We care for your business data. Data Security has been a matter of concern to the Business Owner as most businesses depend on the confidentiality of the information. To secure your business data, TallyPrime offers a variety security features. You can password protect your company data, define security levels for different users and do much more with the security feature in Tally. The administrator can give different permissions to different kind of users based on the company's requirement. The company data can also be made secure using encryption using TallyVault.
Tally offers a comprehensive security framework for authentication, authorisation, integrity, and confidentiality of user data.
Some highlights of the security framework are described below:
Tally.ERP 9 connects to Tally.Net Server using a secure multi-step handshake. The product license and Tally Software Services (TSS) license are validated as part of the handshake.
● Data exchanged between Tally.ERP 9 and Tally.Net Server is compressed and encrypted with an enhanced version of the industry-recognized Triple Data Encryption Algorithm, before the transfer process is initiated.
● Message Digests are used to detect data corruption and alteration during transfer.
● Customer data synchronization between two Tally.ERP 9 systems is controlled by synchronisation configuration. This configuration specifies, the systems that will participate in data exchange, the data that will be exchanged, and role of each participating system.
The users on both systems must authorise the synchronisation configuration before data is exchanged. Post authorisation, data is exchanged only on user request.
● Tally.NET stores encrypted data only to facilitate synchronization. Data is deleted from the Tally.NET Server after synchronisation.
● Tally.ERP 9 has the provision to encrypt and store customer data on disk using TallyVault.
● Customer data handled by Tally.NET Server is encrypted, both in memory and on disk.
● Tally.ERP 9 opens a network port only when the user requests a network service. The port is open only for the duration of data transfer.
● No other system, third party or Tally, can open the network port or initiate data transfer.
TallyVault is a feature in Tally.ERP 9 that will help the business to maintain confidentiality of information by encrypting the data.
Set the TallyVault password while creating the company.
Note: Forgetting the password may render your data inaccessible.
You can also set TallyVault for the existing companies.
1. Load the Company that need to be secured using TallyVault.
2. Go to Gateway of Tally. press F3 : Company Info > Change TallyVault
3. In the Change TallyVault screen select the required company from the List of Companies.
4. Enter the Password in the New Password field. Tally.ERP 9 displays the strength of the password entered depending on the combination of alphabets, numbers and special characters.
5. Re-enter the password to confirm in the Repeat New Password field.
6. Accept to change the TallyVault password.
7. Tally.ERP 9 displays a message Created New Company followed by the new company number, press any key to return to Company Info. menu.
Once the company data is encrypted the name of the company and financial year will not be visible in the Select Company screen.
You can alter the TallyVault for an existing company, every time you alter the TallyVault, a new company will be created with a new number.
Protect your company data while creating a company by enabling the option Use security control. Enter the Name of the administrator and Password. This user name and password need to be provided every time you open the company.
By default, there are two types of security levels. One is the Owner and the other is Data Entry.
Owner - The owner has full access rights which will enable him to work with all the features of Tally.ERP 9, except for Tally Audit and Company Alteration which are reserved for the Administrator. Based on pre-defined security levels the Administrator can create other security levels and assign or restrict access based on the requirement.
Data Entry - Data Entry has restricted access but the administrator can assign or restrict the access on need basis.
You can create and assign security levels to allow specific access permissions to a user. To create a new security level, you have to log in as an administrator.
1. Go to Gateway of Tally > F3: Cmp Info > Security Control > Types of Security.
2. Create a new security level in the List of Security Levels, as shown below:
3. Press Enter to view the Security Levels screen.
4. Assign the applicable security settings.
The Security Levels screen appears as shown below:
5. Press Ctrl+A to accept.
You can create users, assign security levels, restrict/allow remote access and local TDLs for the users created.
1. Go to Gateway of Tally > F3: Company Info > Security Control
2. Select Users and Passwords
The List of Users for Company screen appears as shown below:
3. Select the required Security Level from the Security List.
4. Enter the user’s name in the Username field.
5. Enter the password in Password (if any) field.
6. By default Allow Remote Access and Allow Local TDL is set to No and skipped for users not classified under Tally.NET User and Tally.NET Auditor
7. Accept to create the user.
You can give specific set of permissions for different kinds of users of you company data. This can be done in Security Levels.
● Go to Gateway of Tally > Alt+F3 > Security Control > Types of Security. In the Security Levels for Tally.NET User screen, Tally.NET User appears in the Name of Security Level field.
● Use Basic Facilities of – the administrator can select the required facility from the Security List. In case there already exists user defined security levels, they will be displayed in the Security List. The new level created will be displayed when the user creates another security level
● Days Allowed for Back Dated Vouchers – By default this field is set to 0, enter the required number of days. Alteration or Insertion of backdated vouchers can be done within the number of days mentioned from the Date of Last Entry of vouchers
● Cut-off date for Backdated vouchers – you can specify the required date. Tally.ERP 9 does not allow you to record a transaction prior to the date mentioned. This can be used in addition to Days Allowed for Backdated Voucher. This input will be useful in situations where you have completed the audit and do not require any changes in the data
● Set Rules for Print Before Save - use this option to restrict a security level from printing the required voucher type before saving the voucher or restrict a security level from printing all the available voucher types before saving the vouchers.
● Allow company to connect – by default it is set to No. Set this to Yes if you need to connect the respective company to the Tally.NET Server.
● Rules for Print Before Save - by default Set Rules for Print Before Save is set to No which allows the user to print all the available voucher types.
o In Allow the following Voucher Types column of Print Vouchers Before Save Rules screen, select the required voucher type that is allowed for printing before save from the Types of Vouchers.
o In Disallow the following Voucher Types column, select the required voucher type that need to be disallowed for printing before save from the Types of Vouchers.
