Epicor ERP

Security Course
9.05.702

Disclaimer
This document is for informational purposes only and is subject to change without notice. This document and its
contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its
date of publication. However, Epicor Software Corporation makes no guarantee, representations or warranties with
regard to the enclosed information and specifically disclaims any applicable implied warranties, such as fitness for a
particular purpose, merchantability, satisfactory quality or reasonable skill and care. As each user of Epicor software is
likely to be unique in their requirements in the use of such software and their business processes, users of this document
are always advised to discuss the content of this document with their Epicor account manager. All information contained
herein is subject to change without notice and changes to this document since printing and other important information
about the software product are made or published in release notes, and you are urged to obtain the current release
notes for the software product. We welcome user comments and reserve the right to revise this publication and/or
make improvements or changes to the products or programs described in this publication at any time, without notice.
The usage of any Epicor software shall be pursuant to an Epicor end user license agreement and the performance of
any consulting services by Epicor personnel shall be pursuant to Epicor's standard services terms and conditions. Usage
of the solution(s) described in this document with other Epicor software or third party products may require the purchase
of licenses for such other products. Where any software is expressed to be compliant with local laws or requirements
in this document, such compliance is not a warranty and is based solely on Epicor's current understanding of such laws
and requirements. All laws and requirements are subject to varying interpretations as well as to change and accordingly
Epicor cannot guarantee that the software will be compliant and up to date with such changes. All statements of
platform and product compatibility in this document shall be considered individually in relation to the products referred
to in the relevant statement, i.e., where any Epicor software is stated to be compatible with one product and also
stated to be compatible with another product, it should not be interpreted that such Epicor software is compatible
with both of the products running at the same time on the same platform or environment. Additionally platform or
product compatibility may require the application of Epicor or third-party updates, patches and/or service packs and
Epicor has no responsibility for compatibility issues which may be caused by updates, patches and/or service packs
released by third parties after the date of publication of this document. Epicor is a registered trademark and/or
trademark of Epicor Software Corporation in the United States, certain other countries and/or the EU. All other
trademarks mentioned are the property of their respective owners. Copyright Epicor Software Corporation 2013.
All rights reserved. No part of this publication may be reproduced in any form without the prior written consent of
Epicor Software Corporation.

EDE8806905
90521-905-9287-583702
9.05.702
Revision: March 14, 2013 2:06 a.m.
Total pages: 30
course.ditaval

Security Course

Contents

Contents
Security Course.......................................................................................................................4
Before You Begin....................................................................................................................5
Audience.........................................................................................................................................................5
Prerequisites....................................................................................................................................................5
Environment Setup..........................................................................................................................................5

Overview.................................................................................................................................7
Security Privileges..................................................................................................................8
Company Security............................................................................................................................................8
Security Group Maintenance............................................................................................................................9
Workshop: Create a Security Group..........................................................................................................9
User Account.................................................................................................................................................11
User Details............................................................................................................................................11
Security Manager....................................................................................................................................12
Workshop: Assign Security Privileges.......................................................................................................13
Workshop: Assign Security Groups.........................................................................................................14
Workshop: Assign Companies................................................................................................................15

Assign Security......................................................................................................................16
Run Time Argument Menu Control................................................................................................................16
Workshop: Define Run Time Arguments.................................................................................................17
Menu Maintenance........................................................................................................................................18
Workshop: Create a Security Code.........................................................................................................18
Workshop: Assign Menu Security............................................................................................................20
Process Security Maintenance........................................................................................................................21
Workshop: Assign Process (Business Object) Security...............................................................................21
Workshop: Assign Method Security........................................................................................................23
Field Security Maintenance.............................................................................................................................24
Workshop: Assign Global Field Security...................................................................................................25
Workshop: Security Group Field Security.................................................................................................26
Workshop: Use Field Security..................................................................................................................27

Security Management..........................................................................................................28
Menu Security Report....................................................................................................................................28
System Activity Log........................................................................................................................................28

Conclusion.............................................................................................................................29

Epicor ERP | 9.05.702

Security Course

Security Course

Security Course
Security is important because it protects sensitive data, guards against destructive operations, and grants access
to needed information.
Typically, there are two security environments - the network security environment and the application security
environment. This course focuses on the application security environment.
You define security for your application through two key programs. First, use Security Group Maintenance to
create the security groups you need. Then assign all users within your application to these security groups through
User Account Maintenance.
With security groups and their selected users defined, you can then assign security privileges throughout the
application. For example, you may want to prevent access to Payroll programs for most users. You can use the
security privilege tools to only give members of the Payroll security group access to these programs.
You review security settings through two tools. The Menu Security report displays the current access rights specific
users and security groups have on the Main Menu. The System Activity Log tracks database modification activity
within the application; use this tracker to review the database activity for a specific user, table, date, and so on.
Upon successful completion of this course, you will be able to:
Create a system of security groups applicable to your organization.
Assign users to security groups.
Define security levels for programs, processes, and fields.
Review the security settings you have defined.

