Card Batch Creator.
Do Not Mask Credit Card Info from Reports

Select this option to allow employees associated with this class to view
Credit Card Numbers on Credit Card Reports.
Can open the System Setup Utility Module in EMC

Select this option to allow employees in this class to use the System Setup
Utility module in EMC. The EMC module allows users to configure
different settings used by the executables that run during the nightly
autosequences.
Run the Audit Trail Program

Select this option to allow employees in this class to run the EMC's Audit
Trail module or to run the atrail_b.exe command-line application on the
server
Reset the Audit Trail

Select this option to allow employees in this class to reset the Audit Trail
in EMC's Audit Trail module or by using the atrail_b.exe command-line
application on the server.
30 MD0006-090
Can Minimize Application

Select this option to allow employees in this class to minimize the
WinStation/SAR application on a workstation.
Can Close Application

Select this option to allow employees in this class to close the WinStation/
SAR application on a workstation.
Can Change Others' Passwords

EMC passwords of other employees.
Can access the NetVupoint Module in EMC

Select this option to allow employees in this class to use the NetVupoint
module in EMC. The NetVupoint module allows users to configure
different settings for the NetVupoint Transformation Service.
Login to Dataviewer
Select this option to allow employees in this class to log in to Dataviewer.
NetVupoint Admin user

Select this option to allow employees in this class to perform
administrative tasks in NetVupoint and Dataviewer.
Run and Save Output on Server

Select this option to allow employees in this class to run and save
Dataviewer queries.
Create Public Queries

Select this option to allow employees in this class to save public
Dataviewer queries.
For information on the options located on the Privileges tab, please see
“Access Level Granted to an Employee Class” on page 15.

Procedure and Report Privileges

The Procedures/Reports tab, shown below, contains options relating to access
and usage of UWS Procedures and Autosequences.
Access Employee Job Code/Pay Rates in UWS Procedure #3

Select this option to allow employees in this class to edit the Job Codes
and Pay Rates of employees while accessing Employee Setup (UWS
Procedure #3 in UWS Manager Procedures).
Can Change Employee Class in Employee File/UWS Procedures

Select this option to allow employees in this class to change an
employee's Employee Class, in UWS Manager Procedures.
Run UWS Procedures in Another Revenue Center

Select this option to allow employees in this class to perform UWS
Procedures for a Revenue Center to which they are not currently assigned,
in UWS Manager Procedures. For instance, if this option is selected, a
manager eating lunch in Revenue Center 1 could change the Serving
Period (if so privileged) in Revenue Center 2, saving the manager from
having to walk to Revenue Center 2 to change the Serving Period,
because the manager can simply change the Serving Period from a
workstation in Revenue Center 1 while enjoying his/her lunch.
32 MD0006-090
Use UWS Procedure #1: Change Next Guest Check Number

Select this option to allow employees in this class to reset the check
number sequence and specify the next guest check number to be used in
UWS Manager Procedures.
Use UWS Procedure #2: Change Serving Period

Select this option to allow employees in this class to change the serving
period of a Revenue Center in UWS Manager Procedures.
Use UWS Procedure #3: Employee Setup

Select this option to allow employees in this class to edit Employee
Records in UWS Manager Procedures. Note that employees cannot be
added or deleted through UWS Manager Procedures.
Access Employee Job Code/Pay Rates in UWS Procedure #3

Select this option to allow employees in this class to edit the Job Codes
and Pay Rates of employees while accessing Employee Setup (UWS
Procedure #3 in UWS Manager Procedures).
Use UWS Procedure #4: Employee Revenue Center Setup

Select this option to allow employees in this class to edit Operator
Records in UWS Manager Procedures.
Use UWS Procedure #5: Change Employee Revenue Center

Select this option to allow employees in this class to alter the current
Revenue Center assignment for employees in the system, in UWS
Manager Procedures.
Use UWS Procedure #6: Print Employee List

Select this option to allow employees in this class to print a list of
employees in the system, in UWS Manager Procedures.
Use UWS Procedure #7: Change Employee Training Status

Select this option to allow employees in this class to place an employee in
Training Mode, in UWS Manager Procedures.
Use UWS Procedure #8: Adjust Employee Time Card

Select this option to allow employees in this class to adjust the clock-in/
out times for employees, in UWS Manager Procedures.
Use UWS Procedure #9: Change Time Clock Schedule

Select this option to allow employees in this class to alter the time clock
schedule, in UWS Manager Procedures.

