Académique Documents
Professionnel Documents
Culture Documents
Security Course
9.05.702
Disclaimer
This document is for informational purposes only and is subject to change without notice. This document and its
contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its
date of publication. However, Epicor Software Corporation makes no guarantee, representations or warranties with
regard to the enclosed information and specifically disclaims any applicable implied warranties, such as fitness for a
particular purpose, merchantability, satisfactory quality or reasonable skill and care. As each user of Epicor software is
likely to be unique in their requirements in the use of such software and their business processes, users of this document
are always advised to discuss the content of this document with their Epicor account manager. All information contained
herein is subject to change without notice and changes to this document since printing and other important information
about the software product are made or published in release notes, and you are urged to obtain the current release
notes for the software product. We welcome user comments and reserve the right to revise this publication and/or
make improvements or changes to the products or programs described in this publication at any time, without notice.
The usage of any Epicor software shall be pursuant to an Epicor end user license agreement and the performance of
any consulting services by Epicor personnel shall be pursuant to Epicor's standard services terms and conditions. Usage
of the solution(s) described in this document with other Epicor software or third party products may require the purchase
of licenses for such other products. Where any software is expressed to be compliant with local laws or requirements
in this document, such compliance is not a warranty and is based solely on Epicor's current understanding of such laws
and requirements. All laws and requirements are subject to varying interpretations as well as to change and accordingly
Epicor cannot guarantee that the software will be compliant and up to date with such changes. All statements of
platform and product compatibility in this document shall be considered individually in relation to the products referred
to in the relevant statement, i.e., where any Epicor software is stated to be compatible with one product and also
stated to be compatible with another product, it should not be interpreted that such Epicor software is compatible
with both of the products running at the same time on the same platform or environment. Additionally platform or
product compatibility may require the application of Epicor or third-party updates, patches and/or service packs and
Epicor has no responsibility for compatibility issues which may be caused by updates, patches and/or service packs
released by third parties after the date of publication of this document. Epicor is a registered trademark and/or
trademark of Epicor Software Corporation in the United States, certain other countries and/or the EU. All other
trademarks mentioned are the property of their respective owners. Copyright Epicor Software Corporation 2013.
All rights reserved. No part of this publication may be reproduced in any form without the prior written consent of
Epicor Software Corporation.
EDE8806905
90521-905-9287-583702
9.05.702
Revision: March 14, 2013 2:06 a.m.
Total pages: 30
course.ditaval
Security Course
Contents
Contents
Security Course.......................................................................................................................4
Before You Begin....................................................................................................................5
Audience.........................................................................................................................................................5
Prerequisites....................................................................................................................................................5
Environment Setup..........................................................................................................................................5
Overview.................................................................................................................................7
Security Privileges..................................................................................................................8
Company Security............................................................................................................................................8
Security Group Maintenance............................................................................................................................9
Workshop: Create a Security Group..........................................................................................................9
User Account.................................................................................................................................................11
User Details............................................................................................................................................11
Security Manager....................................................................................................................................12
Workshop: Assign Security Privileges.......................................................................................................13
Workshop: Assign Security Groups.........................................................................................................14
Workshop: Assign Companies................................................................................................................15
Assign Security......................................................................................................................16
Run Time Argument Menu Control................................................................................................................16
Workshop: Define Run Time Arguments.................................................................................................17
Menu Maintenance........................................................................................................................................18
Workshop: Create a Security Code.........................................................................................................18
Workshop: Assign Menu Security............................................................................................................20
Process Security Maintenance........................................................................................................................21
Workshop: Assign Process (Business Object) Security...............................................................................21
Workshop: Assign Method Security........................................................................................................23
Field Security Maintenance.............................................................................................................................24
Workshop: Assign Global Field Security...................................................................................................25
Workshop: Security Group Field Security.................................................................................................26
Workshop: Use Field Security..................................................................................................................27
Security Management..........................................................................................................28
Menu Security Report....................................................................................................................................28
System Activity Log........................................................................................................................................28
Conclusion.............................................................................................................................29
Security Course
Security Course
Security Course
Security is important because it protects sensitive data, guards against destructive operations, and grants access
to needed information.
Typically, there are two security environments - the network security environment and the application security
environment. This course focuses on the application security environment.
You define security for your application through two key programs. First, use Security Group Maintenance to
create the security groups you need. Then assign all users within your application to these security groups through
User Account Maintenance.
With security groups and their selected users defined, you can then assign security privileges throughout the
application. For example, you may want to prevent access to Payroll programs for most users. You can use the
security privilege tools to only give members of the Payroll security group access to these programs.
