What is really needed is something similar to a RSOP (Resultant Set of Policies) report, but of all security in Epicor. Even if is was just a tab on the User account security form on a per user basis (Dashboard with a retrieve button) for menus would be a great start. I’ve had varying success with copying menu security and user groups over using DMT lately, which makes thing even hared when you are trying to get a new system up. So a tool like that would help.
Here’s some more information.
What I ended up doing was creating a stored procedure in the SQL Database that dynamically builds an access matrix.
The procedure creates columns for each user and then rows for each menu (the rows are distinct based on Menu Name, Program the menu item runs, Security Code, and Access to that menu). It then goes through each rows and assigns a 1 if that user has access (via Group, granting the user direct access, or if they’re a Security Manager) and a 0 otherwise.
I’m no SQL expert so it may not be the most efficient code. It takes about 15 seconds per user to run on our environment so if you have a lot of active users or a slower environment it could take a while to run.
You’ll need to sift through all the meaningless menu items that aren’t tied to any screens, but we just make sure users do not have access to the actual entry screens.
It’s worked for my Auditors, so hopefully someone else can find it useful.
UserSecurityMatrix Procedure.sql (2.8 KB)
hi, can you please send the excel file for me? thanks.
Are you able to share this Excel matrix? we are about to re-implement Epicor and this will be really helpfull.
Thanks in advance
@Moreno.Mauricio - the Excel matrix is going to vary greatly based on what modules and extensions you have licensed. As was mentioned on another thread, you could create the data on your system by creating a BAQ. Then export to Excel.
I also have an Excel template I’ve used with several clients when implementing Epicor. I’d be happy to email it to you.
One other note: Instead of customizing entry screens to give read-only access to some users, assign the tracker version to the limited users. For example, give them Part Tracker, not Part Entry. It’s the way Epicor is designed to work.
I was able to get the BAQ data but somehow is not liking the format when exporting to Excel, if you are able to share yours that will awesome if not that’s fine and I’ll need to take some time to format the data
@Moreno.Mauricio - I’m attaching the Excel template I use when mapping security access by (1) role to menu items and (2) employees to roles. Purpose is to give a visual tool for the entire team/management to see who has what access, and to maintain consistency. I don’t use a BAQ to populate the menu items but that isn’t a tough one to get just the menu descriptions. Hope you find it useful.
Security Roles worksheet - template.xlsx (83.8 KB)
Thanks a lot, this will help a lot
Hi @Nancy_Hoyt - Would you mind emailing me a copy of this as well? I’ve got to review our security setup and it’s a headache. ecorona@azadc.gov - thank you in advance if you’re able to email a copy - it looks super helpful.
Nancy,
Good morning,
Can you please share your worksheet? We are in the same situation and I don’t have other source to go in order to have a good feeling on how security need to be set up in Epicor . Thanks.