Epicor Security

Epicor ERPSecurity Course9.05.702

Disclaimer

This document is for informational purposes only and is subject to change without notice. This document and itscontents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of itsdate of publication. However, Epicor Software Corporation makes no guarantee, representations or warranties withregard to the enclosed information and specifically disclaims any applicable implied warranties, such as fitness for aparticular purpose, merchantability, satisfactory quality or reasonable skill and care. As each user of Epicor software islikely to be unique in their requirements in the use of such software and their business processes, users of this documentare always advised to discuss the content of this document with their Epicor account manager. All information containedherein is subject to change without notice and changes to this document since printing and other important informationabout the software product are made or published in release notes, and you are urged to obtain the current releasenotes for the software product. We welcome user comments and reserve the right to revise this publication and/ormake improvements or changes to the products or programs described in this publication at any time, without notice.The usage of any Epicor software shall be pursuant to an Epicor end user license agreement and the performance ofany consulting services by Epicor personnel shall be pursuant to Epicor's standard services terms and conditions. Usageof the solution(s) described in this document with other Epicor software or third party products may require the purchaseof licenses for such other products. Where any software is expressed to be compliant with local laws or requirementsin this document, such compliance is not a warranty and is based solely on Epicor's current understanding of such lawsand requirements. All laws and requirements are subject to varying interpretations as well as to change and accordinglyEpicor cannot guarantee that the software will be compliant and up to date with such changes. All statements ofplatform and product compatibility in this document shall be considered individually in relation to the products referredto in the relevant statement, i.e., where any Epicor software is stated to be compatible with one product and alsostated to be compatible with another product, it should not be interpreted that such Epicor software is compatiblewith both of the products running at the same time on the same platform or environment. Additionally platform orproduct compatibility may require the application of Epicor or third-party updates, patches and/or service packs andEpicor has no responsibility for compatibility issues which may be caused by updates, patches and/or service packsreleased by third parties after the date of publication of this document. Epicor® is a registered trademark and/ortrademark of Epicor Software Corporation in the United States, certain other countries and/or the EU. All othertrademarks mentioned are the property of their respective owners. Copyright © Epicor Software Corporation 2013.All rights reserved. No part of this publication may be reproduced in any form without the prior written consent ofEpicor Software Corporation.

EDE8806905

90521-905-9287-583702

9.05.702

Revision: March 14, 2013 2:06 a.m.

Total pages: 30

course.ditaval

Contents

Security Course.......................................................................................................................4Before You Begin....................................................................................................................5

Audience.........................................................................................................................................................5

Prerequisites....................................................................................................................................................5

Environment Setup..........................................................................................................................................5

Overview.................................................................................................................................7Security Privileges..................................................................................................................8

Company Security............................................................................................................................................8

Security Group Maintenance............................................................................................................................9

Workshop: Create a Security Group..........................................................................................................9

User Account.................................................................................................................................................11

User Details............................................................................................................................................11

Security Manager....................................................................................................................................12

Workshop: Assign Security Privileges.......................................................................................................13

Workshop: Assign Security Groups.........................................................................................................14

Workshop: Assign Companies................................................................................................................15

Assign Security......................................................................................................................16Run Time Argument Menu Control................................................................................................................16

Workshop: Define Run Time Arguments.................................................................................................17

Menu Maintenance........................................................................................................................................18

Workshop: Create a Security Code.........................................................................................................18

Workshop: Assign Menu Security............................................................................................................20

Process Security Maintenance........................................................................................................................21

Workshop: Assign Process (Business Object) Security...............................................................................21

Workshop: Assign Method Security........................................................................................................23

Field Security Maintenance.............................................................................................................................24

Workshop: Assign Global Field Security...................................................................................................25

Workshop: Security Group Field Security.................................................................................................26

Workshop: Use Field Security..................................................................................................................27

Security Management..........................................................................................................28Menu Security Report....................................................................................................................................28

System Activity Log........................................................................................................................................28

Conclusion.............................................................................................................................29

3Epicor ERP | 9.05.702

ContentsSecurity Course

Security Course

Security is important because it protects sensitive data, guards against destructive operations, and grants accessto needed information.

Typically, there are two security environments - the network security environment and the application securityenvironment. This course focuses on the application security environment.

You define security for your application through two key programs. First, use Security Group Maintenance tocreate the security groups you need. Then assign all users within your application to these security groups throughUser Account Maintenance.

With security groups and their selected users defined, you can then assign security privileges throughout theapplication. For example, you may want to prevent access to Payroll programs for most users. You can use thesecurity privilege tools to only give members of the Payroll security group access to these programs.

