Something i’ve never looked at before but if possible i’d like to understand and review.
When we setup a new user, we assign groups and companies to them so that they can see specific modules / companies of epicor.
However, how can i be sure which processes / reports etc sit behind each group?
I looked in security maintenance / security groups but its just a list of the existing groups.
I just disallowed a user to Part in inventory management / setup in the TEST database
but he was still able to get in and create a part?!
Would this be because he is part of a group that is allowed access?
To be honest, I’ve always used Positive Access, i.e. allowed only and have avoided the Disallow flag.
Our security matrix is based on role. We’ve identified the commands that a role would require and then assign a group for each role. We make sure EVERY command (and now BAQs) has explicit groups assigned (No ALL access for allow or deny).
This is much easier to report on access and leave no surprises.
Be aware of the fact that each time Part appears in the Menu, it MIGHT have a different security ID attached to it - therefore, user might be blocked under Inventory Mgmt, but has access via User/Group under the Job Mgmt menu.
Is there any other place where I can see what the user has access to. I see the groups but the user cannot get into the Supplier Maintenance screen. Which is weird since she had access prior and she was given additional access on the server and something is now keeping her from accessing the function.
I would appreciate any assistance. I am new to Epicor 9.