We have a sec group named READONLY, and want to prevent that group from accessing just about every menu item.
So it would be easier to add group READONLY to the Disallow Access list of each menu, then remove it from the handfull of menus they can access.
I can add READONLY group to the disallow list on Material Management folder, and they would not see that folder (nor any sub folders or items). But they could still launch Part Entry using “Open With…”. Unless I go into the Material Mngmnt -> Inventory Mngmnt -> Setup -> Part Entry menu, and add READONLY group there.
So I’d have to do that manual addition to EVERY menu item
I think you can do this with DMT. I do mass customization name changes that way.
Build a template, then make a query to fill the current menu contents for your template, update in excel with changes and dmt back in.
Do you recall if the Allow and Disallow lists need to be in the form of a tilde separated list (like SalesRepList)? If so, It looks like I’ll have to build a BAQ to export the MenuSec’s and then append “~READONLY” to each.
Any idea if there’s any issue with including a value in the list that doesn’t match up to a user or group? Not that I’d do it on purpose, but just curious to potential ramifications to making a mistake.
I would just try that on purpose in test before I did it in live. I would assume it would validate, but since in the UI you can only pick from the list it may not.
I did this when we went from E9x to E10 back in the day. DMT will work for sure, I’d spent way too much time in Excel setting up a User’s doc to automatically build the Menu and User DMT files.
Wish I’d brought those Excel sheets with me when I left the company, CBA to rebuild 'em now.
Yes, but remember that there’s a couple of connections going on.
Each menu item (including the “folders”) has a menu ID and a SecID
Several menus (folders or Items in them) can have the same SecID.
Changing the settings in the SecID (allowed or disalowed user lists) affects any menu that uses that SecID
So updating existing Sec properties (the allowed or dissallowed list) may apply to many menus that might not be obvious.
One last thing, I’m pretty sure that users that are Sec Managers can always access any menu regardles of SecID settings. This is good, as you can’t accidently lock yourself out of the security settings.
Just did a quick BAQ to view current entries and I can see nothing in the Company field for 99% or the rows. Can you limit menu security to certain companies?
