Separate access for invoice entry and posting

A is allowed to ONLY post an AR/AP invoice group, but is not allowed to enter/modify invoices. Same story for GL Journal Entry that offers both “direct” and “async” posting.

Using BPM’s/customizations this is possible, but I wondered if there is a standard “out of the box” Epicor way for this.

I believe you could use Menu Security for the purpose. There are some Security IDs for Post process as under:

We have used Service Security if people are ALWAYS allowed to enter OR post.

But we found that when people went on vacation/holiday/leave… then it broke down. So, we created a Preprocess BPM on the Post method to not allow the Entry person to also Post.

I know there is a security setting to prevent posting. That will disallow entry people to post.

However I could not find a standard (non BPM) solution to disallow “posting people” entering data in a group because that will block access to the program and hence also block access to the posting functionality.

I think you mean XOR


Probably should have said:

enter user <> posting user

You could try this. I have not tried it but always wanted to.

  • Turn on the “Manually review all transactions” on the GL Transaction Type you want to restrict.
  • This should push all transactions to the Review Journal for that GL Transaction Type.
  • Provide access to Invoice Entry for the employee who will be entering the invoices. They will Post their transactions, BUT they should all go to the Review Journal so they are not technically posting.
  • Provide access to the Review Journal for the approver so they can review and approve (post) the transactions.