Epicor ERP | 9.05.702

Security Course

Before You Begin

Before You Begin

Read this topic for information you should know in order to successfully complete this course.

Audience
Specific audiences will benefit from this course.
System Administrator
IT/Technical Staff

Prerequisites
In order to complete the workshops in this course, all necessary modules must be licensed and operating in your
training environment. For more information on the modules available, contact your Epicor Customer Account
Manager at EpicorCAM@epicor.com. It is also important you understand the prerequisite knowledge contained
in other valuable courses.
Navigation Course - This course introduces navigational aspects of the Epicor application's user interface.
Designed for a hands-on environment, general navigation principles and techniques are available at each of
the interface levels in the Epicor application - system, module, and program. Workshops focus on each of
these levels and guide you through each navigational principle introduced.
Recommended: Knowledge Camp Course - This course provides a high level overview of the quote to
cash flow through the Epicor 9.05 application. You begin with how to create a quote, process it as an order,
and fill the order across production planning and purchasing. The course also covers the manufacturing plan
and shipment of parts to a customer, as well as how to process invoices, enter cash receipts, and generate
supplier payments.

Environment Setup
The environment setup steps and potential workshop constraints must be reviewed in order to successfully
complete the workshops in this course.
Your Epicor training environment, in which the Epicor demonstration database is found, enables you to experience
Epicor functionality in action but does not affect data in your live, production environment.
The following steps must be taken to successfully complete the workshops in this course.
1.

Verify the following or ask your system administrator to verify for you:
Your Epicor training icon (or web address if you are using Epicor Web Access) points to your
Epicor training environment with the Epicor demonstration database installed. Do not complete
the course workshops in your live, production environment.

Epicor ERP | 9.05.702

Before You Begin

Security Course

Note It is recommended that multiple Epicor demonstration databases are installed. Contact
Support or Systems Consulting for billable assistance.
The Epicor demonstration database is at the same service pack and patch as the Epicor
application. Epicor's education team updates the Epicor demonstration database for each service pack
and patch. If your system administrator upgrades your Epicor application to a new service pack or patch,
he or she must also download the corresponding Epicor demonstration database from EPICweb > Support
> Epicor > Downloads and install it. If this is not performed, unexpected results can occur when completing
the course workshops.
Your system administrator restored (refreshed) the Epicor demonstration database prior to
starting this course. The Epicor demonstration database comes standard with parts, customers, sales
orders, and so on, already defined. If the Epicor demonstration database is shared with multiple users
(that is, the database is located on a server and users access the same data, much like your live, production
environment) and is not periodically refreshed, unexpected results can occur. For example, if a course
workshop requires you to ship a sales order that came standard in the Epicor demonstration database,
but a different user already completed this workshop and the Epicor demonstration database was not
restored (refreshed), then you will not be able to ship the sales order. Epicor's education team has written
the course workshops to minimize situations like this from occurring, but Epicor cannot prevent users
from manipulating the data in your installation of the Epicor demonstration database.
2.

Log in to the training environment using the credentials manager/manager. If you are logged into your
training environment as a different user, from the Options menu, select Change User.

3.

From the Main menu, select the company Epicor Education (EPIC06).

4.

From the Main menu, select the Main Plant.

Instructor Note

In order for users to complete the Field Security Maintenance workshops, you will need to activate a
customization of Call Type Maintenance. Review these workshops to see what the customization needs, and
create the customization. Be sure to set up this customization as the default interface for Call Type Maintenance
within Menu Maintenance.

Epicor ERP | 9.05.702

Security Course

Overview

Overview
You need to assign security access to the Epicor application because this functionality:
Protects sensitive data
Guards against users accidentally making harmful changes
Grants users access to the programs, reports, and processes they need to perform their specific tasks,
streamlining their use of the Epicor application
Prevents users from accessing areas of the Epicor application that fall outside of their work functions
Application security is embedded within the application and is available as part of the installation. You leverage
both Security Group Maintenance and User Account Maintenance to set up security levels. You can then grant
users, or groups of users, security privileges for specific areas in the application. Security privileges can be set at
specific levels such as menu security or field security.
At any time, you can run the Menu Security report and the System Activity Log to review the security settings
within the current company. You can then make any adjustments to the security settings that you need.

Epicor ERP | 9.05.702

Security Privileges

Security Course

Security Privileges
This section of the course describes how you establish security privileges within your current company.