You review security settings through two tools. The Menu Security report displays the current access rights specificusers and security groups have on the Main Menu. The System Activity Log tracks database modification activitywithin the application; use this tracker to review the database activity for a specific user, table, date, and so on.

Upon successful completion of this course, you will be able to:

• Create a system of security groups applicable to your organization.

• Assign users to security groups.

• Define security levels for programs, processes, and fields.

• Review the security settings you have defined.

Epicor ERP | 9.05.7024

Security CourseSecurity Course

Before You Begin

Read this topic for information you should know in order to successfully complete this course.

Audience

Specific audiences will benefit from this course.

• System Administrator

• IT/Technical Staff

Prerequisites

In order to complete the workshops in this course, all necessary modules must be licensed and operating in yourtraining environment. For more information on the modules available, contact your Epicor Customer AccountManager at [email protected]. It is also important you understand the prerequisite knowledge containedin other valuable courses.

• Navigation Course - This course introduces navigational aspects of the Epicor application's user interface.Designed for a hands-on environment, general navigation principles and techniques are available at each ofthe interface levels in the Epicor application - system, module, and program. Workshops focus on each ofthese levels and guide you through each navigational principle introduced.

• Recommended: Knowledge Camp Course - This course provides a high level overview of the quote tocash flow through the Epicor 9.05 application. You begin with how to create a quote, process it as an order,and fill the order across production planning and purchasing. The course also covers the manufacturing planand shipment of parts to a customer, as well as how to process invoices, enter cash receipts, and generatesupplier payments.

Environment Setup

The environment setup steps and potential workshop constraints must be reviewed in order to successfullycomplete the workshops in this course.

Your Epicor training environment, in which the Epicor demonstration database is found, enables you to experienceEpicor functionality in action but does not affect data in your live, production environment.

The following steps must be taken to successfully complete the workshops in this course.

1. Verify the following or ask your system administrator to verify for you:

• Your Epicor training icon (or web address if you are using Epicor Web Access) points to yourEpicor training environment with the Epicor demonstration database installed. Do not completethe course workshops in your live, production environment.


Before You BeginSecurity Course

Note It is recommended that multiple Epicor demonstration databases are installed. ContactSupport or Systems Consulting for billable assistance.

• The Epicor demonstration database is at the same service pack and patch as the Epicorapplication. Epicor's education team updates the Epicor demonstration database for each service packand patch. If your system administrator upgrades your Epicor application to a new service pack or patch,he or she must also download the corresponding Epicor demonstration database from EPICweb > Support> Epicor > Downloads and install it. If this is not performed, unexpected results can occur when completingthe course workshops.

• Your system administrator restored (refreshed) the Epicor demonstration database prior tostarting this course. The Epicor demonstration database comes standard with parts, customers, salesorders, and so on, already defined. If the Epicor demonstration database is shared with multiple users(that is, the database is located on a server and users access the same data, much like your live, productionenvironment) and is not periodically refreshed, unexpected results can occur. For example, if a courseworkshop requires you to ship a sales order that came standard in the Epicor demonstration database,but a different user already completed this workshop and the Epicor demonstration database was notrestored (refreshed), then you will not be able to ship the sales order. Epicor's education team has writtenthe course workshops to minimize situations like this from occurring, but Epicor cannot prevent usersfrom manipulating the data in your installation of the Epicor demonstration database.

2. Log in to the training environment using the credentials manager/manager. If you are logged into yourtraining environment as a different user, from the Options menu, select Change User.

3. From the Main menu, select the company Epicor Education (EPIC06).

4. From the Main menu, select the Main Plant.

Instructor Note

In order for users to complete the Field Security Maintenance workshops, you will need to activate acustomization of Call Type Maintenance. Review these workshops to see what the customization needs, andcreate the customization. Be sure to set up this customization as the default interface for Call Type Maintenancewithin Menu Maintenance.


Security CourseBefore You Begin

Overview

You need to assign security access to the Epicor application because this functionality:

• Protects sensitive data

• Guards against users accidentally making harmful changes

• Grants users access to the programs, reports, and processes they need to perform their specific tasks,streamlining their use of the Epicor application

• Prevents users from accessing areas of the Epicor application that fall outside of their work functions

Application security is embedded within the application and is available as part of the installation. You leverageboth Security Group Maintenance and User Account Maintenance to set up security levels. You can then grantusers, or groups of users, security privileges for specific areas in the application. Security privileges can be set atspecific levels such as menu security or field security.

At any time, you can run the Menu Security report and the System Activity Log to review the security settingswithin the current company. You can then make any adjustments to the security settings that you need.


OverviewSecurity Course

Security Privileges

This section of the course describes how you establish security privileges within your current company.