You review security settings through two tools. The Menu Security report displays the current access rights specific
users and security groups have on the Main Menu. The System Activity Log tracks database modification activity
within the application; use this tracker to review the database activity for a specific user, table, date, and so on.
Upon successful completion of this course, you will be able to:
Create a system of security groups applicable to your organization.
Assign users to security groups.
Define security levels for programs, processes, and fields.
Review the security settings you have defined.
Security Course
Audience
Specific audiences will benefit from this course.
System Administrator
IT/Technical Staff
Prerequisites
In order to complete the workshops in this course, all necessary modules must be licensed and operating in your
training environment. For more information on the modules available, contact your Epicor Customer Account
Manager at EpicorCAM@epicor.com. It is also important you understand the prerequisite knowledge contained
in other valuable courses.
Navigation Course - This course introduces navigational aspects of the Epicor application's user interface.
Designed for a hands-on environment, general navigation principles and techniques are available at each of
the interface levels in the Epicor application - system, module, and program. Workshops focus on each of
these levels and guide you through each navigational principle introduced.
Recommended: Knowledge Camp Course - This course provides a high level overview of the quote to
cash flow through the Epicor 9.05 application. You begin with how to create a quote, process it as an order,
and fill the order across production planning and purchasing. The course also covers the manufacturing plan
and shipment of parts to a customer, as well as how to process invoices, enter cash receipts, and generate
supplier payments.
Environment Setup
The environment setup steps and potential workshop constraints must be reviewed in order to successfully
complete the workshops in this course.
Your Epicor training environment, in which the Epicor demonstration database is found, enables you to experience
Epicor functionality in action but does not affect data in your live, production environment.
The following steps must be taken to successfully complete the workshops in this course.
1.
Verify the following or ask your system administrator to verify for you:
Your Epicor training icon (or web address if you are using Epicor Web Access) points to your
Epicor training environment with the Epicor demonstration database installed. Do not complete
the course workshops in your live, production environment.
Security Course
Note It is recommended that multiple Epicor demonstration databases are installed. Contact
Support or Systems Consulting for billable assistance.
The Epicor demonstration database is at the same service pack and patch as the Epicor
application. Epicor's education team updates the Epicor demonstration database for each service pack
and patch. If your system administrator upgrades your Epicor application to a new service pack or patch,
he or she must also download the corresponding Epicor demonstration database from EPICweb > Support
> Epicor > Downloads and install it. If this is not performed, unexpected results can occur when completing
the course workshops.
Your system administrator restored (refreshed) the Epicor demonstration database prior to
starting this course. The Epicor demonstration database comes standard with parts, customers, sales
orders, and so on, already defined. If the Epicor demonstration database is shared with multiple users
(that is, the database is located on a server and users access the same data, much like your live, production
environment) and is not periodically refreshed, unexpected results can occur. For example, if a course
workshop requires you to ship a sales order that came standard in the Epicor demonstration database,
but a different user already completed this workshop and the Epicor demonstration database was not
restored (refreshed), then you will not be able to ship the sales order. Epicor's education team has written
the course workshops to minimize situations like this from occurring, but Epicor cannot prevent users
from manipulating the data in your installation of the Epicor demonstration database.
2.
Log in to the training environment using the credentials manager/manager. If you are logged into your
training environment as a different user, from the Options menu, select Change User.
3.
From the Main menu, select the company Epicor Education (EPIC06).
4.
In order for users to complete the Field Security Maintenance workshops, you will need to activate a
customization of Call Type Maintenance. Review these workshops to see what the customization needs, and
create the customization. Be sure to set up this customization as the default interface for Call Type Maintenance
within Menu Maintenance.
Security Course
Overview
Overview
You need to assign security access to the Epicor application because this functionality:
Protects sensitive data
Guards against users accidentally making harmful changes
Grants users access to the programs, reports, and processes they need to perform their specific tasks,
streamlining their use of the Epicor application
Prevents users from accessing areas of the Epicor application that fall outside of their work functions
Application security is embedded within the application and is available as part of the installation. You leverage
both Security Group Maintenance and User Account Maintenance to set up security levels. You can then grant
users, or groups of users, security privileges for specific areas in the application. Security privileges can be set at
specific levels such as menu security or field security.
At any time, you can run the Menu Security report and the System Activity Log to review the security settings
within the current company. You can then make any adjustments to the security settings that you need.
Security Privileges
Security Course
Security Privileges
This section of the course describes how you establish security privileges within your current company.