Company Security
Your Epicor application has at least one company set up in the database. This company contains the various
suites of Epicor modules your organization has purchased.
You leverage the security tools to define security privileges for your organization. If your organization has multiple
companies set up within the Epicor application and you are responsible for defining security across the organization,
you will need to set up security separately within each company. All users within each company will then have
access to the Epicor application using the security plan you have defined.
Every database needs at least one company established in it. During installation, the Epicor application automatically
creates a blank company (TEST) and a single user (MANAGER) with Security Manager privileges in every database.
You can then successfully log into the Epicor application for the first time.

Epicor ERP | 9.05.702

Security Course

Security Privileges

Security Group Maintenance

Use Security Group Maintenance to establish security groups that define various functions either throughout
your organization or for a specific company. You then use these security groups to assign or limit access to various
areas within the Epicor application.
You can assign a user to a security group in User Account Maintenance, and then you can select security groups
on various security sheets in other programs. While optional, security groups are useful because they can categorize
employees by role or department.
Epicor recommends you create security groups and assign all users to specific groups. You then simplify your
security setup, as you do not need to assign security to individual users. This approach also ensures you implement
security through an organized and clearly defined method.
Before you begin assigning security, consider the various areas of security your company needs. You should then
design a security plan and enter security groups that reflect this plan. While you set up this plan, consider that
roles tend to be more generic, while job titles tend to be more specific. Several job titles can fulfill the responsibilities
of a single role.
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Security Group
Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

Workshop: Create a Security Group

During this workshop, you will create a new security group.
Navigate to Security Group Maintenance.
Menu Path: System Management > Security Maintenance > Security Group
Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

1. Click New.
2. In the Group Code field, enter XXX_PROD (where XXX are your initials).
This defines the identifier used for the security group.
3. In the Description field, enter _Production Staff.
This text displays within the security programs, so enter a brief, concise explanation for the group in this
field.
Tip If you place an underscore (_) or a period (.) in front of the Description, the security group sorts
to the top of the list in the security programs. This makes the new security group much easier to find.

4. Click Save.
5. Exit Security Group Maintenance.

Epicor ERP | 9.05.702

Security Privileges

Security Course

You have now created the Production Staff security group. Repeat these steps to create all the security groups
you need.

10

Epicor ERP | 9.05.702

Security Course

Security Privileges

User Account
Launch User Account Maintenance to assign users to both security privileges and security groups.
The security privileges give a specific user access to various Epicor application features. For example, you can give
a user access to the customization tools, but not allow this user to make interface language changes. You can
also give a user Security Manager rights; this user can then modify security settings for other users.
Through the security group functionality, you can assign a single user to multiple security groups. When you
allow or disallow a security group on security sheets in other programs, the users assigned to this security group
will either have access or have no access to this functionality.
Menu Path
Navigate to this program from the Main Menu:
System Management > Company Maintenance > User
System Management > Security Maintenance > User Security

User Details
Use the Detail sheet to enter basic user account information such as user ID, name, address, phone numbers,
and password information. You typically use this sheet when you are creating a new user account.
Anyone who accesses the application must have a user account. This section highlights key fields and sheets
found in the user account record that you define to establish security access for each user. You set up security
information for each user account on the following sheets:
User ID and Name
All users have both a user identifier (ID) and a name that uniquely identifies each user. Users are prompted for
their User ID and Password when they log into the application. The User ID displays in many entry programs like
Sales Order Entry and Purchase Order Entry; this feature indicates who created the initial record.
The User ID field is alphanumeric and can be up to 20 characters long.
Tip Consider using employees' network login ID as their Epicor application User ID. The network login ID
defaults in the Name field when users log into the Epicor application.
Address and Contact Information
Use this area to enter the mailing address, the e-mail address, and phone numbers for each user. These fields
are optional and are used for reference purposes only.
Some users must be set up in other areas of the application as well. For example, a sales force member would
also be set up in Work Force Maintenance with a sales role. In this situation, consider leaving the address and
contact information blank in the user account record and place a note in one of the fields to direct people to the
Work Force record for the address and contact information.
Disable Account
Select the Disable Account check box to temporarily or permanently stop a user account. This account can no
longer be used to access the Epicor application. Note the application defines a new account as disabled by default.
You can then complete the setup for a user before activating the account.

Epicor ERP | 9.05.702

11

Security Privileges

Security Course

You may also want to disable an account if someone is on an extended leave or if someone leaves the company.
Once an account is disabled, that user cannot log into the application. They will receive an Invalid log on
message.
Important When you create a new user account, this account is disabled by default. If you want this new
user to log into the Epicor application, be sure you clear this check box.

