Hello, everyone. Another question about my favorite four-letter word: IDC! [had to add the ! to make it four-letters]
We now have 3 batch types in IDC. Each of our IDC users who does Data Verification should only see batches from 1 of the 3 batch types.
- ‘POs-Data Verifiy’ group only has access to the ‘Purchase Orders’ batch type.
- ‘AP Invoice Team’ group only has access to the ‘AP Invoice’ batch type.
- ‘Per Diem-Data Verify’ group only has access to the ‘Per Diem Invoices’ batch type.
This works as expected, because we assign a specific IDC group to 1 batch type [see screenshot] and do not assign that same group to the other 2 batch types. No issue there.
And 99% of our IDC batches get created via e-mail, meaning the IDC E-mail Client app pulls the PDFs into IDC from e-mail attachments. No issue there, because our IDC E-mail Client app accesses a different e-mail account for each batch type. So PDFs e-mailed to the e-mail account dedicated to POs, for example, are always loaded into IDC in a batch for the ‘Purchase Orders’ batch type.
Here’s my issue: If one of our IDC Data Verification users creates an IDC batch from within IDC, the Batch Type dropdown shows all 3 batch types. So that user can create a batch for any of the 3 batch types even though that user does not have Data Verification access to 2 of those batch types!
Am I missing a security setup?
How can I prevent a user in an IDC group from creating batches for batch types that the group has no access to in Data Verification?
@JerseyEric The way I do this is by using a folder that the IDC input service monitors and MS security on the share. If they don’t have the input role they won’t see the Create Batch tab.
@gpayne, I appreciate your suggestion for a workaround. But I already have the Create Batch tab hidden for 2 of the 3 user groups.
For our AP Automation implementation, some members of our AP team need occasional access to IDC’s Create Batch tab. We can live with those users being able to select other batch types [i.e. ‘Purchase Orders’ or ‘Per Diem Invoices’] from the Batch Type dropdown even though they should only select ‘AP Invoices’.
But I was hoping (and still hope) that someone knows a standard way to restrict the values from the Batch Type dropdown using group security. Or is IDC! just not ready for enterprise prime-time?
This is version 9.22.63 - Under the Batch Type editor page, there is a section that looks like the security you need
I’m still on IDC version 9.11.x, but that User and Group Assignments section under the Batch Type admin editor (definition) – from your screenshot – exists in my version 9.11.x. In fact, it’s exactly how I control an IDC user group’s access to a specific Batch Type in Data Verification.
It seems that Epicor did not consider that such user & group assignments under the Batch Type admin editor (definition) should also be used to filter the dropdown on the Create Batch page.
It seems Epicor, or its IDC partner ancora, is so focused on AI and OCR scanning that they do not consider all the controls needed in a “ready for prime time” enterprise application. While I do not work with Epicor ERP and I’m still pretty new to DocStar, I have years of experience with Oracle ERP and like to think I have a good sense of how access should be controlled within an enterprise application.
Ok - I don’t use that level of security yet in our simple footprint - glad to know it sort-of works but the dropdown is a pitfall.
No doubt Ancora is not the big enterprise application like a few I’ve worked with (LaserFiche for one). And since Epicor doesn’t own them, just promotes them as one of the input solutions, there’s not much Epicor can do about this sort of thing.