Company Security
Your Epicor application has at least one company set up in the database. This company contains the various
suites of Epicor modules your organization has purchased.
You leverage the security tools to define security privileges for your organization. If your organization has multiple
companies set up within the Epicor application and you are responsible for defining security across the organization,
you will need to set up security separately within each company. All users within each company will then have
access to the Epicor application using the security plan you have defined.
Every database needs at least one company established in it. During installation, the Epicor application automatically
creates a blank company (TEST) and a single user (MANAGER) with Security Manager privileges in every database.
You can then successfully log into the Epicor application for the first time.
Security Course
Security Privileges
4. Click Save.
5. Exit Security Group Maintenance.
Security Privileges
Security Course
You have now created the Production Staff security group. Repeat these steps to create all the security groups
you need.
10
Security Course
Security Privileges
User Account
Launch User Account Maintenance to assign users to both security privileges and security groups.
The security privileges give a specific user access to various Epicor application features. For example, you can give
a user access to the customization tools, but not allow this user to make interface language changes. You can
also give a user Security Manager rights; this user can then modify security settings for other users.
Through the security group functionality, you can assign a single user to multiple security groups. When you
allow or disallow a security group on security sheets in other programs, the users assigned to this security group
will either have access or have no access to this functionality.
Menu Path
Navigate to this program from the Main Menu:
System Management > Company Maintenance > User
System Management > Security Maintenance > User Security
User Details
Use the Detail sheet to enter basic user account information such as user ID, name, address, phone numbers,
and password information. You typically use this sheet when you are creating a new user account.
Anyone who accesses the application must have a user account. This section highlights key fields and sheets
found in the user account record that you define to establish security access for each user. You set up security
information for each user account on the following sheets:
User ID and Name
All users have both a user identifier (ID) and a name that uniquely identifies each user. Users are prompted for
their User ID and Password when they log into the application. The User ID displays in many entry programs like
Sales Order Entry and Purchase Order Entry; this feature indicates who created the initial record.
The User ID field is alphanumeric and can be up to 20 characters long.
Tip Consider using employees' network login ID as their Epicor application User ID. The network login ID
defaults in the Name field when users log into the Epicor application.
Address and Contact Information
Use this area to enter the mailing address, the e-mail address, and phone numbers for each user. These fields
are optional and are used for reference purposes only.
Some users must be set up in other areas of the application as well. For example, a sales force member would
also be set up in Work Force Maintenance with a sales role. In this situation, consider leaving the address and
contact information blank in the user account record and place a note in one of the fields to direct people to the
Work Force record for the address and contact information.
Disable Account
Select the Disable Account check box to temporarily or permanently stop a user account. This account can no
longer be used to access the Epicor application. Note the application defines a new account as disabled by default.
You can then complete the setup for a user before activating the account.
11
Security Privileges
Security Course
You may also want to disable an account if someone is on an extended leave or if someone leaves the company.
Once an account is disabled, that user cannot log into the application. They will receive an Invalid log on
message.
Important When you create a new user account, this account is disabled by default. If you want this new
user to log into the Epicor application, be sure you clear this check box.
Security Manager
The Security Manager status is a special permission granted to certain users. If your user account has these rights,
you can secure menu and process security options to indicate that a module, program, or process is restricted to
specific users.
Security managers are defined User Account Maintenance on the Group sheet by selecting the Security Manager
check box. Note that only other users with security manager status can access to this option. Epicor creates a
single user (manager) with security manager privileges in every database. This default record is created during
installation, and you use this account to create user account records.
The Epicor application restricts access to the System Management module; only users who have security manager
status can access this module. The programs used to create a security strategy are only available within the System
Management module.
Be aware that it is a good business practice to not give yourself Security Manager access on your normal user
account. This ensures the menu choices you make on your normal login are appropriate for your typical daily
routine. It also ensures that other employees do not grant security access to themselves when you are away from
your computer. Instead, create a separate Security Manager account that you use for security tasks.
12
Security Course
Security Privileges
13
Security Privileges
Security Course
14
Security Course
Security Privileges
15
Assign Security
Security Course
Assign Security
You explore how to assign security to programs, processes, and fields during this section of the course.
You assign security through three programs:
Menu Maintenance
Process Security Maintenance
Field Security Maintenance
You can also restrict access to specific areas of the Epicor application using run time arguments. You set up these
run time arguments on the desktop icons for client installations. The Run Time Argument Menu Control section
describes this functionality.
Security Conflicts
The application handles any conflicts between security groups through an access hierarchy.
