Crystal Reports table access\security

We're running Vantage 8.03.409A. I've tested this before and found that a user with access to create BAQs can add the payroll tables to the BAQ...however, the BAQ will not return any data unless the user is marked payroll manager. The same thing follows with the any dashboards or reports based on BAQs, they can develop them and run them, but no data will be returned. Unless the user is marked a payroll manager, the user can't see any data from payroll tables.

Sue

--- In vantage@yahoogroups.com, melissa hietala <kevmel822@...> wrote:
>
> If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?ÂÂ
>
>
> Melissa Hietala
> UMC, Inc.
> melissah@...
>
>
> ________________________________
> From: Vic Drecchio <vic.drecchio@...>
> To: vantage@yahoogroups.com
> Sent: Tuesday, December 11, 2012 12:12 PM
> Subject: RE: [Vantage] Crystal Reports table access\security
>
> ÂÂ
> That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.
>
> Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).
>
> Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.
>
> With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.
>
> From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
> Sent: Tuesday, December 11, 2012 1:01 PM
> To: mailto:vantage%40yahoogroups.com
> Subject: Re: [Vantage] Crystal Reports table access\security
>
> Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
> In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?
>
> Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.
>
> Thanks again for your help....
>
> Melissa Hietala
> UMC, Inc.
> mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>
>
> ________________________________
> From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com> >
> To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
> Sent: Tuesday, December 11, 2012 11:43 AM
> Subject: RE: [Vantage] Crystal Reports table access\security
>
> Yes, you'd have to create another ODBC user instead of "sysprogress" and
> apply the permissions as appropriate.
>
> Read through this document. It should get you there.
> http://tech.groups.yahoo.com/group/vantage/files/ODBC/
> <http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
> z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
> ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf
>
> From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
> melissa hietala
> Sent: Tuesday, December 11, 2012 12:37 PM
> To: mailto:vantage%40yahoogroups.com
> Subject: [Vantage] Crystal Reports table access\security
>
> Detail:
> I am looking to see if there is a way to apply Epicor users security to the
> Crystal reports tables. For example, if a user gets a license for Crystal to
> create reports is there a setting or setup that would prevent them from
> creating and see data for the Payroll tables. Said users will not have
> access in Epicor to the payroll modules or screens and I want that to float
> to Crystal as well. Is this possible?
>
> Thanks
>
> Melissa Hietala
> UMC, Inc.
> mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>
>
> [Non-text portions of this message have been removed]
>
> No virus found in this message.
> Checked by AVG - http://www.avg.com/
> Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12
>
> -----
> No virus found in this message.
> Checked by AVG - http://www.avg.com/
> Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12
>
> [Non-text portions of this message have been removed]
>
>
>
>
> [Non-text portions of this message have been removed]
>

Detail:
I am looking to see if there is a way to apply Epicor users security to the Crystal reports tables. For example, if a user gets a license for Crystal to create reports is there a setting or setup that would prevent them from creating and see data for the Payroll tables. Said users will not have access in Epicor to the payroll modules or screens and I want that to float to Crystal as well. Is this possible?
Â
Â
Thanks

Melissa Hietala
UMC, Inc.
melissah@...

[Non-text portions of this message have been removed]

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.



Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security





Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?


Thanks

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?
Â
Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.
Â
Thanks again for your help....

Melissa Hietala
UMC, Inc.
melissah@...


________________________________
From: Vic Drecchio <vic.drecchio@...>
To: vantage@yahoogroups.com
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Â
Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?


Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]




[Non-text portions of this message have been removed]

That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.



Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).



Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.



With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security





Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@... <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security


Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12


[Non-text portions of this message have been removed]

Thank you.


Melissa Hietala
UMC, Inc.
melissah@...


________________________________
From: Vic Drecchio <vic.drecchio@...>
To: vantage@yahoogroups.com
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

Â
That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]




[Non-text portions of this message have been removed]

If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?Â


Melissa Hietala
UMC, Inc.
melissah@...


________________________________
From: Vic Drecchio <vic.drecchio@...>
To: vantage@yahoogroups.com
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

Â
That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]




[Non-text portions of this message have been removed]

Melissa, I don't believe this is the case. At least, it's not in Ver 8.03. If someone has access to create BAQ's on the menu, then they have access to all tables. If "joe" is a Production user and only has access to the Production Management menu tree, and happens to have access to create a BAQ, then "joe" can also see the GL tables, Payroll, etc.



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 4:57 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security





If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@... <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security


That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12


[Non-text portions of this message have been removed]

Vic,



As long as the ODBC connection is setup as “read only”, can locked records/data corruption occur? We’ve been using ODBC for many, many Crystal reports that we run daily and never had any issue. Are we just “lucky”?????



Mike..



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 3:57 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security





If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@... <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security


That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]





[Non-text portions of this message have been removed]

Mike,



Read Uncommitted is the best setting to avoid locks. Read Committed will lock records to read in order to prevent a "dirty read". Read Uncommitted runs the risk of a dirty read, but it's safer because there is no locking. A dirty read is a result set that is missing record(s) due to the server legitimately locking records during a transaction.



