We would like to be able to restrict access to a subset of Vendors deemed as “confidential” vendors via Supplier Tracker. I have to believe others are doing this, and am curious how you have gone about it. I’m guessing we’d need to use BPM(s) and possibly vendor groups and/or security groups, but am hoping some are willing to share their experiences with this.
Thanks in advance,
Patti
We do this…( it’s a silly practice I dont understand ) lol
but we do this via a BPM on GetList to restrict them from showing up on search and a pre processing bpm on get by Id
We use supplier group to differentiate
Would you be willing to share your bpm set up with me?
Get List Post Processing on Vendor
Remove any Vendors in the Vendor Group that is restricted if Current User doesn’t have “XX” security group
var U = Db.UserFile.Where( y=> y.CurComp == Session.CompanyID && y.DcdUserID == Session.UserID).FirstOrDefault();
if( U != null)
{
if(!U.GroupList.Contains("Branch"))
{
var resultArray = result.VendorPPList.Where(r=>r.GroupCode == "GE").ToArray();
}
}
foreach(var r in resultArray)
{
result.VendorPPList.Remove(r);
}
Vendor.GetByID PreProcessing, Raise an Error (Vendor not found) if the vendor Requested is in Restricted Vendor Group and Current User Isn’t in the Right Security Group
var v = Db.Vendor.Where(x=> x.Company == Session.CompanyID && x.VendorID == vendorID ) .FirstOrDefault();
if( v!= null)
{
var U = Db.UserFile.Where( y=> y.CurComp == Session.CompanyID && y.DcdUserID == Session.UserID).FirstOrDefault();
if( U != null)
{
if(U.GroupList.Contains("Branch"))
{
if(v.GroupCode != "AP")
{
throw new BLException( "Branch User can only access AP Group Supplier");
}
}
}
}
What version are you using? We tried using your code and had to tweak it a bit. For the GetByID, we could not get this to work and had to move this to GetByVendID instead but still could not get it to display the message. Instead, it gives the message that the vendor does not exist and asks if you want to create new. If you say yes, then it says it a duplicate when you try to save.
We are currently testing this in our 2021.2.7 version.
Thanks,
Patti
You’ll have to tweak it to your needs version shouldn’t matter
And he’s if you enter a duplicate you are going to get a duplicate message
But if you implement the one in get list it wont ever show up on the search to begin with
I think other ERPs call this “Row Security”. Would love to see Epicor build this in as a standard feature!
Epicor has “Row Security” as a standard feature already: Company, Site, Territory, …
Would there be other records besides supplier that one would add that is not included above?
Row security is hard to do in the database, so any direct access or access through dbContext avoids all row security.
I’ve heard the request for certain GL accounts in Chart Tracker a couple times. And I vaguely remember doing something with Part that only allowed editing Parts in certain Part Classes based on user security group.
It’s usually a weird one-off, which is why I think it would be nice to have a generalized feature akin to Field Security, but I do see how it would be difficult.
Difficult but not impossible. The BAQ is adding a bunch of row security logic already and adding more may make them even more complicated to generate well-tuned queries. Not a bad idea but I think we need to pick our battles. If a BPM can do some of it more efficiently, then great!