Users with access to only two menus

Hi all!
I need to remove access to a specific Security Group of users.
The selected group will have access to only two menus (Quote Entry and Order Tracker).

I saw that I can do that in the Menù Maintenance but do I really have to disable the access for all of the other menus?
Can’t I allow access to only the two menus and have the others disallowed?

Thanks!!

Correct, you have to disallow access to the menus they shouldn’t have access to. And allow the menu they should.

Yeah but it would be all the menus except for the those 2.
Isn’t there a fast way to do this?

Yes. We create custom menus. We add a new top level menu and put a copy of the apps/reports they need in there. Define a new security ID and apply to the top level and anything under it. There is a built in action to copy menu items.

I saw that there is a DMT ‘Menu Security’ for this purpose.
Can I entry one time with disallow all menus for that specific group and then entry a second time allowing only the 2 menus for the group?

I’ve never done menu security with DMT. Everyone is in at least one security group in our environment. We then customized the security on the default menus and added new menus where needed. It’s easy to create a menu and add just the items the users needs if you have security groups.

You can use DMT to set that group on the No Access list of every menu but the two they need.

I’m sure DMT works fine to set menu permissions. I just set them manually. It didn’t take long with how we did groups.

I’d do the following:

1. Make a SecGroup QE_OT (Quote Entry / Order Tracker)
2. Make the user a member of that group
3. Create a new top level menu folder
   
4. Create a new SecID
   
   

   image665×590 13 KB
5. Back on the Detail tab, change the Security ID to the one you just made
   
6. In the new folder, ad a menu item for Quote Entry , selecting SEC_QE_OT as the Sec ID.
7. Repeat #6 for the Order Tracker entry

At this point, the new top level menu folder “Quote Entry / Order Tracker” will only show for users of the QE_OT group. But the group member can still see all the other menus.

A lazy (and not really secure) thing to do would be to add the QE_OT group to the disallow list of the 1st level menu folders

That would make it so the restricted users could only see the QE OT folder. But they could still access the other programs using right click, “Open with …”.

To disable access to all of them, I’d use DMT to add the group QE_OT to the DisallowList of every every Security ID (except Sec ID SEC_QE_OT).

Exactly how we handled all our menus. I just didn’t type that out. Bonus points to @ckrusen

Really helpful as always Calvin, you are a savior.
Really thanks!