Record Level Security

So, I don’t think this is possible but will defer to the experts in the forum.

Can you set up security to limit a user to only see certain parts across the whole system?

What I was thinking was to put a custom field on the User account and on Part. Then based on these 2 fields, the User would be able to see these parts but not those. I would be looking to do this across the whole system. So, Part Entry, Part Tracker, Job Tracker, Invoice, any where that part might be.

I would not be looking to allow the user to see all lines of an invoice except the line with the part. I would just like to have the system not allow the user to see the invoice because it has a restricted part on there.

I advise exploring Epicor Workflow, WorkForce (RepID), and Roles to restrict access to the data. Also, many of the System BAQs used in Trackers have built-in security to restrict the customer, quote, and order data. I would explore the out-of-the-box functions first before considering further customization(s).

Mazin

I’ve done something similar to this. I created a UD field called Released_c on the part table and created a pre-processing BPM on Part.GetList containing:

  • a condition box saying “user is not part of (Authorized Security Group)”
  • a custom code box with one line of code:

whereClause = "Released_c = 1 AND " + whereClause;

Then I made BPMs on the major forms (PO, quote, sales order, job entry) which also block access based on the Released_c checkbox’s value.

1 Like

Thanks, I’m going to start exploring the functionality that restricts on territory to see if I can copy/leverage that. I had not even thought about that.

Years ago (too many to remember?) I had a Vantage customer who wanted to secure SUPPLIERS… in order to do this, we came up with the idea of simply hiding them from searches. We figured out that it was actually fairly simple.
Years later, I migrated the solution to E10… attached is the E10 solution.

  1. There is a security group called Partners
  2. There is a special group of suppliers that are “Partners” who are to be hidden unless you belong to the security group above
  3. We created BPM(s) to do the hiding.

The attached document will show all the steps, but in reality, the BPMs are simple single line of C# code BPMs.How to do Record Level Security E10.pdf (589.3 KB)

4 Likes

Hi @timshuwy

I am looking to implement your solution on hiding items from a list but was wondering if someone knew the supplier ID would they be able to type it in manually?

Edit - removed type in Tim’s userID

Thanks

Matt

Hi @timshuwy

I can see BPM 2 covers the scenario of manually entering the value so all good.

Regards

Matt

Hi @timshuwy I know it’s been a while since you posted this. I’ve been asked to do this exact setup. I don’t consider myself a master BPM writer. When I enter the C# code, I get the following message:

CS0103 The name ‘ttVendorList’ does not exist in the current context.

We’re on the current version of Kinetic. Is there soemething different I need to do?

I believe that the tt tables were removed in Kinetic. I believe they are “ds.” now.

So I would replace all “tt” with “ds.” ?

Here’s the current code: ttVendorList.RemoveAll(ttVendorList_Row => ttVendorList_Row.GroupCode == “PTNR”);

Not 100% sure. I would use the drop downs in the BPM designer to make sure you have the correct ones.

Please pardon my inexperience, how do I get to the drop downs?

Double click the field you’d like to use, and Epicor will put it into the expression editor with the correct nomenclature for your version.

Thanks!

Thanks everyone for your help. I reached out to another guru for some help on this and I think some of the issue may have been the version (2023.1.10) we’re on but not exactly sure.

The end result was a change to the C# code in BPM1. This is the code I used, and it works as described in @timshuwy document:

result.VendorList.RemoveAll(row => row.GroupCode == “PTNR”);

1 Like