Security Manager
The Security Manager status is a special permission granted to certain users. If your user account has these rights,
you can secure menu and process security options to indicate that a module, program, or process is restricted to
specific users.
Security managers are defined User Account Maintenance on the Group sheet by selecting the Security Manager
check box. Note that only other users with security manager status can access to this option. Epicor creates a
single user (manager) with security manager privileges in every database. This default record is created during
installation, and you use this account to create user account records.
The Epicor application restricts access to the System Management module; only users who have security manager
status can access this module. The programs used to create a security strategy are only available within the System
Management module.
Be aware that it is a good business practice to not give yourself Security Manager access on your normal user
account. This ensures the menu choices you make on your normal login are appropriate for your typical daily
routine. It also ensures that other employees do not grant security access to themselves when you are away from
your computer. Instead, create a separate Security Manager account that you use for security tasks.

12

Epicor ERP | 9.05.702

Security Course

Security Privileges

Workshop: Assign Security Privileges

You assign security privileges to a user on the group sheet.
Navigate to User Account Maintenance.
Menu Path: System Management > Security Maintenance > User Security
1. In the User ID field, enter Fred and press Tab.
For this workshop, you select Fred Grandy.
Tip You can limit what this user sees on the Main Menu by entering a value in the Client Side Menu
ID field. Enter a menu identifier for either a sub-menu or a program. When this user launches the
Epicor application, only the contents under the specific sub-menu identifier or the specific program
appear on the Main Menu. You can find the specific menu identifier you need within Menu
Maintenance. This program is described later within this course.

2. Click on the Options sheet.

3. Select the Security Manager check box.
Users with this security access can define and change the profiles of themselves and other users. They can
also access all security programs.
4. In the Tools Options section, select the Allow Personalization check box.
Use this section to assign or prevent this user from accessing various tools and functions throughout the
application. A number of check box options are here; select the options you want available to this user. For
this workshop, Fred Grandy will be able to personalize all programs he uses.
5. In the Access Options section, select the Allow Enterprise Search check box.
Use this section to allow or prevent this user from viewing information within a web browser, mobile device,
and enterprise-wide searches.
6. In the System Options section, verify the Can Maintain Favorites Programs check box is selected.
Use this section to allow or prevent this user from running system-wide capabilities such as company
annotations and adding favorites items to the Favorites bar.
7. Click Save.
If you want to learn more about each security privilege available on this sheet, review the User Account
Maintenance > Group topic in the application help.

Epicor ERP | 9.05.702

13

Security Privileges

Security Course

Workshop: Assign Security Groups

You add a specific user to security groups on the Group sheet.
1. Navigate to the Group sheet.
The Available list displays all security groups to which Fred Grandy can be assigned. He is an engineer, so
you want to add him to the _Production Staff group
2. Highlight the _Production Staff group from the list.
3. Click the Right Blue Arrow button.
4. The _Production Staff security group now moves to the Authorized list.
5. Click Save.
Fred is now an official member of the Production Staff security group.

14

Epicor ERP | 9.05.702

Security Course

Security Privileges

Workshop: Assign Companies

You can also define which companies within your organization Fred can access.
1. Navigate to the Company > Detail sheet.
2. On the left, expand the Tree view.
3. From the list of companies, select EPIC06.
4. Verify the Main Plant displays within the Authorized Plants field.
5. Click Save.
6. Exit User Account Maintenance.
Fred Grandy now can access programs from the Main Plant with the Epicor Education company.
If your organization has a Multi-Site license, you can additionally set up external companies for Fred's user account.
When you assign external companies to a user account, this user can see data from other companies on
dashboards. This functionality is beyond the scope of this course. For more information, take the Multi-Site course
or review the Multi-Company Technical Reference Guide in the application help.

Epicor ERP | 9.05.702

15

Assign Security

Security Course

Assign Security
You explore how to assign security to programs, processes, and fields during this section of the course.
You assign security through three programs:
Menu Maintenance
Process Security Maintenance
Field Security Maintenance
You can also restrict access to specific areas of the Epicor application using run time arguments. You set up these
run time arguments on the desktop icons for client installations. The Run Time Argument Menu Control section
describes this functionality.
Security Conflicts
The application handles any conflicts between security groups through an access hierarchy.
1.

If a user is assigned to security group Engineering, which allows access to the Engineering Workbench, and
security group Purchasing, which does not, the user will still be able to launch the Engineering Workbench.
The security group with more access overrides the security group with less access.

2.

Likewise, if a user is assigned rights to a program, but is assigned to a group which is not, the user is still
able to launch the program. User rights have precedence over group rights.

3.

The Allow Access mode also has precedence over the Disallow Access mode. You select these modes on
the Menu Maintenance, Process Security Maintenance, and Field Security Maintenance programs.

