Has anyone looked at how to lock down a MES Station so that only folks in the immediate area can use it?
Either by Workstation ID, Department, Role, or Resource Group or something…
We have one by the designated employee entrance and it backs up like Walmart’s doors on Black Friday. The supervisors tell me that it needs more ‘control’. I can think of only a few ways that I might be able to do it via code, but I thought I’d do a shout out. I cannot find anything about this sort of assignment in the docs so far…
What are they using MES at this workstation for? Clocking in/out for the day? Do you have the Employees setup according to their Employee type such as Production Worker, Material Handler, Shipping/Receiving, etc.?
does that area have a designated ‘Time Clock’ station for clocking in and out for the day? Consider disabling the clock in/out button on that work station. Let them all burn if they can’t behave when asked nicely.
A very rudimentary, brute force way to do it would be to have the mes client in that area auto-login as a specific Epicor user (empentrance) - I am talking about the user name and password they use to open the MES interface not windows credentials.
In principle have a BPM that looks up the callcontextclient table and the value in the field CurrentUserID - you then put some logic in that says if CurrentUserID is empentrance, then folks in department x can clock in/out, everyone else can’t clock in/out - you would need to figure out the appropriate method call to put the bpm against and indeed what can’t clock in/out means - for example MES rejects the employee id or buttons not being available.
@cchang - Everyone has roles, but the station is used for job-clocking by the department its in - plus the abuse of everyone else coming through that entrance door.
@rbucek - Rob - you and I think very similarly Adults should be able to follow the rules, but given an opportunity it seems they will always let you down. That’s why it’s come down to turning it off until the department is ready to start their jobs.
@mcfreedombaby - James - this is where I’m at in my plan actually, but I my hiccup is that all of my mes stations sign in using the same AD login. It may be easier once Iv’e got SSO setup. But for now I can’t tell where the station is unless I can also grab something like an INI file entry or the computer name to build into the BPM. I was hoping someone else might have a more elegant solution than the brute force BPM.
Sorry I wasn’t talking about the AD login, I was talking about the Epicor user the MES logins in with (this is not the employee id) - you may have this hard coded in the ini file - create a separate and distinct Epicor user for this station and hard code it into the ini file. From there build a bpm.
yes I understood what you meant. I confused the the issue a bit. The AD/SSO login would be easier to allow for each station to have an independant ID that my employees wouldn’t have to remember as they move around. Right now we have so many power outages that the stations all have to be rebooted/logged in frequently and because the people move around between departments it’s easier to have a single login for all the stations.
But I’m still right there with you - a BPM is the only way I can see. But a hard coded login in the INI file - forgot about that. That would be good and keep the BPM simple.
We did a customization like this based on the employee id rather than logon. it checked the empbasic table for a code that would then make the ok active or not.
OK - figured it out. Multipart solution of course, but here’s the gist in case anyone in the future needs it.
Add a column to JCDept table called “MESStations” as character x(100) and regen the Data Model
Create a JCDept UI customization to add the field to the UI for data entry. (Enter MES Station computer names of course using any delimiter between names for readability)
Create a Pre-Proc BPM on EmpBasic.ClockIn method and in that method:
Set CallContextBPMData.Character01 = Session.ClientComputerName (thanks @danbedwards)
(note: Session.TaskClientID and Environment.MachineName do not give a clean single value back and Session.WorkstationID returns nothing.)
(note: this method doesn’t have any TT tables so a lot of widgets/conditions do not work…)
Invoke the BO method Erp.EmpBasic.GetbyId using the employeeid to return the dataset containing the Employee’s department.
Invoke the Erp.JCDept.GetbyID using the employee’s dept# to return the dataset containing the ‘approved’ MES workstation ids.
Use a Condition to check to see if the approved list of MES workstations ‘contains’ the current workstation id.
True = do nothing
False = throw an exception stating “Use a workstation in your department to clock in.”
Works pretty well so far in testing. We’ll see what happens when the Employee’s start hating on me for doing this.
Adults should be able to follow the rules, but given an opportunity it seems they will always let you down. That’s why it’s come down to turning it off until the department is ready to start their jobs.