Company Security

Your Epicor application has at least one company set up in the database. This company contains the varioussuites of Epicor modules your organization has purchased.

You leverage the security tools to define security privileges for your organization. If your organization has multiplecompanies set up within the Epicor application and you are responsible for defining security across the organization,you will need to set up security separately within each company. All users within each company will then haveaccess to the Epicor application using the security plan you have defined.

Every database needs at least one company established in it. During installation, the Epicor application automaticallycreates a blank company (TEST) and a single user (MANAGER) with Security Manager privileges in every database.You can then successfully log into the Epicor application for the first time.


Security CourseSecurity Privileges

Security Group Maintenance

Use Security Group Maintenance to establish security groups that define various functions either throughoutyour organization or for a specific company. You then use these security groups to assign or limit access to variousareas within the Epicor application.

You can assign a user to a security group in User Account Maintenance, and then you can select security groupson various security sheets in other programs. While optional, security groups are useful because they can categorizeemployees by role or department.

Epicor recommends you create security groups and assign all users to specific groups. You then simplify yoursecurity setup, as you do not need to assign security to individual users. This approach also ensures you implementsecurity through an organized and clearly defined method.

Before you begin assigning security, consider the various areas of security your company needs. You should thendesign a security plan and enter security groups that reflect this plan. While you set up this plan, consider thatroles tend to be more generic, while job titles tend to be more specific. Several job titles can fulfill the responsibilitiesof a single role.

Menu Path

Navigate to this program from the Main Menu:

• System Management > Security Maintenance > Security Group

Important This program is not available in the Epicor Web Access™ interface. You can launch this programfrom an Epicor Smart Client (Windows

®) interface.

Workshop: Create a Security Group

During this workshop, you will create a new security group.

Navigate to Security Group Maintenance.

Menu Path: System Management > Security Maintenance > Security Group


®) interface.

1. Click New.

2. In the Group Code field, enter XXX_PROD (where XXX are your initials).

This defines the identifier used for the security group.

3. In the Description field, enter _Production Staff.

This text displays within the security programs, so enter a brief, concise explanation for the group in thisfield.

Tip If you place an underscore (_) or a period (.) in front of the Description, the security group sortsto the top of the list in the security programs. This makes the new security group much easier to find.

4. Click Save.

5. Exit Security Group Maintenance.


Security PrivilegesSecurity Course

You have now created the Production Staff security group. Repeat these steps to create all the security groupsyou need.

Epicor ERP | 9.05.70210


User Account

Launch User Account Maintenance to assign users to both security privileges and security groups.

The security privileges give a specific user access to various Epicor application features. For example, you can givea user access to the customization tools, but not allow this user to make interface language changes. You canalso give a user Security Manager rights; this user can then modify security settings for other users.

Through the security group functionality, you can assign a single user to multiple security groups. When youallow or disallow a security group on security sheets in other programs, the users assigned to this security groupwill either have access or have no access to this functionality.

Menu Path


• System Management > Company Maintenance > User

• System Management > Security Maintenance > User Security

User Details

Use the Detail sheet to enter basic user account information such as user ID, name, address, phone numbers,and password information. You typically use this sheet when you are creating a new user account.

Anyone who accesses the application must have a user account. This section highlights key fields and sheetsfound in the user account record that you define to establish security access for each user. You set up securityinformation for each user account on the following sheets:

User ID and Name

All users have both a user identifier (ID) and a name that uniquely identifies each user. Users are prompted fortheir User ID and Password when they log into the application. The User ID displays in many entry programs likeSales Order Entry and Purchase Order Entry; this feature indicates who created the initial record.

The User ID field is alphanumeric and can be up to 20 characters long.

Tip Consider using employees' network login ID as their Epicor application User ID. The network login IDdefaults in the Name field when users log into the Epicor application.

Address and Contact Information

Use this area to enter the mailing address, the e-mail address, and phone numbers for each user. These fieldsare optional and are used for reference purposes only.

Some users must be set up in other areas of the application as well. For example, a sales force member wouldalso be set up in Work Force Maintenance with a sales role. In this situation, consider leaving the address andcontact information blank in the user account record and place a note in one of the fields to direct people to theWork Force record for the address and contact information.

Disable Account

Select the Disable Account check box to temporarily or permanently stop a user account. This account can nolonger be used to access the Epicor application. Note the application defines a new account as disabled by default.You can then complete the setup for a user before activating the account.

11Epicor ERP | 9.05.702


You may also want to disable an account if someone is on an extended leave or if someone leaves the company.Once an account is disabled, that user cannot log into the application. They will receive an Invalid log onmessage.

Important When you create a new user account, this account is disabled by default. If you want this newuser to log into the Epicor application, be sure you clear this check box.