Run Time Argument Menu Control

You can assign security on specific desktop icons by using run time arguments. Use this functionality to limit the
programs that display when users launch the Epicor application from a desktop icon.
This security functionality is an effective way to quickly set up a level of security on workstations. You do not
need to use security groups or user accounts with this functionality.
Each workstation can have a number of desktop icons available for launching the Epicor application. Each desktop
icon can in turn be set up to launch the Epicor application in a specific mode. These modes, or run time arguments,
activate immediately when a user double-clicks on the program icon.
You can use the "/ menuid" run time argument to cause the Main Menu to only display a specific sub-menu or
a specific program. The user who launches the Epicor application using this icon is then limited to the programs
accessible within either the menu or the specific program.
You can also use the /TE and /CRM run time arguments to set up unique concurrent user licenses. The /TE
argument limits the Main Menu to display only the Time and Expense functionality, while the /CRM argument
limits the Main Menu to display the Customer Relationship Management functionality. These unique licenses
consume a different concurrent user pool. Activate these licenses either when you want to limit a workstation
to display only these specific functions or when you want to set up additional licenses separate from the general
user pool.

16

Epicor ERP | 9.05.702

Security Course

Assign Security

Workshop: Define Run Time Arguments

To leverage this feature, you display the Properties window for the Epicor icon and then modify the Target field
to include a menu ID.
During this workshop, you will limit a workstation to only display programs in the CRM module.
1. On the desktop for the workstation, right-click on the application's icon.
2. A context menu displays. Select the Properties option.
3. The applications Properties window appears, displaying the Shortcut tab.
4. In the Target field, enter a [Space] after the target directory path.
5. Now enter the "-config" run time argument and indicate which configuration settings file the icon will use.
6. Next add a right slash ("/") and enter the identifier for the menu or program that you want to display. To
restrict the workstation to display only the CRM module, enter:
C:\_Epicor\905client\MfgSys.exe -config=default.mfgsys /menuid=CRMN0000
7. Click Apply.
8. Click OK.
9. Now when users launch the Epicor application from this desktop icon, they will only see the CRM module
on their Main Menu tree view.
This method may not limit access to all the programs you intend. Several programs can still be launched by
right-clicking various fields. For example, users could still launch Part Maintenance the Part field's context menu.
You will need to use other security methods described later in this course to restrict access to the programs
available on context menus.

Epicor ERP | 9.05.702

17

Assign Security

Security Course

Menu Maintenance
Use Menu Maintenance to customize the menu interface throughout the application. You can select a specific
dashboard, custom program, or custom report, and make it available to everyone in your company.
Menu security is considered the highest level in which security privileges are set. Security established at this level
allows a folder or program to not display on the Main Menu for any number of security groups or specific users
you identify. Changes you make in this program display on all the workstations that run the application.
Menu Maintenance has two main functions. It allows you to replace a current program with a customized program
and add menu items for custom programs and custom reports.
Important You can only use this program if you have Customization Rights. For information on how
to obtain these rights, read the User Account Maintenance > Group topic.
Business suite modules are organized into folders. Submenus and module function categories, such as Setup,
General Operations, and Reports, are also organized into folders; security is not required. All menu options,
except those in the System Management business suite, are available to all users when the application is installed.
Key Fields
This section highlights key fields and areas in Menu Maintenance.
Security ID
This is the internal security ID and description for a module, submenu, or program. The Security ID field is display
only.
Security Manager Access Only
Select this check box to indicate that this module or program is restricted to security managers. Only users selected
as a security manager in User Account Maintenance have access to this option.
Current Company Only
Select this check box if the security privileges you are setting apply to the current company from which you have
launched Menu Maintenance.
Disconnected
This check box determines whether the security ID is available in Mobile Connect. This setting is maintained by
Epicor, so the check box is never available (grayed out).
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Menu Maintenance
System Management > Utilities > Menu Maintenance
Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

Workshop: Create a Security Code

During this workshop, you will create a security code and indicate which users have access to this code.
Navigate to Menu Maintenance.

18

Epicor ERP | 9.05.702

Security Course

Assign Security

Menu Path: System Management > Utilities > Menu Maintenance

Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

1. Click New and select New Security.
2. In the Security ID field, UD_XXX (where XXX are your initials).
3. In the Description field, enter Production Staff Engineering.
The purpose of the description is to briefly describe the purpose of the new security.
4. Select the Current Company Only check box to apply this security code against the Main Menu structure
for the current company.
Only users with access through this security code can display and launch the programs within this company
node, but this security code is not applied against other companies. If the Current Company Only check box
is not selected (check box is clear), this security code is applied against all companies within your Epicor
application.
Tip The Security Manager Access Only option is useful when you are first setting up security, as
it blocks all accesses until you create a security plan. As described previously in the course, you assign
security rights to user accounts within User Account Maintenance.