1.
If a user is assigned to security group Engineering, which allows access to the Engineering Workbench, and
security group Purchasing, which does not, the user will still be able to launch the Engineering Workbench.
The security group with more access overrides the security group with less access.
2.
Likewise, if a user is assigned rights to a program, but is assigned to a group which is not, the user is still
able to launch the program. User rights have precedence over group rights.
3.
The Allow Access mode also has precedence over the Disallow Access mode. You select these modes on
the Menu Maintenance, Process Security Maintenance, and Field Security Maintenance programs.
16
Security Course
Assign Security
17
Assign Security
Security Course
Menu Maintenance
Use Menu Maintenance to customize the menu interface throughout the application. You can select a specific
dashboard, custom program, or custom report, and make it available to everyone in your company.
Menu security is considered the highest level in which security privileges are set. Security established at this level
allows a folder or program to not display on the Main Menu for any number of security groups or specific users
you identify. Changes you make in this program display on all the workstations that run the application.
Menu Maintenance has two main functions. It allows you to replace a current program with a customized program
and add menu items for custom programs and custom reports.
Important You can only use this program if you have Customization Rights. For information on how
to obtain these rights, read the User Account Maintenance > Group topic.
Business suite modules are organized into folders. Submenus and module function categories, such as Setup,
General Operations, and Reports, are also organized into folders; security is not required. All menu options,
except those in the System Management business suite, are available to all users when the application is installed.
Key Fields
This section highlights key fields and areas in Menu Maintenance.
Security ID
This is the internal security ID and description for a module, submenu, or program. The Security ID field is display
only.
Security Manager Access Only
Select this check box to indicate that this module or program is restricted to security managers. Only users selected
as a security manager in User Account Maintenance have access to this option.
Current Company Only
Select this check box if the security privileges you are setting apply to the current company from which you have
launched Menu Maintenance.
Disconnected
This check box determines whether the security ID is available in Mobile Connect. This setting is maintained by
Epicor, so the check box is never available (grayed out).
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Menu Maintenance
System Management > Utilities > Menu Maintenance
Important This program is not available
in the Epicor Web Access interface. You can launch this program
18
Security Course
Assign Security
5. To prevent users within this security code from launching the Epicor application within an internet browser,
select the Exclude Epicor Web Access check box.
6. Navigate to the Allow Access sheet.
Important You can use either or both sheets to assign security; remember that the Allow Access
method overrides the Disallow Access method. If a user is assigned to both sheets, the user has access
to programs assigned to this security code.
19
Assign Security
Security Course
20
Security Course
Assign Security
21
Assign Security
Security Course
Tip You can restrict this business object to security managers by selecting the Security Manager
Access Only check box. This indicates that only users defined as Security Managers within User
Account Maintenance are able to access this business object.
8. If necessary, clear the Disallow Access to All Groups/Users check box to prevent all groups and users
from accessing this business object.
Until you add users and/or groups to the Selected Groups/Users list, everyone has access to this business
object. Be sure you are ready to assign security before you clear this check box.
You can now define the specific groups and users that cannot use this business object.
9. Click the Double Right Blue Arrow button to disallow access for everyone.
All the security groups and users move to the Selected Groups/Users list.
10. From the Selected Groups/Users list, highlight the _Production Staff security group.
11. Click the Left Blue Arrow button.
The _Production Staff security group displays on the Group/Users list. Now only users assigned to this security
group can use this process.
12. Click Save.
13. Remain in Process Security Maintenance.
Through this setting, only users assigned to the _Production Staff security group can use the ABC Code process.
You should probably undo this setting after you finish the Security course. This process may be used in other
courses within the Epicor Education database, and keeping this security level will prevent most users from running
it.
22
Security Course
Assign Security
23
Assign Security
Security Course
24
Security Course
Assign Security
25
Assign Security
Security Course
4. Click in the Access column to display the drop-down list and select the Full option.
Just like the previous workshop, you have the Full, Read, and None security options. You also have the
Default option; select this option when you want the user or security group to use the global security level
assigned for this field on the Detail sheet.
5. Select the ShortChar03 custom field.
You want to give members of the _Production Staff security group read-only rights to this field.
6. Click in the Access column and select the Read security option.
7. Select the ShortChar04 field.
8. Click in the Access column and select the None security option.
9. Click Save.
10. Exit Field Security Maintenance.
26
Security Course
Assign Security
27
Security Management
Security Course
Security Management
28
Security Course
Conclusion
Conclusion
Congratulations! You have completed the Security course.
29