Security Manager

The Security Manager status is a special permission granted to certain users. If your user account has these rights,you can secure menu and process security options to indicate that a module, program, or process is restricted tospecific users.

Security managers are defined User Account Maintenance on the Group sheet by selecting the Security Managercheck box. Note that only other users with security manager status can access to this option. Epicor creates asingle user (manager) with security manager privileges in every database. This default record is created duringinstallation, and you use this account to create user account records.

The Epicor application restricts access to the System Management module; only users who have security managerstatus can access this module. The programs used to create a security strategy are only available within the SystemManagement module.

Be aware that it is a good business practice to not give yourself Security Manager access on your normal useraccount. This ensures the menu choices you make on your normal login are appropriate for your typical dailyroutine. It also ensures that other employees do not grant security access to themselves when you are away fromyour computer. Instead, create a separate Security Manager account that you use for security tasks.

Epicor ERP | 9.05.70212


Workshop: Assign Security Privileges

You assign security privileges to a user on the group sheet.

Navigate to User Account Maintenance.

Menu Path: System Management > Security Maintenance > User Security

1. In the User ID field, enter Fred and press Tab.

For this workshop, you select Fred Grandy.

Tip You can limit what this user sees on the Main Menu by entering a value in the Client Side MenuID field. Enter a menu identifier for either a sub-menu or a program. When this user launches theEpicor application, only the contents under the specific sub-menu identifier or the specific programappear on the Main Menu. You can find the specific menu identifier you need within MenuMaintenance. This program is described later within this course.

2. Click on the Options sheet.

3. Select the Security Manager check box.

Users with this security access can define and change the profiles of themselves and other users. They canalso access all security programs.

4. In the Tools Options section, select the Allow Personalization check box.

Use this section to assign or prevent this user from accessing various tools and functions throughout theapplication. A number of check box options are here; select the options you want available to this user. Forthis workshop, Fred Grandy will be able to personalize all programs he uses.

5. In the Access Options section, select the Allow Enterprise Search check box.

Use this section to allow or prevent this user from viewing information within a web browser, mobile device,and enterprise-wide searches.

6. In the System Options section, verify the Can Maintain Favorites Programs check box is selected.

Use this section to allow or prevent this user from running system-wide capabilities such as companyannotations and adding favorites items to the Favorites bar.

7. Click Save.

If you want to learn more about each security privilege available on this sheet, review the User AccountMaintenance > Group topic in the application help.

13Epicor ERP | 9.05.702


Workshop: Assign Security Groups

You add a specific user to security groups on the Group sheet.

1. Navigate to the Group sheet.

The Available list displays all security groups to which Fred Grandy can be assigned. He is an engineer, soyou want to add him to the _Production Staff group

2. Highlight the _Production Staff group from the list.

3. Click the Right Blue Arrow button.

4. The _Production Staff security group now moves to the Authorized list.

5. Click Save.

Fred is now an official member of the Production Staff security group.

Epicor ERP | 9.05.70214


Workshop: Assign Companies

You can also define which companies within your organization Fred can access.

1. Navigate to the Company > Detail sheet.

2. On the left, expand the Tree view.

3. From the list of companies, select EPIC06.

4. Verify the Main Plant displays within the Authorized Plants field.

5. Click Save.

6. Exit User Account Maintenance.

Fred Grandy now can access programs from the Main Plant with the Epicor Education company.

If your organization has a Multi-Site license, you can additionally set up external companies for Fred's user account.When you assign external companies to a user account, this user can see data from other companies ondashboards. This functionality is beyond the scope of this course. For more information, take the Multi-Site courseor review the Multi-Company Technical Reference Guide in the application help.

15Epicor ERP | 9.05.702


Assign Security

You explore how to assign security to programs, processes, and fields during this section of the course.

You assign security through three programs:

• Menu Maintenance

• Process Security Maintenance

• Field Security Maintenance

You can also restrict access to specific areas of the Epicor application using run time arguments. You set up theserun time arguments on the desktop icons for client installations. The Run Time Argument Menu Control sectiondescribes this functionality.

Security Conflicts

The application handles any conflicts between security groups through an access hierarchy.

1. If a user is assigned to security group Engineering, which allows access to the Engineering Workbench, andsecurity group Purchasing, which does not, the user will still be able to launch the Engineering Workbench.The security group with more access overrides the security group with less access.

2. Likewise, if a user is assigned rights to a program, but is assigned to a group which is not, the user is stillable to launch the program. User rights have precedence over group rights.

3. The Allow Access mode also has precedence over the Disallow Access mode. You select these modes onthe Menu Maintenance, Process Security Maintenance, and Field Security Maintenance programs.