5. To prevent users within this security code from launching the Epicor application within an internet browser,
select the Exclude Epicor Web Access check box.
6. Navigate to the Allow Access sheet.
Important You can use either or both sheets to assign security; remember that the Allow Access
method overrides the Disallow Access method. If a user is assigned to both sheets, the user has access
to programs assigned to this security code.

7. Clear the Allow Access to All Groups/Users check box.

The Groups/Users and Selected Groups/Users lists become active. Note, however, that until you add
users and/or groups to the Selected Groups/Users list, nobody has access through this security level. Be sure
you are ready to assign security before you clear this check box.
8. Highlight the _Production Staff security group.
9. Click the Right Blue Arrow button.
The _Production Staff security group displays on the Selected Groups/Users list.
10. Click Save.
11. Remain in Menu Maintenance.
Now only users assigned to the _Production Staff security group have access to programs linked to this security
code. Any groups or users that remain in the Groups/Users list do not have access to the programs assigned to
this security level.

Epicor ERP | 9.05.702

19

Assign Security

Security Course

Workshop: Assign Menu Security

During this workshop, you will assign your new security code to the Engineering Workbench.
When you assign a security code to a selected program, only those users given access through this security code
can launch the program. If a security group (or user) is not included in the security ID, individuals in this group
(or user) cannot launch this program from their Main Menu.
1. Navigate to the Detail sheet.
2. In the Tree View, select Production Management > Engineering > General Operations > Engineering
Workbench.
Important Be aware that when you change the security code for a standard menu item like the
Engineering Workbench, this code reverts back to its original security code when you install the next
service pack. You should either use this functionality only for custom programs or be prepared to
reassign the menu security codes after a service pack installation.

3. Click the Security ID button.

The Security Search window displays.
4. Search for and select the UD_XXX (where XXX are your initials) security code you created during the previous
workshop and click OK.
The Security ID field now displays the new security level you have selected.
5. Click Save.
6. Exit Menu Maintenance.
This program is assigned to this security level. You could now continue to assign security levels to the programs
you need on the Main Menu.
You can also review which programs are assigned to this security code. To do this, return to the Security sheet
and find/select your UD_XXX security code. The Menu Options field displays all the programs that currently use
this security level.

20

Epicor ERP | 9.05.702

Security Course

Assign Security

Process Security Maintenance

Use this program to establish security at the process level and at the method level within a process.
Use the Process sheet to set the security privileges at the process level.
Use the Method sheet to establish security at the method level within a process. A method is an action that can
be taken in a process such as Update, Get New, Approve, and so on.
Example The Terms process (Business Object) is in the menu in several places, as well as being called
from within Company Configuration and other programs. If you want to block access to from ANYWHERE,
you would limit it at the business object level (BO.Terms) on this Process sheet. If you want to block the
ability Update to any existing Terms codes, you would limit it at the Method level (BO.Terms.Update)
on the Method sheet.
When a business object is secure, all methods within this business object are also secure. This can lead to
unexpected results, as the methods will not run through Service Connect, embedded processes, and from other
menu options. Epicor recommends you assign security in a test environment first before you deploy security
within your live environment.
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Process Security

Workshop: Assign Process (Business Object) Security

You define a business object's security by first selecting it and then indicating which groups/users can and cannot
access it.
Navigate to Process Security Maintenance.
Menu Path: System Management > Security Maintenance > Process Security
1. Click New.
2. Click the Process ID button.
Note You can also use the Search button on the Standard toolbar to find and select the business
object you need.

3. Search for and select the bo.AbcCode business object.

4.
5. Select the Current Company Only check box to apply this security setting for the process against the
current company.
Only users with access through this security code can display and launch the programs within this company
node, but this security code is not applied against other companies. If the Current Company Only check box
is not selected (check box is clear), this security setting is applied to this process across all companies in your
database.

Epicor ERP | 9.05.702

21

Assign Security

Security Course

Tip You can restrict this business object to security managers by selecting the Security Manager
Access Only check box. This indicates that only users defined as Security Managers within User
Account Maintenance are able to access this business object.

6. Select the Exclude Epicor Web Access check box.

This prevents users within this security group from launching the Epicor application within an internet
browser.
7. Navigate to the Disallow Access sheet.
Note You can assign security through two sheets, you can Allow Access or Disallow Access to
security groups and users. For this workshop, you will disallow access to this process. You can use
either or both sheets to assign security; remember that the Allow Access method overrides the Disallow
Access method. If a user is assigned to both sheets, the user has access to this process.

