Overview
Within Rental Car Manager (RCM) the functionality around operator access and the restrictions placed upon this access can be broken down into several areas.
- Roles
- Restricting Logins
- Access Levels for Users
- Access to Menu Items
- Accessing Credit Cards, User Maintenance and Image Uploads
- Audit Reports
Roles
There are 3 roles within RCM that can be assigned to a user
Company Administrator - the role of "Company Administrator" is that of a super user. This is the only role that can access the "Users" area and set restrictions around user access and IP addresses. This role would generally only be given to a select few in the organisation, and for users with 'Head Office Manager' access level.
Standard User - this is the role that would be given to all other general users of RCM
Agent - this role is designed for Agents that have an Agent Direct login to RCM. These users can only access 3 items - Category information, Quick Reservation and an Agent report. Please see the
Agent Direct article for more information.
The default security allows an operator to be able to log into RCM from anywhere as long as it is within the country that has been assigned to their company. I.e., if it is an Australian company, they will be able to log in from anywhere within Australia. Any user wishing to access the system from outside their home country will need to add the Country into the approved list via the IP List (see below).
Within RCM you are able to put in place restrictions to restrict operators to only be able to log in from specific IP addresses. For example, you may want to set your system up so that operators are only able to log into RCM while they are in the office. This restriction can be implemented at the operator level by updating the operators user information using the User Maintenance screen.
You can see in the image below that you can set the flag for “Restrict login access by Location IP address” to Yes. This would mean that that operator would only be able to log in from a known IP address.
Note that you need to have the 'Company Administrator' role to access the User Maintenance area.
There are three places where you can add the IP addresses and they are then classed as a “known” or "authorised" IP address:
- The User Maintenance screen. Following is a link to the Knowledge Base article which describes the User Maintenance screen in more detail - User Management
- The Location screen. Following is a link to the Knowledge Base article which describes the Location screen in more detail - Locations
- The Approved Countries or IP Addresses tab in User Maintenance
Access Levels for Users
When the Company Administrator creates a user they set the Access Level. This controls what screens and information the operator will have access to within RCM. This access level is modified from the User Maintenance screen.
There are 4 levels:
- Head Office Manager- allows the user to have access to all areas of the program. - they would require the "Company Administrator" role to access the "Users" area.
- Location Manager - allows the user to view and maintain all aspects of the system relative to their location, including the viewing of location-specific financial reports and location-specific system settings. A location manager cannot change any system-wide settings that affect all users.
- Head Office Operator – allows the user to make reservations across all locations, print reports across all locations, and maintain vehicle details for all locations. No access to financial reports or the system area is allowed. This level is typically used in a smaller multi-location business where operators must make reservations in other locations. It also applies to larger companies that operate centralised operations.
- Location Operator – allows the user to make reservations in their own location only and view reservation-related reports for their own location only. No vehicle maintenance or system maintenance is allowed.
Within RCM the Company Administrator is able to update individual users to either remove or add access to the menu items.
This is done from the User Maintenance screen. Here is a link to the article for the User Maintenance screen which explains this in more detail. - User Management
Each Menu has a list of items that a user can view - you can allow and disallow access to each item
Example:
Credit Cards, User Maintenance and Image Uploads
Within RCM there is extra security around the viewing of Credit Card details, access the User Maintenance screen and Uploading images.
A use will only have access to these functions if they have logged in from a "known" IP address. We normally recommend a static IP address be used in your office to help provide this extra level of security. You may also achieve this by loading the IP addresses in via the Approved IP Addresses list ( as above) or using our Two Factor Authentication (TFA) process.
Audit Reports
There are two different reports you can run which allow you to check both who is logging into your RCM system and also who is viewing Credit Card details in your RCM system.
The Logins History report allows you to see who is logging in and where they are logging in from .
This can be accessed by the Company Administrator in the User Maintenance area
The
Vault Log report allows you to see who has accessed Credit Card details and when. Here is the link to the article with more information - Vault Log report