Run Time Argument Menu Control

You can assign security on specific desktop icons by using run time arguments. Use this functionality to limit theprograms that display when users launch the Epicor application from a desktop icon.

This security functionality is an effective way to quickly set up a level of security on workstations. You do notneed to use security groups or user accounts with this functionality.

Each workstation can have a number of desktop icons available for launching the Epicor application. Each desktopicon can in turn be set up to launch the Epicor application in a specific mode. These modes, or run time arguments,activate immediately when a user double-clicks on the program icon.

You can use the "/ menuid" run time argument to cause the Main Menu to only display a specific sub-menu ora specific program. The user who launches the Epicor application using this icon is then limited to the programsaccessible within either the menu or the specific program.

You can also use the /TE and /CRM run time arguments to set up unique concurrent user licenses. The /TEargument limits the Main Menu to display only the Time and Expense functionality, while the /CRM argumentlimits the Main Menu to display the Customer Relationship Management functionality. These unique licensesconsume a different concurrent user pool. Activate these licenses either when you want to limit a workstationto display only these specific functions or when you want to set up additional licenses separate from the generaluser pool.

Epicor ERP | 9.05.70216

Security CourseAssign Security

Workshop: Define Run Time Arguments

To leverage this feature, you display the Properties window for the Epicor icon and then modify the Target fieldto include a menu ID.

During this workshop, you will limit a workstation to only display programs in the CRM module.

1. On the desktop for the workstation, right-click on the application's icon.

2. A context menu displays. Select the Properties option.

3. The application’s Properties window appears, displaying the Shortcut tab.

4. In the Target field, enter a [Space] after the target directory path.

5. Now enter the "-config" run time argument and indicate which configuration settings file the icon will use.

6. Next add a right slash ("/") and enter the identifier for the menu or program that you want to display. Torestrict the workstation to display only the CRM module, enter:

• C:\_Epicor\905client\MfgSys.exe -config=default.mfgsys /menuid=CRMN0000

7. Click Apply.

8. Click OK.

9. Now when users launch the Epicor application from this desktop icon, they will only see the CRM moduleon their Main Menu tree view.

This method may not limit access to all the programs you intend. Several programs can still be launched byright-clicking various fields. For example, users could still launch Part Maintenance the Part field's context menu.You will need to use other security methods described later in this course to restrict access to the programsavailable on context menus.

17Epicor ERP | 9.05.702

Assign SecuritySecurity Course

Menu Maintenance

Use Menu Maintenance to customize the menu interface throughout the application. You can select a specificdashboard, custom program, or custom report, and make it available to everyone in your company.

Menu security is considered the highest level in which security privileges are set. Security established at this levelallows a folder or program to not display on the Main Menu for any number of security groups or specific usersyou identify. Changes you make in this program display on all the workstations that run the application.

Menu Maintenance has two main functions. It allows you to replace a current program with a customized programand add menu items for custom programs and custom reports.

Important You can only use this program if you have Customization Rights. For information on howto obtain these rights, read the User Account Maintenance > Group topic.

Business suite modules are organized into folders. Submenus and module function categories, such as Setup,General Operations, and Reports, are also organized into folders; security is not required. All menu options,except those in the System Management business suite, are available to all users when the application is installed.

Key Fields

This section highlights key fields and areas in Menu Maintenance.

Security ID

This is the internal security ID and description for a module, submenu, or program. The Security ID field is displayonly.

Security Manager Access Only

Select this check box to indicate that this module or program is restricted to security managers. Only users selectedas a security manager in User Account Maintenance have access to this option.

Current Company Only

Select this check box if the security privileges you are setting apply to the current company from which you havelaunched Menu Maintenance.

Disconnected

This check box determines whether the security ID is available in Mobile Connect. This setting is maintained byEpicor, so the check box is never available (grayed out).

Menu Path


• System Management > Security Maintenance > Menu Maintenance

• System Management > Utilities > Menu Maintenance


®) interface.

Workshop: Create a Security Code

During this workshop, you will create a security code and indicate which users have access to this code.

Navigate to Menu Maintenance.

Epicor ERP | 9.05.70218


Menu Path: System Management > Utilities > Menu Maintenance


®) interface.

1. Click New and select New Security.

2. In the Security ID field, UD_XXX (where XXX are your initials).

3. In the Description field, enter Production Staff Engineering.

The purpose of the description is to briefly describe the purpose of the new security.

4. Select the Current Company Only check box to apply this security code against the Main Menu structurefor the current company.

Only users with access through this security code can display and launch the programs within this companynode, but this security code is not applied against other companies. If the Current Company Only check boxis not selected (check box is clear), this security code is applied against all companies within your Epicorapplication.