Use UWS Procedure #10: Print Time Clock Schedule

Select this option to allow employees in this class to print the time clock
schedule, in UWS Manager Procedures.
Use UWS Procedure #11: Redirect Order Output

Select this option to allow employees in this class to Redirect Order
Output for the printers in a Revenue Center, in UWS Manager
Procedures.
Use UWS Procedure #12: Change Menu Item Class

Select this option to allow employees in this class to make changes to
Menu Item Classes in UWS Manager Procedures. (Note: Use this option
with caution; editing Menu Item Classes in the EMC rather than on the
workstation, a user is less likely to make a mistake.)
Use UWS Procedures #13,17,18: Change Menu Item Assignment

Select this option to allow employees in this class to change Menu Item
Assignment, to Change Barcode Menu Items, and to Change Barcode
Files, in UWS Manager Procedures.
Use UWS Procedure #14: Change Menu Item Availability

Select this option to allow employees in this class to designate menu
items as being “available” or “unavailable” (out-of-stock) in UWS
Manager Procedures.
Use UWS Procedure #15: Print Menu Item Prices

Select this option to allow employees in this class to print the Menu Item
Price list, in UWS Manager Procedures.
Use UWS Procedure #16: Update Currency Rates

Select this option to allow employees in this class to change the exchange
rates of alternate currencies, in UWS Manager Procedures. (Note: Use
this option with caution; an employee with this privilege could potentially
steal from the site. Typically, Currency Rates are infrequently updated,
and only updated by a System Administrator through the EMC.)
Use UWS Procedure #19: Change IP Printer Name

This option should be disabled to ensure that IP Printers are only
configured through the EMC. Select this option to allow employees in
this class to change the name of the IP Printer, in UWS Manager
Procedures.
Run PC and UWS Reports Autosequence in Privilege Group 1

Select this option to allow employees in this class to run UWS and PC
Autosequences belonging to Privilege Group 1. Note that all employees
can run UWS and PC Autosequences belonging to Privilege Group 0.
34 MD0006-090
Reset UWS Reports Without Printing

This option is only active if the option Reset UWS Reports is enabled.
Select this option to allow employees in this class to run UWS Reports
with the “Reset” option, while not printing the report.
Run UWS Reports in Another Revenue Center

Select this option to allow employees in this class to run UWS
Autosequences (Reports) for Revenue Centers other than the current
Revenue Center to which they are currently assigned, in UWS Manager
Reports.
Reset UWS Reports

Select this option to allow employees in this class to run UWS Reports
and to “Reset” the report. Note that if a report is set to “Reset” and an
employee does not have this option enabled, the report will run properly
but it will not reset.
Transaction Privileges
The Transactions tab, shown below, contains options relating to posting
and authorization privileges for transactions, service charges, tender, and
other employee’s checks.
Post Payments to Checks Belonging to Another Operator

Select this option to allow employees associated with this class to post
tender/media entries to checks belonging to another operator.

Post Service Charges to Checks Belonging to Another Operator

service charges to checks belonging to another operator.
Post Discounts to Checks Belonging to Another Operator

discounts to checks belonging to another operator.
Post Menu Items to Checks Belonging to Another Operator

menu items to checks belonging to another operator.
Authorize/Perform Automatic Service Charge Exemptions

Select this option to allow employees associated with this class to forgive
automatic service charges using the [Exempt Auto Service Charge] key
and to authorize non-privileged employees to do so as well.
Authorize/Perform Posting of Service Charges in Priv Group 1

Service Charges belonging to Privilege Group 1 and to authorize non-
privileged employees to do so as well. Note that all employees can post
Service Charges belonging to Privilege Group 0.
Authorize/Perform Posting of Discounts in Priv Group 1

Discounts belonging to Privilege Group 1 and to authorize non-privileged
employees to do so as well. Note that all employees can post Discounts
belonging to Privilege Group 0.
Authorize/Perform Posting of Tender/Media in Priv Group 1

Tender/Media entries belonging to Privilege Group 1 and to authorize
non-privileged employees to do so as well. Note that all employees can
post Tender/Media entries belonging to Privilege Group 0.
Authorize Over HALO Amounts on [Tender/Media] Keys

Select this option to allow employees associated with this class to exceed
the HALO amount set for a Tender/Media key and to authorize non-
Authorize/Perform Posting of Payments

payments to a transaction and to authorize non-privileged employees to
do so as well.
36 MD0006-090
Authorize/Allow Manual Entry of Credit Card Numbers