8. If necessary, clear the Disallow Access to All Groups/Users check box to prevent all groups and users
from accessing this business object.
Until you add users and/or groups to the Selected Groups/Users list, everyone has access to this business
object. Be sure you are ready to assign security before you clear this check box.
You can now define the specific groups and users that cannot use this business object.
9. Click the Double Right Blue Arrow button to disallow access for everyone.
All the security groups and users move to the Selected Groups/Users list.
10. From the Selected Groups/Users list, highlight the _Production Staff security group.
11. Click the Left Blue Arrow button.
The _Production Staff security group displays on the Group/Users list. Now only users assigned to this security
group can use this process.
12. Click Save.
13. Remain in Process Security Maintenance.
Through this setting, only users assigned to the _Production Staff security group can use the ABC Code process.
You should probably undo this setting after you finish the Security course. This process may be used in other
courses within the Epicor Education database, and keeping this security level will prevent most users from running
it.

22

Epicor ERP | 9.05.702

Security Course

Assign Security

Workshop: Assign Method Security

You can also use Process Security Maintenance to define security for methods within a selected business object.
A method is an action which can be run within a process like Update, Get New, Approve, and so on. For example,
you can use this functionality to permit a user to add a release to an existing purchase order but prevent this
same user from creating a new purchase order.
Tip Not all business objects have multiple methods. This sheet is only for more complex business objects
that perform a variety of actions.
1. Click the Down Arrow next to the New button; select New Method.
The Method sheet becomes active.
2. From the Method Name drop-down list, select GetRows in bo.AbcCode.
3. Select the Current Company Only check box to apply this security setting for this method against the
current company.
4. Navigate to the Allow Access sheet.
5. Clear the Allow Access to All Groups/Users check box.
Until you add users and/or groups to the Selected Groups/Users list, nobody has access to this method.
Be sure you are ready to assign security before you clear this check box.
6. Highlight the _Production Staff group.
7. Click the Right Blue Arrow button.
The _Production Staff security group displays on the Selected Groups/Users list.
8. Click Save.
9. Exit Process Security Maintenance.
Through this setting, only users assigned to the _Production Staff security group can use the Get Rows method
on the ABC Code process. Undo this setting after you finish the Security course. This method may be used in
other courses within the Epicor Education database, and keeping this security level will prevent most users from
running it.

Epicor ERP | 9.05.702

23

Assign Security

Security Course

Field Security Maintenance

Use Field Security Maintenance to establish security privileges at the field level in specific database tables,
extended user defined tables, and fields throughout the application.
Field Security Maintenance contains functionality you leverage to define security privileges on fields for all users,
selected users, and groups. You use this program to first select a table and then allow, limit, or prevent access
to specific fields within the selected table. Each field can have a unique security level assigned to it; this level can
be globally defined for the whole organization, specifically defined for the current company, or specifically defined
for a selected user or group.
Using this program you also can reset the security privileges of the selected field or of the whole table to their
default values for all users. It is also possible to view the security privileges for all the fields in the table for the
selected user.
Set up user accounts and security groups before using this program.
Important Table and field security can only be applied to actual database tables and columns. Use
customization to secure temporary table information. You can also use Business Process Management
method directives to secure temporary tables.
Example The application's Field Help displays several pieces of information including EpiBinding, Database
Field, Like, and the External check box. In this example, the SrcGLTran table is a temp table and not an
actual database table.
In the Technical Details section of Field Help, you can view EpiBinding information for temp tables; however,
database field information does not display and the External check box is selected. If the External check
box is selected and no data displays for the database field, the application indicates this is a Calculated
Column or belongs to a temp table.
You can use Extended Properties Maintenance to verify the table type. If the dataset table is temporary,
Temp Table displays in the Table Type field. Use the Fields > Detail sheet to determine if the field is
External. Typically, temp tables have a Like value that points to the actual table or column used to retrieve
and store the data.
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Field Security
Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

24

Epicor ERP | 9.05.702

Security Course

Assign Security

Workshop: Assign Global Field Security

You can assign security to a specific field that then applies to the entire organization or a specific company.
Navigate to Field Security Maintenance.
Menu Path: System Management > Security Maintenance > Field Security
Important This program is not available
in the Epicor Web Access interface. You can launch this program

from an Epicor Smart Client (Windows ) interface.

1. In the Table field, enter CallType and press Tab.
The Description field displays the purpose of the selected table.
2. In the Tree View, select the CallTypeDesc field.
The Field Name displays the name of the selected field.
Example If the Primary Key check box is selected, it indicates the current field is required by the
database. You cannot change the security option for a Primary Key field; usually these fields are for
identifiers like the customer ID, part ID, and so on. The CallTypeDesc field is not a primary key, however,
so for this example, the check box is clear.