Read Uncommitted setting is in the ODBC configuration for that system DSN. It's the "Default Isolation Level".



If you are set like this, you're 99% safe, IMO.





From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Mike Abell
Sent: Tuesday, December 11, 2012 5:47 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Crystal Reports table access\security





Vic,

As long as the ODBC connection is setup as “read only”, can locked records/data corruption occur? We’ve been using ODBC for many, many Crystal reports that we run daily and never had any issue. Are we just “lucky”?????

Mike..

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 3:57 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: Re: [Vantage] Crystal Reports table access\security

If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@... <mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5452 - Release Date: 12/11/12


[Non-text portions of this message have been removed]

Mike, this may better explain it… http://bit.ly/ZcomI2







From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Mike Abell
Sent: Tuesday, December 11, 2012 5:47 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Crystal Reports table access\security





Vic,

As long as the ODBC connection is setup as “read only”, can locked records/data corruption occur? We’ve been using ODBC for many, many Crystal reports that we run daily and never had any issue. Are we just “lucky”?????

Mike..

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 3:57 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: Re: [Vantage] Crystal Reports table access\security

If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@... <mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@... <mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]



No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5452 - Release Date: 12/11/12


[Non-text portions of this message have been removed]

Yea, we’ve been using read uncommitted since the get-go. Is there any to know that a “dirty-read” has occurred? I mean, I’ve never really considered that there was a possibility that I wouldn’t get “all” the records back that I’m requesting when running a Crystal. That’s kinda scary….

Mike Abell
Systems Analyst / Network Administrator
Flexial - BOA Group - Cookeville, Tennessee
Office: 931.432.1853 ext 302
Mobile: 615.418.3055
email: MAbell@...


From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Vic Drecchio
Sent: Tuesday, December 11, 2012 5:17 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Crystal Reports table access\security



Mike,

Read Uncommitted is the best setting to avoid locks. Read Committed will lock records to read in order to prevent a "dirty read". Read Uncommitted runs the risk of a dirty read, but it's safer because there is no locking. A dirty read is a result set that is missing record(s) due to the server legitimately locking records during a transaction.

Read Uncommitted setting is in the ODBC configuration for that system DSN. It's the "Default Isolation Level".

If you are set like this, you're 99% safe, IMO.

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>] On Behalf Of Mike Abell
Sent: Tuesday, December 11, 2012 5:47 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
Subject: RE: [Vantage] Crystal Reports table access\security

Vic,

As long as the ODBC connection is setup as “read only”, can locked records/data corruption occur? We’ve been using ODBC for many, many Crystal reports that we run daily and never had any issue. Are we just “lucky”?????

Mike..

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> ] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 3:57 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Subject: Re: [Vantage] Crystal Reports table access\security

If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@...<mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@...<mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com<mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com>> <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5452 - Release Date: 12/11/12

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]

No way to ascertain, AFAIK, if there has been a dirty read. It depends on how transactional your system is and, more importantly, the tables you're querying. For instance, PartTran vs OrderHed... PartTran is always risky because it's constantly being appended. OrderHed, obviously less dynamic.

What I was originally trying to convey is more of the rogue or innocently dangerous folks with unleashed table access via ODBC or BAQ. I've seen disasters.. For example when an overzealous AR Clerk tried to "fix" some records via updatable ODBC access. Not cool. :-)

ODBC is safe, IMO, if done correctly and used by only expert users.

-----Original Message-----
From: Mike Abell
Sent: 12/11/2012 6:30 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Crystal Reports table access\security





Yea, we’ve been using read uncommitted since the get-go. Is there any to know that a “dirty-read” has occurred? I mean, I’ve never really considered that there was a possibility that I wouldn’t get “all” the records back that I’m requesting when running a Crystal. That’s kinda scary….

Mike Abell
Systems Analyst / Network Administrator
Flexial - BOA Group - Cookeville, Tennessee
Office: 931.432.1853 ext 302
Mobile: 615.418.3055
email: MAbell@...


From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Vic Drecchio
Sent: Tuesday, December 11, 2012 5:17 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Crystal Reports table access\security



Mike,

Read Uncommitted is the best setting to avoid locks. Read Committed will lock records to read in order to prevent a "dirty read". Read Uncommitted runs the risk of a dirty read, but it's safer because there is no locking. A dirty read is a result set that is missing record(s) due to the server legitimately locking records during a transaction.

Read Uncommitted setting is in the ODBC configuration for that system DSN. It's the "Default Isolation Level".

If you are set like this, you're 99% safe, IMO.

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>] On Behalf Of Mike Abell
Sent: Tuesday, December 11, 2012 5:47 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
Subject: RE: [Vantage] Crystal Reports table access\security

Vic,

As long as the ODBC connection is setup as “read only”, can locked records/data corruption occur? We’ve been using ODBC for many, many Crystal reports that we run daily and never had any issue. Are we just “lucky”?????

