I normally get a request like this every few months ‘Can you send a list of all users with access to the Supplier screen?’ or any number of screens.
I tried but without any luck to get a list of users that have access to X screen. We use a combination of giving specific users access to a screen or applying access through the use of security groups. We also use the disallow access function.
With this sort of setup, I have to do a dedupe of lists and users against each other to get the final (actual) list of access.
Does anyone have a better way of doing this? or maybe has anyone built anything that already does this?
I’ve never done it but presumably you could query the Security table. It will list groups\users with access. You could then subquery the group to get members. The groups are stored in SysUserFile (separated by ~ in the groups field)
Setting individual users rights to menu items turns into a mess like you’re
living. Would take effort to redo your securities but in the long run
better.
We setup multiple Security Groups per module, ie Supplier Maintenance:
1- View Only access, to trackers & reports and such only no entry.
2- User Access, normal employee access to most General Ops entry forms but
not Setup
3- Supervisor, Access to Setup items specific to module
4- For particular entry forms: Part or Job Entry to name a few, we setup
specific security groups for those
Each level up assumes the rights of the lower, so level 3 has all the
rights of level 1 and 2.
Each module has their own set of Security Groups, so the list of SG’s get
long but easier to manage in the long run.
We then setup a spreadsheet with all the modules across in columns and our
users in rows. Then the user’s rights to each section is a letter V / U / S
/ etc depending what rights they have. The spread sheet is filled out by
that employees supervisor or manager before IT makes the user’s Epicor
account. It’s kept on a network share for the supervisors/managers to
access.
So when we get a, “Can I get a list of which users have access to X”
request we point them to the spreadsheet.