Controlling who can create a part

We would like to place some controls within Part Maintenance. This would allow certain employees to create a part, but that until the part is approved (making sure that all fields are populated as needed), that the part be disabled and thus not able to be entered on a supplier purchase order or customer sales order.
Any thoughts on how I might create this process?

1 Like

A couple options come to mind.

  1. A BPM that checks if the user is in a particular security group.
  2. Using Menu Maintenance and Field Level Security, allow/disallow access based on security group(s).
1 Like

Thanks Chad, but to clarify some more. Someone on Product development could create the part and add certain fields but until they add the part material burden components, that pricing has been entered, and so on, that the part is not available to be entered on a supplier purchase order or customer sales order. This is more in line with a proper workflow but I have not designed one before in Epicor. people are not following the paper path so I am trying to create this in Epicor.

So I did something similar in an old position. I used BPM Holds to control it. Depending on the part, certain groups needed to fill out certain fields. Only one group could create the part and when they were done, they took their BPM Hold off and it alerted the next group. This continued until everyone was complete. You can then put BPMs elsewhere in the system that checks to see if a part record has a BPM Hold on it and if it does do a hard stop.

1 Like

You’d want to go with a BPM in that case. It’s going to pretty complex but it would doable. You’d want to use security groups with it.

You can use Task Management to create the entire process, including adding holds, sending notification emails, the works. One wrinkle I added once was to also have the part marked “Inactive” until the process was completed, which removes the part from displaying on most reports and searches. Only those who need to know about it will even see it.

I’m not certain, but you might need to have CRM to have Task Management.

John, Do you have an example of this by chance. If not I know that was some time back


I will have to look into Task Management as I have not heard off it.

At the simplest level you can do:
Create a Security Group who can add part
Add users who need to create to group
Write PRE BPM on Part.GetNew
Add condition, select condition where USer is in sec group
if false, exception widget




Thank you - I think I get the concept and I have some flow charting to do for this. Should not be that hard, but will keep everyone advised.

I added custom fields to our parts for “Engineering Approved” and “Purchasing Approved” since we deal with a lot of new parts and part of the info gets created in Engineering but we don’t want the parts on jobs until Purchasing has added their information. We also have a “Rush” check box so that Purchasing makes sure to enter the data on those parts first. An updateable dashboard allows us to make mass changes to view parts that haven’t been approved, add data and check them approved.

I don’t have an example, but I could try and document the general outline.

Let’s say you have 3 departments that are required to enter/review a part before it can be “active”. Create 3 BPM Holds, 1 for each department. Create 3 security groups, 1 for each department (no menu items need to be selected, just need it to run BPMs).

When a user creates a part, have a BPM add the 3 BPM Holds created above to the part record. When the user is done with the data they need to enter, they must remove the BPM Hold for their department. This triggers another BPM to email the next group that there is a part awaiting their data entry. After they are done, the same as before, they must remove their hold until all holds are gone and the part is now “active”.

There is a lot you can do with this approach.

  1. BPMs can check that data is being entered in the correct order of departments. That way one department can’t skip another.
  2. You can control who can remove the BPM Holds through a BPM that checks the security group the user belongs to.
  3. If the last department is a review and approval, you can create a rejection workflow.
  4. Not part of the BPMs, but you can do field level security to designate the fields that each department can edit.

John that makes sense and this would work. Ive been dealing with getting everyone to work at home, now that I have this I can look at this again. Your process works and I can see how to create this now.

Thank you kara and this is the basic concept. I appreciate your feed back.

I totally agree with @Chris_Conn. The larger the company, the more granular you must get. This is how I do it…

  1. I typically create multiple Security groups that are specific for certain tasks… (see if you can guess what these groups allow)… the idea is to make the security self documenting
  • CanAddParts
  • CanAddPartRev
  • CanAddCust
  • CanCheckOutPart
  • CanPostInvoices
  • CanGetShipments
  1. I create BPMs that allow/disallow these features based on what they are doing.
  2. I assign the Security Groups to the Individuals who are allowed to do that feature.

Using this technique allows you to setup your own “Duty Separation” while still allowing people into screens. You can have multiple departments able to get into Part Entry, but some are restricted from ADDING and some restricted from Adding REVS, others from Checking out Revs.


Great concept @timshuwy

1 Like

I want to say thank you for all the insight. After re-reading everything and thinking through what Tim mentioned, I will review what options we want to do here and how gradually we want to make this. Each post has provided me more details on how to enhance security.

We had a similar request on the control of who could create new customer records,

What we did was went into Field Security and set one of the mandatory fields to Read Only for all security groups except for the one that was the parts group

This made it so if you were in a blocked security group you couldn’t enter data into that specific field, thus you couldn’t save without throwing an error


Thank you but that is not the work flow we are looking for. For us we want users to enter the data that they can, but a final review is completed before the part could be used. I have not yet looked at it but what Tim and Chris mentioned will be our approach.

Adding another brand during covid has changed what my goals where.