Select this option to allow manual entry of credit card numbers (typing
the numbers into the workstation instead of swiping the credit card) and to
Authorize/Perform Closing of Checks with a Zero Balance

Select this option to allow employees associated with this class to tender
and close transactions that have a balance due of $0.00 and to authorize
Authorize/Perform Closing of Checks with a Negative Balance

Select this option to allow employees associated with this class to tender
and close transactions that have a negative balance due and to authorize
Authorize/Perform Open Check Block Settlement

Select this option to allow employees associated with this class to close
all of their open checks to the Default Cash Tender/Media, specified in
Revenue Center Parameters, and to authorize non-privileged employees
to do so as well.
Authorize/Perform Voiding of Tender w/ Signature

Select this option to allow employees associated with this class to void a
tender from a check with a signature capture and to authorize non-
Allow Tender of Party Checks

Select this option to allow employees associated with this class to Tender
and close “Party Checks.”
Authorize/Perform Posting of Menu Items in Priv Group 1

Menu Items belonging to Privilege Group 1 and to authorize non-
privileged employees to do so as well. Note that all employees can post
Menu Items belonging to Privilege Group 0.
Authorize/Perform Change of Transaction Main Level

the Main Level using one of the eight [Main Level] keys and to authorize
Authorize/Perform Change of Transaction Sub Level

the Sub Menu Level using one of the eight [Sub Level] keys and to

Authorize/Allow Sharing of Check Items

Select this option to allow employees associated with this class to share
menu items and to authorize non-privileged employees to do so as well.
Sharing menu items is performed when using the [TouchSplit] and
[TouchEdit] functions to put part of a menu item on two different checks
(e.g., 1/2 Bottle of Wine “shared” between two couples at a table).
Authorize/Use the [Table Number] Key

[Table Number] key and to authorize non-privileged employees to do so
as well.
Authorize/Use the [Menu Item Price Override] Key

[Menu Item Price Override key] and to authorize non-privileged
employees to do so as well. Menu Item Price Overrides are usually used
to override a preset price of a barcode menu item.
Authorize/Use the [Order Type] Key

Select this option to allow employees associated with this class to select
an Order Type and to authorize non-privileged employees to do so as
well.
Authorize/Perform Tax Exemptions Using [Exempt Tax] Keys

Select this option to allow employees associated with this class to forgive
tax using one of the [Exempt Tax] keys and to authorize non-privileged
Authorize/Use the [Item Weight] Key

weighed menu items and to authorize non-privileged employees to do so
as well.
Authorize/Use the [Transaction Cancel] Key

[Transaction Cancel] key and to authorize non-privileged employees to do
so as well.
Authorize/Cause a Transaction to have a Negative Balance

Select this option to allow employees associated with this class to create a
check with a negative balance and to authorize non-privileged employees
to do so as well.
38 MD0006-090
Authorize/Perform Change of Number of Guests

the number of guests in a transaction using the [Number of Guests] key
and to authorize non-privileged employees to do so as well.
Authorize Open Cash Drawer Using the [No Sale] Key

Select this option to allow employees associated with this class to open
the cash drawer outside of a transaction using the [No Sale] key and to
Authorize/Perform Signature Capture Override

[Signature Capture Override] key and to authorize non-privileged
Signature Capture Override is used to bypass the signature capture

process, in the event that the customer refuses to sign, or if the customer
has left without signing.
Authorize/Perform Employee Meal Discount Override for Non-

Scheduled Employees
Enable this option to allow employees associated with this class to permit
non-scheduled employees to receive the employee meal discount and to
This option works in conjunction with the “Employee Meal” and

“Employee Meal Discount Applies to Scheduled Employees Only”
options in the Discounts module.
Authorize/Perform AVS Override

Enable this option to allow employees associated with this class to
proceed with a credit card process without entering the AVS (Address
Verification Service) information and to authorize non-privileged
Authorize/Perform CVV Override

Enable this option to allow employees associated with this class to
proceed with a credit card process without entering the CVV, CVC, or
CID (the Card-Present Number) and to authorize non-privileged

Miscellaneous Privileges
The Options tab, shown below, contains options for miscellaneous
authorization privileges, such as for Mobile Micros Handhelds (MMH),
Universal Stored Value Cards, and cash drawer usage.
Authorize/Use the [Direct Tips] and [Indirect Tips] Keys

