System Monitor Shows Everything

I don’t recall this behavior in E9 and I just happened to notice it while helping someone in Kinetic. But system monitor shows all reports run by ANY user. So my shipping receiving team (and all other users) are able to see P/L, AR, AP, GL, Etc Reports that are printed by others. I know that if your a security manager you can display all reports, but for all other users, I thought they could only see reports they generated. I looked all over for a security checkbox or something to limit the data shown in System monitor to only reports for that user, but couldn’t find it… Am I finally losing it? or did this become expected functionality? I sent a ticket into Epicor as well.

System Monitor > Actions > Display All Tasks.
Just turn that off.

I always thought ‘Display all Tasks’ was reserved for security managers but I believe @balmon is saying all his users have access to this feature.

e: Apparently the ‘Allow Session Impersonation’ setting in User Account Maintenance controls this.

User Account Maintenance-Options Fields

Lastly this user can review task activity within the System Monitor. When this user launches the System Monitor from either the Windows Tray or the Epicor application, this person can review the tasks for the companies assigned to this user account.

1 Like

@hackaphreaka is corrrect…all users are seeing all tasks!! I’ve always kept All tasks off for myself unless troubleshooting something, but I don’t think all my users should be able to see all tasks.

1 Like

Try this:

it’s off for all users.

The definitely shouldn’t be able to see all tasks, a savvy enough user (not even that savvy, it’s easy) could access financial reports, etc through the system monitor.

It’s not immediately obvious to me what turns that on/off for certain users though.

2 Likes

Apparently this is an open bug in Kinetic. Good to know if your users are savy and like to click around, they could be seeing sensitive data.

Here’s the dev ticket from Epicor: TASK7265408

@Bob Almon Apologies for the delay I was reviewing this with my senior engineer and found out this to be a bug and it is already submitted to the development Team.
“Filter by current user was removed so all rows are shown, users must apply a filter according to their needs” but, this is still being worked on/discussed by dev .

2 Likes

Thank you all for this thread, I noticed this earlier this week and thought I was going crazy…
I’m guessing this isn’t a simple fix, since we’re still seeing it in 23.1.10 two weeks later.

Does anyone have any advice on mitigating damage while we wait? I thought maybe there was something in “Archive Period”, but even a 0-day archive leaves the report available in the system monitor for 3 hours. System Monitor (either through Smart Client Kinetic or Classic) doesn’t let you delete a report from the list. Database Purge and Summarize doesn’t seem to have any options regarding reports.

1 Like

I was advised it’s supposed to be fixed in the 23.2 release, I think the only thing you could do until then is turn off the system monitor for your users in their config files…not sure if there’s an easy way to update that for everyone.

Are the reports showing up in the reports tab or just the history and active tasks tabs?

Why other than service accounts is this enabled for your users? From the help it doesn’t sound like this is a bug but designed as such so the task agent can print as the actual users session.

we use the kintetic smart client and users can see all the reports from other users in the “reports” section. I do not have the “allow session impersonation box” checked for any users, Epicor support had asked me to check that as well. They had a Dev task created for it. TASK7265408

Gotcha I understood your other message as that it was checked.

Verified that even though a user can see another’s reports that you can also recall the report for preview?

If the where clauses are coming in correctly, we should be able to do a temp fix via bpm on post to fix this.

I haven’t looked at mine.

Edit: We probably don’t even need to check if the where clauses are good or not, we can just filter for the current user.

Pretty wild haha, Kinda regret updating to 2023.1.9 for go live soon.

When did this bug get introduced??

I can’t reproduce it on 2023.1.8 I had to enable Display All Tasks to see @hkeric.wci prints
GIF

I don’t have enough data (any) at the moment in my pilot to make a fix.

If someone wants to get me some traces, I’ll attempt it.

Click the notification icon in the smart client. Launching it from the system monitor works correctly.

1 Like

Can repro in the web version once I figured out how to get to it

This is the endpoint getting called if you want to throw a BPM on it

https://host/app/api/v1/Ice.BO.ReportMonitorSvc/GetRows?whereClauseSysRptLst=BY+SysTaskNum+DESC&pageSize=20&absolutePage=1
2 Likes

This is where you had lost me. The Smart Client is the OG C# app

3 Likes