Tip The Security Manager Access Only option is useful when you are first setting up security, asit blocks all accesses until you create a security plan. As described previously in the course, you assignsecurity rights to user accounts within User Account Maintenance.

5. To prevent users within this security code from launching the Epicor application within an internet browser,select the Exclude Epicor Web Access check box.

6. Navigate to the Allow Access sheet.

Important You can use either or both sheets to assign security; remember that the Allow Accessmethod overrides the Disallow Access method. If a user is assigned to both sheets, the user has accessto programs assigned to this security code.

7. Clear the Allow Access to All Groups/Users check box.

The Groups/Users and Selected Groups/Users lists become active. Note, however, that until you addusers and/or groups to the Selected Groups/Users list, nobody has access through this security level. Be sureyou are ready to assign security before you clear this check box.

8. Highlight the _Production Staff security group.

9. Click the Right Blue Arrow button.The _Production Staff security group displays on the Selected Groups/Users list.

10. Click Save.

11. Remain in Menu Maintenance.

Now only users assigned to the _Production Staff security group have access to programs linked to this securitycode. Any groups or users that remain in the Groups/Users list do not have access to the programs assigned tothis security level.

19Epicor ERP | 9.05.702


Workshop: Assign Menu Security

During this workshop, you will assign your new security code to the Engineering Workbench.

When you assign a security code to a selected program, only those users given access through this security codecan launch the program. If a security group (or user) is not included in the security ID, individuals in this group(or user) cannot launch this program from their Main Menu.

1. Navigate to the Detail sheet.

2. In the Tree View, select Production Management > Engineering > General Operations > EngineeringWorkbench.

Important Be aware that when you change the security code for a standard menu item like theEngineering Workbench, this code reverts back to its original security code when you install the nextservice pack. You should either use this functionality only for custom programs or be prepared toreassign the menu security codes after a service pack installation.

3. Click the Security ID… button.

The Security Search window displays.

4. Search for and select the UD_XXX (where XXX are your initials) security code you created during the previousworkshop and click OK.

The Security ID… field now displays the new security level you have selected.

5. Click Save.

6. Exit Menu Maintenance.

This program is assigned to this security level. You could now continue to assign security levels to the programsyou need on the Main Menu.

You can also review which programs are assigned to this security code. To do this, return to the Security sheetand find/select your UD_XXX security code. The Menu Options field displays all the programs that currently usethis security level.

Epicor ERP | 9.05.70220


Process Security Maintenance

Use this program to establish security at the process level and at the method level within a process.

Use the Process sheet to set the security privileges at the process level.

Use the Method sheet to establish security at the method level within a process. A method is an action that canbe taken in a process such as Update, Get New, Approve, and so on.

Example The Terms process (Business Object) is in the menu in several places, as well as being calledfrom within Company Configuration and other programs. If you want to block access to from ANYWHERE,you would limit it at the business object level (BO.Terms) on this Process sheet. If you want to block theability Update to any existing Terms codes, you would limit it at the Method level (BO.Terms.Update)on the Method sheet.

When a business object is secure, all methods within this business object are also secure. This can lead tounexpected results, as the methods will not run through Service Connect, embedded processes, and from othermenu options. Epicor recommends you assign security in a test environment first before you deploy securitywithin your live environment.

Menu Path


• System Management > Security Maintenance > Process Security

Workshop: Assign Process (Business Object) Security

You define a business object's security by first selecting it and then indicating which groups/users can and cannotaccess it.

Navigate to Process Security Maintenance.

Menu Path: System Management > Security Maintenance > Process Security

1. Click New.

2. Click the Process ID… button.

Note You can also use the Search button on the Standard toolbar to find and select the businessobject you need.

3. Search for and select the bo.AbcCode business object.

4.

5. Select the Current Company Only check box to apply this security setting for the process against thecurrent company.

Only users with access through this security code can display and launch the programs within this companynode, but this security code is not applied against other companies. If the Current Company Only check boxis not selected (check box is clear), this security setting is applied to this process across all companies in yourdatabase.

21Epicor ERP | 9.05.702


Tip You can restrict this business object to security managers by selecting the Security ManagerAccess Only check box. This indicates that only users defined as Security Managers within UserAccount Maintenance are able to access this business object.

6. Select the Exclude Epicor Web Access check box.

This prevents users within this security group from launching the Epicor application within an internetbrowser.

7. Navigate to the Disallow Access sheet.

Note You can assign security through two sheets, you can Allow Access or Disallow Access tosecurity groups and users. For this workshop, you will disallow access to this process. You can useeither or both sheets to assign security; remember that the Allow Access method overrides the DisallowAccess method. If a user is assigned to both sheets, the user has access to this process.