Select this option to allow employees associated with this class to use
these keys to declare cash tips received (by themselves) and to authorize
Download Database to Mobile MICROS and SAR Clients

Select this option to allow employees in this class to download a new
database to a Mobile MICROS device or SAR workstation and to
Auth/Perform Assign Cash Drwr 1&2; Unassgn Drwr from Others

This option bit includes two different functions. #1: Select this option bit
to allow employees associated with this class to use the [Assign Cash
Drawer 1] and [Assign Cash Drawer 2] keys to assign the cash drawer to
themselves, and to authorize non-privileged employees to use the [Assign
Cash Drawer 1] or [Assign Cash Drawer 2] keys to become assigned to a
drawer. #2 If this option bit is enabled, employees in this employee class
can use the [Unassign Cash Drawer] key to unassign cash drawers from
other operators.
40 MD0006-090
Note that the [Assign Cash Drawer] key does not require an Employee
class privilege—any employee with access to the [Assign Cash Drawer]
button can use it.
Authorize/Perform Assignment & Changes of Cashiers

Select this option to allow employees associated with this class to assign
themselves a cashier link or change their cashier link with the [Assign
Cashier] key and to authorize non-privileged employees to do so as well.
Authorize/Use the [Keyboard Select] Key

keyboards using one of the [Keyboard Select] keys and to authorize non-
Authorize/Use the [Direct Tips] and [Indirect Tips] Keys for

Another Employee
Select this option to allow employees associated with this class to use
these keys to declare cash tips received by another employee and to
Authorize/Perform UWS Download New Revenue Center

download a new Revenue Center to a workstation and to authorize non-
Authorize Cash Drawer Reconnection

authorize a cash drawer cable reconnection on a workstation. If an
operator has the option bit enabled to “Require Authorization for Cash
Drawer Reconnection,” the operator will need an authorization before
performing another transaction. If this option bit is enabled, employees
associated with this class can perform this authorization.
Authorize Power Cycle of Workstation during Operations

authorize a Power Cycle of a workstation. If an operator has the option bit
enabled to “Require Authorization for Power Cycle of UWS during
Operations,” the operator will need an authorization before performing
another transaction. If this option bit is enabled, employees associated
with this class can perform this authorization.

Authorize SAR Workstation to Enter Offline Mode

Select this option to allow employees in this class to enter offline mode on
a SAR workstation. When an operation is attempted that normally causes
the workstation to contact the 9700 Server, if contact cannot be
established, the client will display a prompt to retry the operation or work
offline. If the user chooses to work offline, the operator needs to have an
authorization, which is represented by this option bit.
Authorize SAR workstation to Exit Offline Mode

Select this option to allow employees in this class to enter online mode
(while in offline mode) on a SAR workstation. While offline, if
communication with the 9700 Server is detected, a prompt will be
displayed to work in online mode. If the user chooses to work online, the
operator needs to have an authorization, which is represented by this
option bit.
Authorize Running of Offline Reports

generate Offline Reports when the workstation is offline.
Authorize/Perform Manual Entry of Stored Value Card Number

manually enter the stored value card account number and to authorize
Authorize/Perform Issue Stored Value Function

Select this option to allow employees associated with this class to issue a
stored value card and to authorize non-privileged employees to do so as
well.
Authorize/Perform Void Issue Stored Value Entry

Select this option to allow employees associated with this class to void an
issued card and to authorize non-privileged employees to do so as well.
Note: Touch Voids and Direct Voids are allowed; Last Item Voids and
Returns are not allowed.
Authorize/Perform Issue Stored Value Batch Function

Select this option to allow employees associated with this class to issue a
batch of stored value cards and to authorize non-privileged employees to
do so as well.
Authorize/Perform Void Issue Stored Value Batch Entry

batch of stored value cards and to authorize non-privileged employees to
do so as well. Note: Touch Voids and Direct Voids are allowed; Last Item
Voids and Returns are not allowed.
42 MD0006-090
Authorize/Perform Activate Stored Value Function

Select this option to allow employees associated with this class to activate
a stored value card and to authorize non-privileged employees to do so as
well.
Authorize/Perform Void Activate Stored Value Entry

Select this option to allow employees associated with this class to void the
activation of a stored value card and to authorize non-privileged
employees to do so as well. Note: Touch Voids and Direct Voids are
allowed; Last Item Voids and Returns are not allowed.
Authorize/Perform Activate Stored Value Batch Function

