Just to expand a little on your point number 4, we locked down every user's mfgsysdata\reports\username folder, so only the user and the network administrator can access it. Then, we created a separate user, named "download". That user's folder is available to all, but only a few people can log in on that user ID in Epicor. All reports and data downloads that need to be shared amongst many users are created (usually on a schedule) using the download user.
Thom Rose
Controller
Electric Mirror LLC
HOTEL LUXURY
"The World Leader in Back-lit Mirrors & Mirror TV Technology"
T 425 776-4946
A 11831 Beverly Park Rd, Bldg D, Everett, WA 98204 USA
www.electricmirror.com<http://www.electricmirror.com>
Note: The information contained in the e-mail, including any attachments, is legally privileged and confidential. If you are not the intended recipient you are hereby notified that any reading, use or dissemination of this message is strictly prohibited. If you have received this message in error, please immediately notify us by telephone at 425-776-4946 and delete this message from your system. Even though this e-mail and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free, and no responsibility is accepted by Electric Mirror LLC for any loss or damage arising in any way from its use
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Ned
Sent: Wednesday, July 08, 2009 9:36 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Security of open access for all users to all folders in the mapped Epicor drive
You shouldn't be using a mapped drive.
A couple things...
1- Your mfgsys803 folder share does need READ access to all users, but that
is all, you don't need FULL CONTROL given to all users.
2- Anyone who installs a service pack to Vantage needs FULL CONTROL to the
share in order for the Service Pack to fully execute.
3- Your mfgsysdata folder share should be outside your mfgsys803 folder,
make sure that is the case, if not, then you can move it and delete the old
one, just make sure it is updated in the System Task Agent.
4- If you have a user who will be running reports that are sensative, clamp
down access to their mfgsysdata\reports\username folder via NTFS permissions
Thom Rose
Controller
Electric Mirror LLC
HOTEL LUXURY
"The World Leader in Back-lit Mirrors & Mirror TV Technology"
T 425 776-4946
A 11831 Beverly Park Rd, Bldg D, Everett, WA 98204 USA
www.electricmirror.com<http://www.electricmirror.com>
Note: The information contained in the e-mail, including any attachments, is legally privileged and confidential. If you are not the intended recipient you are hereby notified that any reading, use or dissemination of this message is strictly prohibited. If you have received this message in error, please immediately notify us by telephone at 425-776-4946 and delete this message from your system. Even though this e-mail and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free, and no responsibility is accepted by Electric Mirror LLC for any loss or damage arising in any way from its use
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Ned
Sent: Wednesday, July 08, 2009 9:36 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Security of open access for all users to all folders in the mapped Epicor drive
You shouldn't be using a mapped drive.
A couple things...
1- Your mfgsys803 folder share does need READ access to all users, but that
is all, you don't need FULL CONTROL given to all users.
2- Anyone who installs a service pack to Vantage needs FULL CONTROL to the
share in order for the Service Pack to fully execute.
3- Your mfgsysdata folder share should be outside your mfgsys803 folder,
make sure that is the case, if not, then you can move it and delete the old
one, just make sure it is updated in the System Task Agent.
4- If you have a user who will be running reports that are sensative, clamp
down access to their mfgsysdata\reports\username folder via NTFS permissions
----- Original Message -----
From: "evelynnlee06" <evelynn.lee@...<mailto:evelynn.lee%40apisensor.com>>
To: <vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>>
Sent: Wednesday, July 08, 2009 12:05 PM
Subject: [Vantage] Security of open access for all users to all folders in
the mapped Epicor drive
> Hi,
>
> We are new Vantage 8.03 user and are in the process of implementing
> Vantage.
>
> We have a drive on the Vantage server mapped got all Epicor-Vantage
> related files, named as z drive. Epicor tech support told us that we are
> to open access to all files (including the root files etc) in this drive
> to all of our Vantage users. With this notion, we are concerned about the
> security and vulnerability of allowing open access as such.
>
> Anyone has better insight on the accessibility to the Epicor folders and
> the respective security control level?
>
> Please advice.
>
> thanks,
> evelynn
>
>
>
> ------------------------------------
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
> have already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.<http://groups.yahoo.com/group/vantage/files/>
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/linksYahoo! Groups Links
>
>
>
[Non-text portions of this message have been removed]