Security and Access within RCM

Security and Access within RCM


Overview


Within Rental Car Manager (RCM) the functionality around operator access and the restrictions placed upon this access can be broken down into several areas.

  1. Roles
  2. Restricting Logins
  3. Access Levels for Users
  4. Access to Menu Items
  5. Accessing Credit Cards, User Maintenance and Image Uploads
  6. Audit Reports

Roles

There are 3 roles within RCM that can be assigned to a user
Company Administrator - the role of "Company Administrator" is that of a super user.   This is the only role that can access  the "Users" area and set restrictions around user access and IP addresses.  This role would generally only be given to a select few in the organisation, and for users with 'Head Office Manager' access level.
Standard User  - this is the role that would be given to all other general users of RCM
Agent - this role is designed for Agents that have an Agent Direct login to RCM.  These users can only access 3 items - Category information, Quick Reservation and an Agent report.  Please see the Agent Direct article for more information. 

Restricting Logins

As RCM is a cloud-based system, operators can log in from any device as long as it has an internet browser.

The default security allows an operator to be able to log into RCM from anywhere as long as it is within the country that has been assigned to their company. I.e., if it is an Australian company, they will be able to log in from anywhere within Australia.  Any user wishing to access the system from outside their home country will need to  add the Country into the approved list via the IP List (see below).

Within RCM you are able to put in place restrictions to restrict operators to only be able to log in from specific IP addresses. For example, you may want to set your system up so that operators are only able to log into RCM while they are in the office.  This restriction can be implemented at the operator level by updating the operators user information using the User Maintenance screen.
You can see in the image below that you can set the flag for “Restrict login access by Location IP address” to Yes. This would mean that that operator would only be able to log in from a known IP address.

Note that you need to have the 'Company Administrator' role to access the User Maintenance area.




There are three places where you can add the IP addresses and they are then classed as a “known” or "authorised" IP address:

  1. The User Maintenance screen. Following is a link to the Knowledge Base article which describes the User Maintenance screen in more detail -  User Management
  1. The Location screen. Following is a link to the Knowledge Base article which describes the Location screen in more detail - Locations 
  1. The Approved Countries or IP Addresses tab in User Maintenance 




Access Levels for Users 


When  the Company Administrator creates a user they set the Access Level. This controls what screens and information the operator will have access to within RCM.  This  access level is modified from the User Maintenance screen.

There are 4 levels:
  1. Head Office Manager- allows the user to have access to all areas of the program. - they would require the "Company Administrator" role to access the "Users" area. 
  1. Location Manager - allows the user to view and maintain all aspects of the system relative to their location, including the viewing of location-specific financial reports and location-specific system settings. A location manager cannot change any system-wide settings that affect all users.
  1. Head Office Operator – allows the user to make reservations across all locations, print reports across all locations, and maintain vehicle details for all locations. No access to financial reports or the system area is allowed. This level is typically used in a smaller multi-location business where operators must make reservations in other locations. It also applies to larger companies that operate centralised operations.
  1. Location Operator – allows the user to make reservations in their own location only and view reservation-related reports for their own location only. No vehicle maintenance or system maintenance is allowed.


Access to Menu Items

Within RCM the Company Administrator is able to update individual users to either remove or add access to the menu items.

This is done  from the User Maintenance screen.  Here is a link to the article for the User Maintenance screen which explains this in more detail.  - User Management

Each Menu has a list of items that a user can view - you can allow and disallow access to each item 
Example:


Credit Cards, User Maintenance and Image Uploads

Within RCM there is extra security around the viewing of Credit Card details, access the User Maintenance screen and Uploading images. 
A use will only have access to these functions if they have logged in from a "known" IP address.  We normally recommend a static IP address be used in your office to help provide this extra level of security.  You may also achieve this by loading the IP addresses in via the Approved IP Addresses list ( as above) or using our Two Factor Authentication (TFA) process. 

The following article describes this in more detail -  User Management 

Audit Reports 

There are two different reports you can run which allow you to check both who is logging into your RCM system and also who is viewing Credit Card details in your RCM system.

The Logins History  report allows you to see who is logging in and where they are logging in from .
This can be accessed by the Company Administrator in the User Maintenance area


 

The Vault Log  report allows you to see who has accessed Credit Card details and when.  Here is the link to the article with more information  -  Vault Log report 





    Important Articles


      • Related Articles

      • Credit Cards within RCM

        Rental Car Manager allows you to securely store your customers’ credit card(s) against a booking. To ensure that this meets the Payment Card Industry (PCI) compliance requirements set out by Visa, MasterCard and other card providers a tokenized ...

      • Different Brands within one RCM System

        Overview RCM allows you to run multiple brands from within the one RCM system. Branding allows you to have different logos and brand names for customer documents such as quotations, confirmations, and rental agreements. Following is a Knowledge Base ...

      • Processing of Infringements/Tolls within RCM

        Overview Within RCM there is an Infringement Processing module which allows you to easily perform the following actions in regards to any infringements/tolls that come in: Find the relevant booking Assign the infringement/toll to the relevant booking ...

      • System Parameters within RCM

        Overview  With Rental Car Manager (RCM), there are system parameters which enable you to control some of the functionality within RCM. These can be found by choosing the System Parameters option under the System Setup menu. The flags are broken into ...

      • Restricting Access to the Credit Card Vault

        Overview Rental Car Manager has completed our Payment Card Industry (PCI) compliance for Visa and MasterCard. A small part of this was the implementation of the Credit Card vault which we are sure you are now familiar with. This PCI certification ...