Select this option to allow employees associated with this class to activate
a batch of stored value cards and to authorize non-privileged employees
to do so as well.
Authorize/Perform Void Activate Stored Value Batch Entry

Select this option to allow employees associated with this class to void the
activation of a batch of stored value cards and to authorize non-privileged
Authorize/Perform Reload Stored Value Function

Select this option to allow employees associated with this class to Reload
(add credit) a dollar amount to an existing stored value card and to
Authorize/Perform Void Reload Stored Value Entry

Reload transaction and to authorize non-privileged employees to do so as
well. Touch Voids and Direct Voids are allowed; Last Item Voids and
Returns are not allowed.
Authorize/Perform Redeem Authorization Stored Value Function

a redemption authorization and to authorize non-privileged employees to
do so as well.
Authorize/Perform Void Redeem Authorization Stored Value Entry

redemption authorization and to authorize non-privileged employees to
do so as well.

Authorize/Perform Redeem Stored Value Function

a redemption transaction (a stored value card is used to make a purchase
and a dollar amount is deducted from the account) and to authorize non-
Authorize/Perform Void Redeem Stored Value Entry

redemption transaction and to authorize non-privileged employees to do
so as well.
Authorize/Perform Manual Redemption Stored Value Function

a manual redemption and to authorize non-privileged employees to do so
as well.
Authorize/Perform Void Manual Redemption Stored Value Entry

manual redemption transaction and to authorize non-privileged
Authorize/Perform Issue Stored Value Points Function

Select this option to allow employees associated with this class to issue
points to a stored value card and to authorize non-privileged employees to
do so as well.
Authorize/Perform Void Issue Stored Value Points Entry

issued points on a stored value card and to authorize non-privileged
employees to do so as well. Touch Voids and Direct Voids are allowed;
Last Item Voids and Returns are not allowed.
Authorize/Perform Redeem Stored Value Points Function

a points redemption transaction and to authorize non-privileged
Authorize/Perform Void Redeem Stored Value Points Entry

points redemption transaction and to authorize non-privileged employees
to do so as well.
Authorize/Perform Stored Value Cash Out Function

Select this option to allow employees associated with this class to debit
some or all of the remaining balance on a stored value card and to
44 MD0006-090
Authorize/Perform Stored Value Balance Inquiry Function

Select this option to allow employees associated with this class to check a
stored value card balance and to authorize non-privileged employees to
do so as well.
Authorize/Perform Stored Value Balance Transfer Function

the balance from one stored value card to another and to authorize non-
Authorize/Perform Stored Value Point Inquiry Function

Select this option to allow employees associated with this class to check a
stored value card point balance and to authorize non-privileged
Authorize/Perform Stored Value Report Generation Function

generate stored value card reports and to authorize non-privileged
Authorize/Perform “Accept Coupon” Stored Value Function

Select this option to allow employees in this class to perform the “Accept
Coupon” Stored Value Function and to allow non-privileged employees to
do so as well.
Authorize/Perform “Void Accept Coupon” Stored Value Function

Select this option to allow employees in this class to perform the “Void
Accept Coupon” Stored Value Function and to allow non-privileged
Authorize/Perform Stored Value Reprint Chit Function

Select this option to allow employees in this class to reprint Stored Value
chits and to allow non-privileged employees to do so as well.
Workstation Privileges
Workstation Privileges are configured in the EMC within the System Hardware |
Device Table | <Select Workstation> | Options Tab.

Enabling
Enable Rear Display

Select this option to enable output to a rear customer display attached to
this workstation.
Do Not Clear Screen After Transaction

Select this option to cause the last screen of a transaction to remain on the
display after the transaction is complete. This option is enabled for
workstations in Revenue Centers who want to use the “Print Customer
Receipt” function key to print receipts after the close of a transaction.
Assign Cash Drawer By User Workstation

If this option is enabled, operators must assign themselves to a cash
drawer by using the one of the Function Keys 848, 839, or 840 (Assign
Cash Drawer, Assign Cash Drawer 1, Assign Cash Drawer 2). Then, only
the operator assigned to the drawer will be able to open it (or a privileged
manager, who can unassign a drawer from a user).
If this option is disabled, the Operator “Cash Drawer” field determines if

an operator can access a cash drawer or not. In this scenario, all operators
with the “Cash Drawer” field set to “1” will be able to open Cash Drawer
1. Note: Giving multiple employees access to a single cash drawer is not
as secure as requiring employees to be assigned to a Cash Drawer.
46 MD0006-090
Require Cash Drawer to be Closed Before New Transaction

