How to make fields read-only for some users

Match-IT’s security system allows any field to be set as read/write, read-only, or not-visible on a per user group basis. The example below will make the Industry field read-only on the customer/supplier form for certain users.

Proceed as follows:-

Right-click on the Industry field.
In the popup that is shown, select Set field/button access.
The Field Access Privileges form opens and in so doing creates the default security record for that field.
Close the form.
Now open the detail record for a user and select the Privilegs tab.
Select New, the Access Control Override form opens.
Check Field in the This Object group.
Select the ellipsis (…) next to Field, the Select Field form opens.
Scroll down the list to find the field you want to control (File csh and Field Industry in this case)
Select the field.
Back in the Access Control Override form, check Deny Insert Change/Edit and Delete Access.
Select Save and Close.
Back in the user form, the setting will show in the user specific Access Privileges list.

Repeat for other users. It’s quicker than it sounds!

Those users will now be able to see the field but not change it.

Free Issue Case Study

Scenario

A customer free issues batches and a corresponding SO to a supplier who uses Match-IT. Only those batches can be used as kit for the WO satisfying that SO. No existing done or WIP top-level stock should be used.

Discussion

Match-IT’s default mode of scheduling is to do whatever it takes to minimise it’s loss function parameterised by a trade-off between lateness and cost. It performs hundreds of non-intuitive operations to achieve this including for example ignoring done stock in some circumstances, swapping WIP WO to SO assignments and merging/splitting unapproved WOs/POs as needed. Thus it has no concept of this WO is for this SO or this batch is for this WO. Our often-used mantra is: “to Match-IT a widget is a widget and if that’s not the case then use other our-part-numbers as needed to differentiate them”. However, in some scenarios multiple part numbers are impractical and a little manual intervention is needed; for example in the above scenario.

Setup

  1. For the top-level made parts: tick disable line merging, tick do not mix batches and tick lock instances. Make sure that re-order quantity and minimum stock level etc. are all zero. This guarantees one WO per SO, stops spare top-level batches being used and makes the WO stick to the SO across schedules.
  2. For the free issue parts: tick is free issue and do not mix batches (*). This makes the parts appear in the free issue schedule, from where they can be booked in (**). It also guarantees that only a single batch will be used for a WO.

Operation

  1. After approving a WO, go to the kit list and change the free issue batch to the one that you want to use.

Variations

  1. If you part book-in and dispatch multiple times against a SO leave do not mix batches unticked in the top-level parts.
  2. A more simple solution is to just mark the kit as do not mix batches and then when dispatching edit the pick list to use the batch you want to dispatch. i.e. just ignore the allocations that Match-IT makes until dispatch time. An alternative to editing the pick list is to change the batch allocated to the sales line and then raise the dispatch.

(*) Or set no mix on the PART record in the material. This method allows the material to still be used in other contexts that allow mixed batches.

(**) From here you can optionally raise a PO and book in the parts via a delivery note.

Configuring Virus Checkers

Match-IT is a huge system and the probability of false positives from virus checkers is high.  When this happens it can cause massive delays while it is resolved.  All our files are digitally signed with a “code signing” licence that we have to jump through hoops and pay a high price to obtain; but virus checkers still attack our files with false positives.

When our programs start they rigorously self-check both their digital signatures and verify a pre-computed checksum. Any alteration to a Match-IT file will be detected and Match-IT will refuse to run: It it is safe to exempt our files form your anti-virus, anti-spam, anti-threat software – and recommended for performance reasons.

While we do run our files through two virus checkers (Clamwin and Windows Defender) before uploading to the website, a change to your virus checker signature list (they typically update daily) may then detect new false positives.  We have absolutely no way at all to counter this other than folder exemption.  A good example happened on June 12th 2019 when Windows Defender on some sites (not all and not here) started attacking a file of ours that has not changed since 2015!

The following folders must be exempted in your virus checker(s) and Windows Defender if you allow it to run in parallel with your virus checker (often the case and in our experience often not realised).

Even if you are not getting false positives we highly recommend that you follow the procedure below for performance reasons.

Server

Assuming Match-IT is installed into c:\match_it you need to exempt:-

  • c:\match_it (if you have more than one install, do this for all of them)
  • c:\programdata\match_it

Workstations

Only applicable if you are running Match-IT across the network (i.e. not using terminal services).

