So I was testing some access to the User Account Security Maintenance menu item. I opened it to a group i created and unchecked the Security Manager Only check box. But the user in that group still gets the message that they must be a security manager to make changes. I don’t know if this is new or it has been so long since I needed others to access this that I have forgotten Epicor has this tight. Any insights or thoughts?
Thanks Kim
Even if you allow them into the User Account Security Maintenance form, they still need to actually be a Security Manager to save changes to User Accounts. I think that is hard-coded into Epicor’s logic.
That is what I was worried about.
Confirmed by Epicor is is hard coded and only Security Managers can modify users.
Not really a bad thing tho…
What’s the business case for allowing non-sec mgrs to update users? There may be other options…
This is an old thread but I’m trying to do this too. My business case is my team, which manages Kinetic, is working with the IT team to help onboard and offboard employees, which includes creating and disabling Kinetic user accounts. They are not knowledgeable about Kinetic so it would be nice to allow them to manage accounts without having access to the entire system.
This is a perfectly fine business case. Why grant people with little knowledge of Kinetic? In this scenario, I would create a Kinetic User named “Boarding” that has Security Manager capability. In no surprise whatsoever, I would create an API that uses the boarding user to allow just the capabilities you want to grant: NewUser, DisableUser, UpdateUserSecurity, etc. One might even get clever and add a method that copies groups from an existing user. 
You then restrict the use of the API to certain credentials. Finally, front end the API with a Web Page or the IT people could call it with PowerShell.