8. If necessary, clear the Disallow Access to All Groups/Users check box to prevent all groups and usersfrom accessing this business object.

Until you add users and/or groups to the Selected Groups/Users list, everyone has access to this businessobject. Be sure you are ready to assign security before you clear this check box.

You can now define the specific groups and users that cannot use this business object.

9. Click the Double Right Blue Arrow button to disallow access for everyone.

All the security groups and users move to the Selected Groups/Users list.

10. From the Selected Groups/Users list, highlight the _Production Staff security group.

11. Click the Left Blue Arrow button.The _Production Staff security group displays on the Group/Users list. Now only users assigned to this securitygroup can use this process.

12. Click Save.

13. Remain in Process Security Maintenance.

Through this setting, only users assigned to the _Production Staff security group can use the ABC Code process.You should probably undo this setting after you finish the Security course. This process may be used in othercourses within the Epicor Education database, and keeping this security level will prevent most users from runningit.

Epicor ERP | 9.05.70222


Workshop: Assign Method Security

You can also use Process Security Maintenance to define security for methods within a selected business object.

A method is an action which can be run within a process like Update, Get New, Approve, and so on. For example,you can use this functionality to permit a user to add a release to an existing purchase order but prevent thissame user from creating a new purchase order.

Tip Not all business objects have multiple methods. This sheet is only for more complex business objectsthat perform a variety of actions.

1. Click the Down Arrow next to the New button; select New Method.The Method sheet becomes active.

2. From the Method Name drop-down list, select GetRows in bo.AbcCode.

3. Select the Current Company Only check box to apply this security setting for this method against thecurrent company.

4. Navigate to the Allow Access sheet.

5. Clear the Allow Access to All Groups/Users check box.

Until you add users and/or groups to the Selected Groups/Users list, nobody has access to this method.Be sure you are ready to assign security before you clear this check box.

6. Highlight the _Production Staff group.

7. Click the Right Blue Arrow button.The _Production Staff security group displays on the Selected Groups/Users list.

8. Click Save.

9. Exit Process Security Maintenance.

Through this setting, only users assigned to the _Production Staff security group can use the Get Rows methodon the ABC Code process. Undo this setting after you finish the Security course. This method may be used inother courses within the Epicor Education database, and keeping this security level will prevent most users fromrunning it.

23Epicor ERP | 9.05.702


Field Security Maintenance

Use Field Security Maintenance to establish security privileges at the field level in specific database tables,extended user defined tables, and fields throughout the application.

Field Security Maintenance contains functionality you leverage to define security privileges on fields for all users,selected users, and groups. You use this program to first select a table and then allow, limit, or prevent accessto specific fields within the selected table. Each field can have a unique security level assigned to it; this level canbe globally defined for the whole organization, specifically defined for the current company, or specifically definedfor a selected user or group.

Using this program you also can reset the security privileges of the selected field or of the whole table to theirdefault values for all users. It is also possible to view the security privileges for all the fields in the table for theselected user.

Set up user accounts and security groups before using this program.

Important Table and field security can only be applied to actual database tables and columns. Usecustomization to secure temporary table information. You can also use Business Process Managementmethod directives to secure temporary tables.

Example The application's Field Help displays several pieces of information including EpiBinding, DatabaseField, Like, and the External check box. In this example, the SrcGLTran table is a temp table and not anactual database table.

In the Technical Details section of Field Help, you can view EpiBinding information for temp tables; however,database field information does not display and the External check box is selected. If the External checkbox is selected and no data displays for the database field, the application indicates this is a CalculatedColumn or belongs to a temp table.

You can use Extended Properties Maintenance to verify the table type. If the dataset table is temporary,Temp Table displays in the Table Type field. Use the Fields > Detail sheet to determine if the field isExternal. Typically, temp tables have a Like value that points to the actual table or column used to retrieveand store the data.

Menu Path


• System Management > Security Maintenance > Field Security


®) interface.

Epicor ERP | 9.05.70224


Workshop: Assign Global Field Security

You can assign security to a specific field that then applies to the entire organization or a specific company.

Navigate to Field Security Maintenance.

Menu Path: System Management > Security Maintenance > Field Security


®) interface.

1. In the Table field, enter CallType and press Tab.

The Description field displays the purpose of the selected table.

2. In the Tree View, select the CallTypeDesc field.

The Field Name displays the name of the selected field.

Example If the Primary Key check box is selected, it indicates the current field is required by thedatabase. You cannot change the security option for a Primary Key field; usually these fields are foridentifiers like the customer ID, part ID, and so on. The CallTypeDesc field is not a primary key, however,so for this example, the check box is clear.

3. In the Access field, select Read.

This option assigns display-only (read-only) rights to the current field. Users can only view data within thisfield; users cannot enter any data within it.