It is absolutely essential that workstation exemptions are in place otherwise you will get all workstations checking the same files on the server which can result in data corruptions and performance issues.  You need to exempt:-

  • Any mapped drives that point at or contain Match-IT.  The server will be checking the destination of the mapped drive so having workstations duplicate that effort just negatively affects performance.  e.g. M:
  • The UNC path to Match-IT; e.g. \\myserver\match_it
  • Like the server, you must also exempt the local c:\programdata\match_it

Your IT company usually configure all this remotely with a global policy which means the workstations do not need to be done individually.

If you are unsure if the Match-IT exemptions are in place, please point your IT company at this article and ask them to check.

We also strongly recommend against using mapped drives; as they can be very slow.

Always use a UNC path as the target in the Match-IT shortcut.

Managed anti-virus programs often have alerts that the user has turned off, so all the user will see is a problem with Match-IT.  Typical symptoms are Windows saying that the shortcut target has disappeared and strange access denied errors.  If you see anything  like this, call us but also please point your IT company at this article and ask them to check AV configuration.  Often a new PC can creep in under the radar or it has a free trial AV installed that needs to be removed. Problems can persist after exemption because of the quarantined files and your IT company may need to resolve that as well.

 

How to move Match-IT between servers

Match-IT is self-contained in a single folder on a server.  There is no client-end software. This note assumes the immediate containing folder is called match_it.  It is connected from client workstations using one of three methods:-

  • A simple shortcut to run Match-IT across the network. This is how we leave it after the initial install.  Share the match_it folder on the server and then target match_go.exe using a UNC path.  Avoid using mapped drives(*).  The fields should look like this:-
    • Target: \\server_path\match_it\sys\match_go.exe ini=live.set
    • Start in: \\server_path\match_it
  • An overt RDP login to the server.
  • Some sort of application virtualisation; e.g. a published app.

The latter two are set up by IT and are becoming more popular with the availability of cheap powerful servers.  These also  facilitate use of WiFi which is not possible when running across the network.

To move Match-IT between servers, copy the Match-IT folder from one server to another and then repoint the workstation connection solution to the new location.  Users need full control of the Match-IT folder.

The first time Match-IT is run it needs local admin access to do some housekeeping.  It will let you know if it does not have this privilege.  Usually right-clicking and selecting “run as administrator” will allow Match-IT to do what it needs.  It may need an admin password depending on how IT have set up user profiles.  This only needs doing once.

There is a service that needs to be started on the new server but it’s easiest to call us to do it; for example over Teamviewer. It takes about 5 mins.

Match-IT is a large application and some virus checkers detect false positives.  Also the data files change many times per second which can have negative performance effects if virus checkers are active on them in real-time.  The Match-IT executables have built in checks and will not start if they have been modified.  We strongly recommend that you exempt the whole Match-IT folder on the server and also c:\programdata\match_it which contains a runtime copy.  If starting Match-IT with a simple shortcut we also strongly recommend exempting c:\programdata\match_it on workstations as well.

If the printers used by Match-IT now have different URLs, the Match-IT print queues will need a tweak and again it’s easiest if we do that if you let us know what they are.

(*) Virus checkers include mapped drives by default, which can obviously cause serious problems if the data files are changing frequently on the server.  If you have to use a mapped drive, we strongly recommend exempting it on the workstations.

 

Why has Match-IT slowed down?

Sometimes Match-ITs performance is compromised.  Here are the main reasons we have discovered over time:-

1. A virus/malware checker(s) is checking the Match-IT data files in real-time on the server. It is essential that the Match-IT data folder is exempt because the files changes so frequently (many times per second).  This is perfectly safe because the data files are not executable programs.

2. Use of mapped drives to access Match-IT is not recommended for the same reason. Local virus checkers on PCs check mapped drives to other computers by default, so you have to exempt the mapped drives on each PC and in each virus/malware checker on those PCs. This can usually be done with a global policy by your IT guys. But new PCs can still be a problem because they often come with a free one year AV program installed which starts checking mapped drives. We recommend sharing the Match-IT folder on the server and then connecting to it using UNC paths, but this is only of benefit if the mapped drive used to access Match-IT is also removed from each PC.  This also includes any other mapped drives that happen to include the Match-IT folder.  Either exempt the drive or preferably use UNC paths.

3. Dodgy network cards. Surprisingly frequently, network cards fail and while doing so cause problems. We have no idea how to detect this other than start one PC at a time and see when Match-IT slows down.

4. Slow/degrading server disk. Match-IT makes high demands on the server disk and it’s needs to be super-fast and efficient.

5. Use of WiFi.  If you use a laptop to run Match-IT please make sure that it’s physically plugged into the network.  Absolutely do not rely on WiFi.