Mike..

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> ] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 3:57 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Subject: Re: [Vantage] Crystal Reports table access\security

If a user has access to create BAQs and dashboards, those do follow the security setup on the Epicor user account correct? Same situation, if a user can create baqs I still do not want them to be able to see data retrieval from Payroll queries. Can anyone confirm?

Melissa Hietala
UMC, Inc.
melissah@...<mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com> <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <vic.drecchio@...<mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 12:12 PM
Subject: RE: [Vantage] Crystal Reports table access\security

That document walks you through setting up ODBC on the server within Progress. The default user is "sysprogress" with access to every table. Make a new user on the server ODBC settings. Call it "guest", for example. Give 'guest' a password and assign security from the server.

Then, give 'guest' access to all of the tables you fee appropriate (or, conversely, prohibit tables containing sensitive data).

Finally, give your user the login information you created above. You can set up an ODBC connection on his PC using those login credentials.

With all of that said, I have never given ODBC access to any of my users to write reports or poke around in the DB. Only expert-level users with proper training and knowledge of what NOT to do should be given access via ODBC. IMO, this should be the responsibility of IT. Imagine for a moment your user locks up a table while poking around and causes data corruption. Who has the onus of fixing the system and getting it straightened out? Usually not your user innocently poking around in the db schema. I would urge caution in this circumstance. BAQ's are a bit more safe, but not bulletproof.

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of melissa hietala
Sent: Tuesday, December 11, 2012 1:01 PM
To: mailto:vantage%40yahoogroups.com
Subject: Re: [Vantage] Crystal Reports table access\security

Not sure what you mean. I can create another odbc connection in the Administrative tools pointing to the epicor database, but how would I apply security to specific tables or a specific Epicor user account?
In my system agent I have an ODBC Connection User ID as sa and a password. Where does the sysprogress you refer to come in to play?

Obviously, this isn't my normal playground, so I am looking for a some simple instructions or process to test out.

Thanks again for your help....

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

________________________________
From: Vic Drecchio <mailto:vic.drecchio%40swepcotube.com <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com<mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com>> <mailto:vic.drecchio%40swepcotube.com%20%3cmailto:vic.drecchio%40swepcotube.com> <mailto:vic.drecchio%40swepcotube.com> >
To: mailto:vantage%40yahoogroups.com <mailto:vantage%40yahoogroups.com>
Sent: Tuesday, December 11, 2012 11:43 AM
Subject: RE: [Vantage] Crystal Reports table access\security

Yes, you'd have to create another ODBC user instead of "sysprogress" and
apply the permissions as appropriate.

Read through this document. It should get you there.
http://tech.groups.yahoo.com/group/vantage/files/ODBC/
<http://f1.grp.yahoofs.com/v1/kGbHUOLGyn9q8H40csCy7xI7F6aCpyQOVAibzQwtT5-KOe
z2h8W7ho9d07r0lgtitG96Htct6cKSGTpk-07swACc_yjBfx0/ODBC/ODBC%20Epicor%20Vanta
ge%20803%20Setup.pdf> ODBC Epicor Vantage 803 Setup.pdf

From: mailto:vantage%40yahoogroups.com [mailto:mailto:vantage%40yahoogroups.com] On Behalf Of
melissa hietala
Sent: Tuesday, December 11, 2012 12:37 PM
To: mailto:vantage%40yahoogroups.com
Subject: [Vantage] Crystal Reports table access\security

Detail:
I am looking to see if there is a way to apply Epicor users security to the
Crystal reports tables. For example, if a user gets a license for Crystal to
create reports is there a setting or setup that would prevent them from
creating and see data for the Payroll tables. Said users will not have
access in Epicor to the payroll modules or screens and I want that to float
to Crystal as well. Is this possible?

Thanks

Melissa Hietala
UMC, Inc.
mailto:melissah%40ultramc.com <mailto:melissah%40ultramc.com>

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - http://www.avg.com/
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5451 - Release Date: 12/11/12

-----
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2012.0.2221 / Virus Database: 2634/5452 - Release Date: 12/11/12

[Non-text portions of this message have been removed]


[Non-text portions of this message have been removed]






[The entire original message is not included.]

[Non-text portions of this message have been removed]

Vic wrote:

> Melissa, I don't believe this is the case. At least, it's not in Ver 8.03. If someone has access to create BAQ's on the menu, then they have access to all tables. If "joe" is a Production user and only has access to the Production Management menu tree, and happens to have access to create a BAQ, then "joe" can also see the GL tables, Payroll, etc.
>

I seem to recall, even in 8.03, that BAQs did respect Work Force
restrictions on seeing customers by territory. I also think that if
you set up table/field level security, you could protect payroll
tables, etc. from certain BAQ users.

Mark W.