Select this option to require that cash drawers attached to this workstation
are closed before a new transaction may be begun. Do NOT select this
option to allow transactions to begin while a cash drawer is open.
Use Cash Drawer Number 2 for Other Currency

This option is used only if two cash drawers are in use for this workstation
and one is dedicated to foreign currency. Select this option to cause the
second cash drawer (not the drawer currently assigned) to open, when
using a tendering key that opens the cash drawer and that is used with
currency conversion. In addition, the foreign currency must allow change
to be made in that currency.
Disable Employee Auto Sign Out

Select this option to disable the Automatic Operator Popup Interval
programmed in Revenue Center Parameters. Do NOT select this option to
cause operators to be signed out of this workstation after the Automatic
Operator Popup Interval expires.
Mag Card Entry Required for Employee ID

Select this option to require that all employee ID entries at this
workstation are made using a magnetic employee ID card. This applies to
signing in and authorizing privileged operations.
If this option is selected, the workstation will not accept an employee ID

number entered through the keyboard or touchscreen. Do not select this
option to allow the employee ID to be entered by either a magnetic card or
by the keyboard or touchscreen.
Enable UWS Activity Log

Select this option to activate logging on this workstation. This option
applies to PCWS, SAR, and Mobile MICROS clients only.
Enable Scale Interface

Select this option to enable communication between this workstation and
a scale.
Enable Signature Capture

Select this option to enable communication between this workstation and
a Signature Capture pad.

North American LDS Attached to this UWS

This option only applies to workstations using a Liquor Dispensing
System. Select this option to indicate to the system that the Liquor
Dispensing System (LDS) attached to this UWS is a North American
LDS. Do NOT select this option to indicate that an ILDS (International
Liquor Dispensing System) is in use.
Enable RFID PayPass Device

Select this option to activate communication between this workstation
and an RFID PayPass Device. This device is used for Radio-Frequency
Credit Cards. (NOTE: This option is only available on SAR clients.)
Enable Error Beeper

Select this option to cause the UWS to emit a beep whenever an operator
commits an error that causes an error message or prompt to display.
Disable this option to suppress the beep when an error message or prompt
displays.
Auto Begin Chk when Chk Optr ID/# Entered Outside of Trans.
This option is active only if the “Allow Replacement Sign In Outside
Transaction” option is disabled. Select this option to allow an operator to
begin a guest check transaction by entering an operator ID or employee
number. The signed-in operator becomes the transaction operator; the
employee whose ID or employee number was entered becomes the check
operator.
If this option is enabled, sales totals and tenders posting are determined
by the setting of the Revenue Center Parameters Posting options “Post
Totals to Transaction Operator” and “Post Tender to Transaction
Operator.” The system will require the use of either the employee ID or
the employee number, as determined by the setting of the Operator option
“Use Employee Number to Open Check for Another Employee.”
ON = Link Cashier Totals to UWS; OFF = Link to Operator

Select this option to allow this workstation to be linked to a single Cashier
Record. This option can only be used with a workstation that is assigned
to a single Revenue Center (when this is enabled, Revenue Centers 2-8
become disabled on the Revenue Centers tab).
Cashiers are linked to a workstation by using the [Assign Cashier]

function key on the workstation. When this option is disabled, totals are
posted to the operator's Cashier Record, if one exists.
Allow SAR Mode

This option must be selected to allow this workstation to operate in
Offline Mode.
48 MD0006-090
Can Be Offline During Autosequences

Select this option to allow this workstation to be offline when
autosequences run. If this option is enabled, PC autosequences will still
run even if the PC Autosequences option, “Do Not Run if Workstations
Are Offline” option is enabled.
Enable Remote Order Printing to Local Printer When Offline

This option should be enabled. If this option is enabled, a SAR Client,
when offline, will print the Order Output (that should have printed to
remote kitchen printers, for example) to the local SAR workstation's
printer.
Enable Local Guest Check Printing

Enable this option to direct guest check printing to a wireless local printer
(for Mobile MICROS devices) or to a SAR local printer (for SAR
devices). Disable this option to choose the printers for specified print jobs
on the Printers tab for this workstation.
Enable Local CA Voucher Printer

Select this option to cause Credit Card Authorization vouchers to print
from this SAR device to the SAR local printer. Disable this option to
select a Credit Card Authorization printer from the printers tab of this
device.
Disable auto-online
A workstation will automatically return to Online Mode if
communications have been reestablished and the number of transactions
rung offline is less than the amount specified in the Property Parameters
“Automatic Online Transaction Limit” field. By enabling this option, the
workstation will prompt the user to return online, instead of continuing
online automatically.
Go Offline Without Prompting

When this option is enabled, a workstation will go offline automatically
when communication with the server is lost. When this option is disabled,
the user will be prompted to work offline.