6. Use a dedicated server.  Because of the relative cheapness of servers these days and the critical nature of Match-IT to our customers, many choose to have a dedicated Match-IT server; especially if the load from other server software components (like ACT) is high. Access is either by UNC paths (no mapped drives) or a published app so everybody is in fact running Match-IT on the server. Note that the latter has outlook licence and printing implications. We have a UK customer with a Match-IT server in mainland Europe and it is ultra-reliable; they use a  published app for access.

See also this article.

 

Why do sometimes have to recover a data file?

When using Match-IT across a network it is essential that the network is reliable because any dropout mid file transaction can cause a corruption of a data file.  Here are some tips to minimise problems:-

  1. On the server exclude the Match-IT folder (our executables self-check) and c:\programdata\match_it from real-time virus/malware checking and scanning.
  2. On workstations, do not use a mapped drive to point at Match-IT in your short cuts; use a UNC path (//servername/…).  Exempt c:\programdata\match_it and Match-IT on the server (using a UNC path) in anti-virus/malware software.  If you have a mapped drive to Match-IT on the server, even if it’s not used in the shortcut, also exempt it; this is essential, otherwise N PCs are checking Match-IT data files in parallel which can cause a lot of problems because the change so frequently.
  3. Do not rely on WiFi.  Make sure all network cables are connected and have not fallen out.
  4. Do not pull the network cable out of laptops before closing Match-IT and also make sure that you wait for Match-IT to exit completely.
  5. Close Match-IT and wait for it to exit completely before shutting down your workstation.
  6. Never under any circumstances click the “shutdown anyway” when shutting down your workstation and Windows says you have left Match-IT running.  Close Match-IT properly first.
  7. A Terminal Services solution (user logs into a server and run Match-IT from there) will provide better stability if any of the above are unresolveable.

See also this article.

How do I remove an Ad Hoc Works Order?

The output batches from an ad-hoc WO are almost always being used to satisfy a demand up the chain, so it is not usually possible to delete the WO itself.

The procedure needed is to go into the detail of the WO, then go to the Schedule tab, clear the Ad-Hoc Order Until date and save the WO.  It is then removed at the time of the next full reschedule – either automatically by the Agent overnight or if you decide to do one manually.

What is a dis-assembly method?

The Product Manual briefly mentions a dis-assembly method, but what does it do in practice and when would you use one?  This article attempts to answer those questions by means of an example.

Say for example that you use parts called A, B and C in your methods, and you can buy them from various suppliers as usual.  However, let’s say that A, B and C are in fact parts of a connector (for example) and you can buy a whole connector cheaper than the component parts.  By using a dis-assembly method attached to the connector, Match-IT will buy it and create a works orders to take it apart as needed; i.e. if it needs to acquire an A and/or B and/or C – which will have been defined as parts in other methods.

If the connector has an our part num of X and the relative value of A, B and C is 40%, 40%, 20%, the setup in the materials catalogue will look like this:-

X (can be purchased ticked and suppliers attached as usual)
METHOD (dis-assembly option selected)
  STEP (normal works order step)
    PART (self)
    OUTPUT A (40%) (the percentages are set manually - only you know the values)
    OUTPUT B (40%)
    OUTPUT C (20%)

A (nothing ticked)
B (nothing ticked)
C (nothing ticked)

“PART (self)” can be added to the method by dragging in a PART record from the list on the right – it defaults to “(self)” – i.e. use myself as the kit.  Similarly the output records can be dragged in and then edited to define what they create; A, B and C in this case.  If the connector cost £10 the cost of A, B and C will be £4, £4 and £2.

Any method requiring a whole connector will just have a “PART X” in its method somewhere as per normal; nothing special will happen; the connector will be bought and used like any other part.

If an A, B or C is required in a method, Match-IT will buy a whole connector X, create a works order to take it apart, using itself as kit and attach 3 outputs A, B and C, which will need to be booked in as the outputs of the works order.

Now say for example that a part called Y requires an A, the eventual schedule will partially look like this:-

WO(Y) < A < WO(X) < X < PO(X)
        B < 
        C < 

Unless of course there is some A in stock, in which case that will be used instead.

This is a very simple example.  The dis-assembly method can also have resources to do the work and they will be costed as per normal.  Other parts and/or tools may also be needed.

How do I cancel a shutdown?

When you use the resource shutdown facility, what you are in effect doing is adding resource weeks to the system. Resource weeks are records that define availability. Each record spans one week and has a start date.

So to cancel a previous shutdown, go into the list of resource weeks:-

Functions | Standing Data | Resources | Resource Weeks

Then locate and Remove the relevant resource week records one by one.