The remaining options include:

• Full - Users can both view and enter data within this field. This security option is the default.

• None - This security option causes the field to be blank. No data displays in this field, and users cannotenter any data in it. Be aware that the None setting also causes the field's data to not be included whenthe dataset is sent to and from its program. This can have unintended consequences for processes, likeBPM directives, which may require this data.

4. Select the Current Company Only check box.

You want this security level to only apply to the field within the company you are currently logged into. Ifyou keep this check box clear, the Read security level you define for this field is used globally for this fieldthroughout your organization.

5. Click Save.

6. Remain in the Field Security Maintenance.

Now users can only review the text in the Call Type Description field. Note that after you finish this Securitycourse, undo this setting so that it does not cause issues for other courses that may use this company.

25Epicor ERP | 9.05.702


Workshop: Security Group Field Security

You can also assign security to a field that only applies to a specific user or security group.

1. Navigate to the Users/Groups sheet.

2. In the grid, select the _Production Staff security group.

3. In the Tree View, select the ShortChar02 custom field.

Tip Custom fields are special fields you can add to a customized form; users then enter unique datawithin these fields. For more information about custom fields, enroll in one of the Customizationcourses or review the Customization topics within the application help.

4. Click in the Access column to display the drop-down list and select the Full option.

Just like the previous workshop, you have the Full, Read, and None security options. You also have theDefault option; select this option when you want the user or security group to use the global security levelassigned for this field on the Detail sheet.

5. Select the ShortChar03 custom field.

You want to give members of the _Production Staff security group read-only rights to this field.

6. Click in the Access column and select the Read security option.

7. Select the ShortChar04 field.

8. Click in the Access column and select the None security option.

9. Click Save.

10. Exit Field Security Maintenance.

Epicor ERP | 9.05.70226


Workshop: Use Field Security

Now that you have defined field security for the _Production Staff security group on the CallType table, you cansee the security options in action.

Important For this example, Call Type Maintenance was customized to display the ShortChar01,ShortChar02, and ShortChar03 custom fields. These fields, and their accompanying labels, were addedusing the customization tools.

Navigate to Call Type Maintenance.

Menu Path: Sales Management > Customer Relationship Management > Setup > Call Type

Tip The CRM menu path is: Customer Relationship Management > Sales and Marketing Management >Setup > Call Type

1. In the Call Type field, enter MRKTNG and press Tab.

Notice the three custom fields are available (Full rights) for data entry; you enter a text value, Primary, withineach field. The Full field is the ShortChar01 custom field from the CallType table.

2. The Read Only field is the ShortChar02 custom field from the CallType table.

3. The None field is the ShortChar03 custom field from the CallType table.

4. Click Save.

5. Exit Call Type Maintenance.

6. From the Options menu, select Change User.

7. For the User name and Password, use Fred.

Recall Fred is a member of the _Production Staff security group.

8. Use the Main Menu as previously described to navigate to Call Type Maintenance.

9. Load in the MRKTNG call type record again.

Notice that you can enter and update data within the Full field. The Read Only field displays the data, but youcannot edit information in it. The None field is empty. Members of the _Production Staff security group cannotsee or edit data within this field.

27Epicor ERP | 9.05.702


Security Management

Menu Security Report

Use the Menu Security report to review the current access users and security groups have on the Main Menu.

Generate this report to evaluate the security currently defined for your programs. You can review the securityfor users, security groups, or both. You can also filter this report to only display access for a specific program,user, or security group. This key report can give you a complete overview of the security plan currently in place.

• Use this Selection sheet to choose the parameters for the report.

• Use the Filter sheet(s) to select the User and Security Group to include on the report.

Important For more information on how to review the status of any reports/forms you print, preview, orgenerate, review the System Monitor topic in the Interface Navigation section of online help.

Menu Path


• System Management > Security Maintenance > Reports > Menu Security Report

System Activity Log

Use this dashboard to review all the database modifications that occurred within the application.

This valuable tool can help you determine where and when specific database changes were carried out and whoinitiated these changes. You can quickly locate the database activity you wish to review by filtering the dataactivity that displays through several advanced search parameters.

Menu Path


• System Management > Security Maintenance > System Activity Log

Epicor ERP | 9.05.70228

Security CourseSecurity Management

Conclusion

Congratulations! You have completed the Security course.

29Epicor ERP | 9.05.702

ConclusionSecurity Course

Additional information is available at the Education andDocumentation areas of the EPICweb Customer Portal. To access

this site, you need a Site ID and an EPICweb account. To create anaccount, go to http://support.epicor.com.

http://support.epicor.com

Documents

Epicor Security