Encryption
Encryption
Overview
Encryption is the reversible transformation of data from the original (plaintext) to
a difficult-to-interpret format (ciphertext).
Permanent Data Store Encryption

Sensitive data in the 9700 database is encrypted using industry standard Triple-
DES encryption. Each encrypted piece of data has a link to an entry in the
encryption key table, which is also encrypted using Triple-DES encryption.
9700 provides a Encryption Key Management utility to add a new encryption key
to the encryption key table. All data that will need to be stored in the database in
encrypted format will automatically be encrypted using the latest key. For more
information, see the MICROS 9700 Encryption Key Management Utility
document.
Warning: If the encryption key is lost, the encrypted data in

the database is unrecoverable. There are no backdoors!
Key Rotation Considerations

In order to achieve maximum security, MICROS Systems, Inc. mandates the
system administrator regularly rotate your keys, at least annually, and delete any
old or comprised encryption keys. 9700’s entire design of data encryption, key
generation, and storage is built to facilitate such practice.
For more information, please see the MICROS 9700 Encryption Key Management
Utility document.
50 MD0006-090
Audit Trail
Audit Trail
Overview
The Audit Trail keeps a record of all changes made to the 9700 database, as well
as the identity of the employee who made the changes. The Audit Trail records the
following activity:
Module or Function Activity
Configurator Add, delete, or edit records in any file, or

clear any database totals files
UWS Procedures Edits of records in any file, including time

card adjustments
Report Writer Reports taken, reset,

and reset without printing
PC Autosequences
UWS Autosequences
Audit Trail Reports reset
(Entries for the Error Log, which does not
Error Log
require the entry of a PC Functions ID,
print “Employee Unknown”.)
Control Panel Start or stop the 9700 System;
Start or stop the POS Operation module,
Start or stop Operations on a UWS,
Change Backup PC#,
Change PC state (Active/Inactive)
Credit Card Settlement Create, Edit, Print, or Transfer Batch File
Credit Card Editor Move to a different batch file,
Save and exit the application
SQL Add, delete, or edit records in any file
Operations Reset
UWS Reports All resetting operations, reports taken, and
reset

Audit Trail
Enabling
The EMC | System Information | Parameters option Enable Audit Trail must be
enabled for Audit Trail to record activity. For security purposes, MICROS
Systems, Inc. mandates this option be enabled.
Usage
A privileged employee may conduct searches within the Audit Trail of database
changes based on a variety of search criteria (e.g., by application, by operation, or
by employee).
To authorize an employee to run the Audit Trail module, Search tab, the option
Run the Audit Trail Program must be enabled within the EMC Employees
module, see page 30 for more information (Personnel | Employees | Maintenance
| Sort by Class | Utilities tab).
The Audit Trail file must be reset (erased) periodically in order to prevent the file
from becoming very large and consuming too much space on the PC’s hard drive.
To authorize an employee to manual reset the Audit Trail, the Reset the Audit
Trail option must be enabled within the EMC Employees module (Personnel |
Employees | Maintenance | Sort by Class | Utilities tab), see page 30 for more
information. The Audit Trail is manually reset within the Audit Trail Search
module, see page 55 for more information.
Audit Trail Module

The EMC Audit Trail module is used for its Audit Trail report function and to
manually reset the Audit Trail.
52 MD0006-090
Audit Trail
Audit Trail | Search Tab

The Audit Trail | Search Tab includes a report function that can be used to
view the contents of the Audit Trail file, as seen below.
The results of an Audit Trail Report can be viewed on the PC Monitor, printed
to the PC’s network printer, or saved to a file on the PC.
Audit Trail reports may be taken for:
• Each application
• Each operation (add, clear totals, delete, edit, or login)
• For a specific module
• For a specific Revenue Center
• For a specific employee
• For a specific time period

Audit Trail
Each record in the Audit Trail Report includes:
• The application to which the change was made (e.g., Configurator)
• The date and time that the change occurred
• The operation made (e.g., field edit, record deletion, autosequence

reset)
• The identity of the employee who made the change
• In the case of database changes made in Configurator or UWS

