We’d like to grant some users access to Time and Expense Entry in order to make adjustments to labor detail records (Time/Daily Time/Detail tab). However, being hourly employees themselves, this would also grant them access to adjust their own time cards (Time/Daily Time/Summary tab). Not ideal, even if we trust their principles.
What’s the smartest way to carve this out?
I tried to make the Summary tab read-only for all but certain security group members, but that was not working. I think it may be because Epicor’s own code makes changes to those properties and my customization attempt is just overridden at runtime. Or, maybe I was just doing it wrong. Anyway, I was steered toward pre-proc Method Directive.
Criteria for exiting processing through an exception is thus:
Could I be forgetting something? I’m solo for pretty much the entire development lifecycle - any input is appreciated. 
edit: Sorry, this is using the Labor.Update method. I tried looking at tracing, but it didn’t help me find a narrower scope. I could easily be doing that wrong, also.
I thought this would be good enough, but I’ve been thrown a curve. We actually want these “some users” to have the ability to adjust payroll hours for anyone but themselves. So now I’m trying to check the current user against the EmployeeNum in the LaborHed record. Found some stuff on inline C# to pull stuff into a Set Arg widget, but struggling a bit.
Figured out how to use a lambda expression in the SetArg widget to query the correct table for the EmployeeNum of the current user (thanks, EpiUsers!). However, now I’ve discovered that “Time Entry” exists alongside “Time and Expense Entry” and isn’t caught in my BPM conditions. I thought this would do it, but it must be evaluating false.
