Does anyone know of a way to copy or export field level security?
??
Try calling
Ice.Proxy.Sec.SecRights.GetRestrictedColumns
with parameters like ā¦
<parameters>
<parameter name="companyID" type="System.String"><![CDATA[MC]]></parameter>
<parameter name="userID" type="System.String"><![CDATA[rdelgado]]></parameter>
<parameter name="schemaName" type="System.String"><![CDATA[Erp]]></parameter>
<parameter name="tableName" type="System.String"><![CDATA[Part]]></parameter>
</parameters>
Hmm I need to move field security from one Db to Anotherā¦ Not sure this would work
Sounds like a pretty āone offā problem. A more adventurous person might try something in SQL.
Itās almost like you want to do DevOps. Create an artifact, save it, deploy it to various locationsā¦ 
1 Like
It is actually not one off, we maintain 12 app servers and DB instances of Epicor for development and once development is done, we move that development work wot Test, then Pilot, then Liveā¦
So if one were doing a bunch of security stuff in Development and needed to move it to Test, then Pilot , then Live one would be screwedā¦
1 Like
You should be able to do a copy from the list tab in one environment and paste update into the other environment. Itās only table by table, but that works for us here.
It looks like only the exceptions (i.e. non-default settings) are stored in the Ice.SecColumn table.
Can one make a uBAQ in an Ice based table?
I too find myself with the same question. Has anyone come up with a viable way to move from one environment to another?
@josecgomez - How did you handle this? Weāre considering opening up BAQ to let someone do their own analysis, and need to restrict access to hundreds of tables related to $ and customersā¦ I didnāt see a DMT for Field Security either, and really donāt want to do this manually one table at a timeā¦
Just to start, for letter Cās:
We did it by hand 
Iām currently working on a customization to automate most of this. Have the same exact problem. Creating a couple functions to remove read access for everything initially for a specific Security Group, then allow access back to tables that I select at mass.
Hopefully I can share this week as its not done yet. Code will be super inefficient.
2 Likes
Chance,
Great! That would be very helpful. Which table is it? Iām not following the bindings shown in field help - Seems to be DBField, but I donāt see that table in BAQā¦
I also created case CS0002619341 - DMT Field Security. Wouldnāt it be nice if Epicor just added this table to DMT?
UD03.
Table the DD uses is ZDataField
FieldSecurity records are in Ice.SecColumn
Thanks, Chance. As expected, Epicor came back on the case and said to submit an Ideas request - Please vote on it!
https://epicor-manufacturing.ideas.aha.io/ideas/ERP-I-1750
Add Field Security template to DMT - Please add a Field Security template to DMT. As weāre moving more of our information into Epicor, our users are needing more self-serve information, which we can provide with BAQās. We need to restrict confidential information with Field Security access set to āNoneā on hundreds of financial and customer tables in the development, and then live environments.
By letting us manage field security through DMT, weāll have a much more consistent process, and also save dozens of hours of setting permissions manually, one table at a time (inviting mistakes too).
2 Likes
Voted+3
Sheās a hot disorganized mess but sheās about 95% done. Added a few other features to help others out here as well. Will be documenting and cleaning up the solution in the morning.
2 Likes
Sweet! That looks great. Canāt wait to see the finished product. How do you handle āAll Companiesā? During testing, I realized the default in Field Security is to change it by company, not all companies. So far weāre up to about 300 tables that we need to restrict access to. Iām wondering if itās easier to restrict all, and then just give our continuous improvement guy access to the manufacturing ones only, since heās typically working there to improve our processesā¦
BTW, the ideas is up to 22 votes. Hopefully they add Field Security to the DMT template sooner than later.
I donāt really handle it any other way than the BL tester. its a true or false checkbox. Im assuming the way it works is that the company field is just the owning company of the setting, then that checkbox just applies it to others if its checked. This DMT simulation program will super under tested. Either way it will be use at your own risk.
Made a separate post for pushing this out. You can find it here