Procedures, the Audit Trail record also includes the Previous and
Current data entered in the field
Enabling
Applications
Select the application to be included in the search.
Operations
Select the operation to be included in the search.
Module
Select the module to be included in the search.
Revenue Center
Select the Revenue Center, if any, to be included in the search.
Employee
Select an employee to search.
Start Date
Select the Start Date to search. Note that the Audit Trail data is
automatically purged for data one month prior to the Current Month; also,
the Audit Trail is typically reset nightly (by FileMaintenance.exe).
Therefore, it may be possible that only today's Business Date shows Audit
Trail information.
End Date
Select the End Date to search. Note that the Audit Trail data is
automatically purged for data one month prior to the Current Month; also,
the Audit Trail is typically reset nightly (by FileMaintenance.exe).
Therefore, it may be possible that only today's Business Date shows Audit
Trail information.
54 MD0006-090
Audit Trail
Audit Trail | Reset Tab

The Reset Tab is used to reset (erase) the Audit Trail in order to prevent the
file from becoming very large.
Enabling
Reset Entries Until
Select a date. The date selected in this field is the cutoff point—all Audit
Trail data before this date will be purged from the database.
Note that the Audit Trail data is automatically purged for data one month
prior to the Current Month; also, the Audit Trail is typically reset nightly
(by FileMaintenance.exe). Therefore, it may be possible that only today's
Business Date shows Audit Trail information.

Security Maintenance
Security Maintenance
Overview
MICROS Systems, Inc. mandates that users abide by the Payment Card Industry’s
(PCI) Data Security Standards documented in the 9700 PABP Compliance
document.
To maintain the PCI Data Security Standard, please:
1. Install and maintain a firewall configuration to protect data
2. Do no use vendor-supplied defaults for system passwords and other security

parameters.
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across

public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources an cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
For more information, please see the 9700 PABP Compliance document specific
to the site’s software version.
56 MD0006-090

9700 Security Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

9700 Security Guide

Uploaded by

Copyright:

Available Formats

1Sim

9700 3.x Security Guide MD0006-090

Edition Month Year Software Version

1st July 2007 3.x

• Keeping servers, Windows® operating systems, and 9700 applications up-to-

• Allow password changes

• Grant minimal privileges whenever possible

• Authenticating workstations on the Network

• Protecting data during storage and transmission

• Monitoring functionality via Audit Trail

• Enabling Authorizations and Privileges via Employee IDs, Employee Levels,

9700 3.x Security Guide 3

9700 Technical Design

• Any Credit Card data is wiped out of memory as soon as it is used

• Encrypted authorization and transactional data is kept in the database

• Pathway between WinStation to OPS is clear

• Pathway between SAR and POSSRV is encrypted using CryptoAPI

• Pathway from processes to CC driver is encrypted

• Pathway from CC driver to Agency is beyond MICROS control

Credit Card Settlement

• Any Credit Card data available on receipts or check images is masked/

9700 3.x Security Guide 5

Database User Management

9700 3.x Security Guide 7

• Access privileged operations in the EMC

• Access privileged operations in UWS Reports

• Access privileged operations in UWS Procedures

• Access privileged operations in Report Writer

Example 1: Employee Levels

Assistant Manager Level 5 Employees

Example 2: Employee Levels Combined With Employee Groups

9700 3.x Security Guide 9

Employee Levels Configuration

Configuration within the EMC | Personnel | Employees module determines the

• Access privileged operations in the EMC

• Access privileged operations in UWS Reports

• Access privileged operations in UWS Procedures

• Access privileged operations in Report Writer

Employee #2301 Group #197

9700 3.x Security Guide 11

For an example of how Employee Groups can be used in combination with

Employee Groups Configuration

Configuration within the EMC | Personnel | Employees module determines the

Set the access level for

(Personnel | Employee Maintenance |

Levels are cumulative,

which means that a

access rights of levels

9700 3.x Security Guide 13

Programming Access Levels

Access Level Granted to an Employee Class

Report Writer Access Levels

Access Level Required by Report Writer

• Reset Access Level Number

• Reset-no-print Access Level Number

9700 3.x Security Guide 15

Access Level Granted to an Employee Class

Working with Employee Classes

Linking Employees to Employee Classes

401 Chris 101-Server

Employee Class Shared Privileges

9700 3.x Security Guide 17

Authorize/Perform Reprint of Time Card

Change Revenue Center at Clock-In