(I’m trying to get our process automation user access to MRP without having to give it access to all the menus above it. It seems Epicor in the last update to 2024.2 no longer gives access to the process, even though my security group is ‘Allow’. Epicor wants to have access to all the menu paths leading to it, which we don’t want to give. And I really don’t want to set every other program in the MRP > General to disallow for my automation security group, just to restrict MRP from accessing it. )
I’m almost positive that “None” means the user / group will not have access by default, but if they are in another security group that has “Allow”, it will work. For example, if the default is set to “None” and all users are set to “Default”, they won’t have access. But if I have one security group set specifically to “Allow”, the users with that group will have access.
BUT If I have one group set to “Disallow” and another group set to “Allow”, a user in both of those groups would not have access. Or if I have a group set to “Allow”, and a specific user set to “Disallow”, that user will not have access, even if they are assigned the Security Group that is set to “Allow”.
I’m not an expert in Menu Security, so someone correct me if this is incorrect.
I have no idea but can you log a support case about this? Apparently the field help won’t get filled unless/until we notify them field by field of every thing that is missing.
I probably should have finished reading before posting my reply.
In cases when I want someone to have 1 module but nothing else from the folder / subfolder, the option I usually go with is to create a new Menu for MRP (by copying it) and put it in a directory that user has access to (or create a new main menu folder for it). Sometimes I will create a new Security for that folder specifically.
Adding on… The default manager account is also an easy target for mischief, so that’s a good one to disable in any case. An account that’s used by humans can be fragile if it might be deactivated when roles change. A specific, special account’s privs can be tightly targeted by an access scope. Making it an ‘integration account’ helps avoid account expiration surprises if someone falls off the password rotation wagon - whether that’s treated as a pro or con depends on the business.