A good password policy will enhance data security and allow only authorized users to view financial data. In Tally.ERP 9, the Administrator can set a password policy in place, which users will have to adhere to, while creating and managing passwords for their company.
1. Go to Gateway of Tally > Company Info > Security Control > Password Policy.
The Password Policy for Company screen will appear as shown:
2. Enable Activate password policy.
Note: Administrator can also disable the same after some interval. Policy will retain the same values once it is re-enabled.
● In Minimum password length field, the administrator can specify the minimum number of characters that a password should contain. By default, 8 will be the minimum password length (This value is derived from the PCI-DSS standards). Administrator can still change this value as per the requirement.
● Enable Advanced parameter for password strength, to impose restrictions on the number of alphabets, numerals and special characters that should be present in a password.
● You can set a value for the expiry of the password. By default, the value will be 90 days, which is derived from the PCI-DSS.
● You can notify the users when the password is about to expire. You can set the notification period.
● Password history maintained in Tally.ERP 9 is used to restrict the usage of previous passwords. You can configure the No. of old password to be restricted after enabling the option Restrict the use of old Passwords.
● If the password policy followed in the organisation requires users to change their passwords upon first login, enable the option Change password on first login.
● As a part of Password policy, you can also allow users to change their own passwords.
● User Status: Apart from configuring Password Policy, Administrator can also make a user Active or Inactive. Only active users are allowed to log in to the company while Inactive users are not allowed to load the company. Enable the option Show user status in F12: Configure. Administrator can make a user Inactive, after which the user will be restricted to log in to the company.
Voucher Type Security will help the business owner specify both individual Voucher Type (Contra, Payment, etc.) restriction and activity level (Sales Department, Procurement Department etc) restriction for different users.
The types of functions or activities for which the control can be set include being able to Create, Alter, Print, or have Full Access to any particular type of Voucher in Tally.ERP 9.
With Tally.ERP 9's Voucher Type Security feature, the administrator can
● Create a department and role based segregation of access for different users.
For example: Access based on Sales, Purchase, Accounts and Payroll etc. for employees in those areas of work.
● Provide or deny access to what level of activity can be performed on a Voucher by different users
For example: User A & User B can Create and Alter a Payment Voucher, but User C can only view the same.
● Provide access to an entire group of Vouchers like Accounting Vouchers, or Inventory Vouchers as a whole.
Example: ABC Company has a user Arun, who records Sales and Receipt transactions. Access to Create and Alter Sales and Receipt Vouchers has to be provided to him.
1. In Security Levels screen, Voucher Types and Group of Vouchers (Accounting Vouchers, Inventory Vouchers, Order Vouchers and Payroll Vouchers) have been included in List of Reports to set the Voucher Type Security.
Note: The aliases provided for Voucher Types will not be displayed in the List of Reports while defining Voucher Type Security.
2. To provide access to Create/Alter Sales and Receipt Voucher Types, configure the Security Level as shown:
3. Enter Arun's login in details to open the Company as shown below:
4. In Gateway of Tally, only Accounting Vouchers option is displayed as shown below:
5. On navigating from this option, only Receipt and Sales Vouchers are enabled for recording transactions.
6. If the user Arun navigates to Day Book, Tally.ERP 9 will display all the Vouchers recorded during the period specified, but will not allow the user to Alter/Print the Vouchers which are restricted. If the user selects any Voucher other than Receipt or Sales Vouchers, Tally.ERP 9 will display the error No Access Allowed!.
Tally.ERP 9 provides four pre-defined groups of Vouchers in order to facilitate users to quickly configure Voucher level security.
The Voucher Types in Tally.ERP 9 are grouped under the following categories:
1. Accounting Vouchers
2. Inventory Vouchers
3. Order Vouchers
4. Payroll Vouchers
Points to remember:
● If users are Allowed/Disallowed access to any of the groups listed above, the Voucher Types listed under the respective group will also carry the same access configuration.
● Disallowing access to Voucher Types will not affect the user's access to Create Voucher Types. To restrict a user from Creating Voucher Types, access to Masters has to be Disallowed.
Therefore, according to the example above, as Arun has been Disallowed access to Payment Voucher, he cannot record transactions using Payment Vouchers, but he can still Create a Voucher under Payment Voucher Type. To restrict Arun's access for Creating Vouchers under Payment Voucher Type, access to Accounting Masters has to be Disallowed.
If an Add-on for providing Voucher Type Security is already in use,
● Access configurations defined using Tally.ERP 9 and the Add-on will be combined.
For example: If, for User A, Full Access to Payment Voucher is Disallowed in Tally.ERP 9, and in the Add-on Full Access to Receipt Voucher is Disallowed, User A will not be able to access both Payment and Receipt Vouchers.
● Tally.ERP 9's Voucher Type Security configuration will override the Add-on's configuration.
For example: If for User A, Full Access to the group Accounting Vouchers is Disallowed in Tally.ERP 9, and in the Add-on Full Access to Payment Voucher is Allowed, User A will not be able to access Payment Voucher.
Based on the requirements, the system administrator can authorise Tally.NET User or Tally.NET Auditor to access data remotely.
By default, the Tally.NET user is authorised to enter data, but has restricted access to the company data. Similarly the Tally.NET auditor is authorised as the owner of the company and has full access to the company data. However, the system administrator can change the access controls of Tally.NET user or the Tally.NET auditor based on the requirement. Any user created under these security levels require Tally.NET authentication to access data.