3. In the Access field, select Read.

This option assigns display-only (read-only) rights to the current field. Users can only view data within this
field; users cannot enter any data within it.
The remaining options include:
Full - Users can both view and enter data within this field. This security option is the default.
None - This security option causes the field to be blank. No data displays in this field, and users cannot
enter any data in it. Be aware that the None setting also causes the field's data to not be included when
the dataset is sent to and from its program. This can have unintended consequences for processes, like
BPM directives, which may require this data.
4. Select the Current Company Only check box.
You want this security level to only apply to the field within the company you are currently logged into. If
you keep this check box clear, the Read security level you define for this field is used globally for this field
throughout your organization.
5. Click Save.
6. Remain in the Field Security Maintenance.
Now users can only review the text in the Call Type Description field. Note that after you finish this Security
course, undo this setting so that it does not cause issues for other courses that may use this company.

Epicor ERP | 9.05.702

25

Assign Security

Security Course

Workshop: Security Group Field Security

You can also assign security to a field that only applies to a specific user or security group.
1. Navigate to the Users/Groups sheet.
2. In the grid, select the _Production Staff security group.
3. In the Tree View, select the ShortChar02 custom field.
Tip Custom fields are special fields you can add to a customized form; users then enter unique data
within these fields. For more information about custom fields, enroll in one of the Customization
courses or review the Customization topics within the application help.

4. Click in the Access column to display the drop-down list and select the Full option.
Just like the previous workshop, you have the Full, Read, and None security options. You also have the
Default option; select this option when you want the user or security group to use the global security level
assigned for this field on the Detail sheet.
5. Select the ShortChar03 custom field.
You want to give members of the _Production Staff security group read-only rights to this field.
6. Click in the Access column and select the Read security option.
7. Select the ShortChar04 field.
8. Click in the Access column and select the None security option.
9. Click Save.
10. Exit Field Security Maintenance.

26

Epicor ERP | 9.05.702

Security Course

Assign Security

Workshop: Use Field Security

Now that you have defined field security for the _Production Staff security group on the CallType table, you can
see the security options in action.
Important For this example, Call Type Maintenance was customized to display the ShortChar01,
ShortChar02, and ShortChar03 custom fields. These fields, and their accompanying labels, were added
using the customization tools.
Navigate to Call Type Maintenance.
Menu Path: Sales Management > Customer Relationship Management > Setup > Call Type
Tip The CRM menu path is: Customer Relationship Management > Sales and Marketing Management >
Setup > Call Type
1. In the Call Type field, enter MRKTNG and press Tab.
Notice the three custom fields are available (Full rights) for data entry; you enter a text value, Primary, within
each field. The Full field is the ShortChar01 custom field from the CallType table.
2. The Read Only field is the ShortChar02 custom field from the CallType table.
3. The None field is the ShortChar03 custom field from the CallType table.
4. Click Save.
5. Exit Call Type Maintenance.
6. From the Options menu, select Change User.
7. For the User name and Password, use Fred.
Recall Fred is a member of the _Production Staff security group.
8. Use the Main Menu as previously described to navigate to Call Type Maintenance.
9. Load in the MRKTNG call type record again.
Notice that you can enter and update data within the Full field. The Read Only field displays the data, but you
cannot edit information in it. The None field is empty. Members of the _Production Staff security group cannot
see or edit data within this field.

Epicor ERP | 9.05.702

27

Security Management

Security Course

Security Management

Menu Security Report

Use the Menu Security report to review the current access users and security groups have on the Main Menu.
Generate this report to evaluate the security currently defined for your programs. You can review the security
for users, security groups, or both. You can also filter this report to only display access for a specific program,
user, or security group. This key report can give you a complete overview of the security plan currently in place.
Use this Selection sheet to choose the parameters for the report.
Use the Filter sheet(s) to select the User and Security Group to include on the report.
Important For more information on how to review the status of any reports/forms you print, preview, or
generate, review the System Monitor topic in the Interface Navigation section of online help.
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > Reports > Menu Security Report

System Activity Log

Use this dashboard to review all the database modifications that occurred within the application.
This valuable tool can help you determine where and when specific database changes were carried out and who
initiated these changes. You can quickly locate the database activity you wish to review by filtering the data
activity that displays through several advanced search parameters.
Menu Path
Navigate to this program from the Main Menu:
System Management > Security Maintenance > System Activity Log

28

Epicor ERP | 9.05.702

Security Course

Conclusion

Conclusion
Congratulations! You have completed the Security course.

Epicor ERP | 9.05.702

29

Additional information is available at the Education and

Documentation areas of the EPICweb Customer Portal. To access
this site, you need a Site ID and an EPICweb account. To create an
account, go to http://support.epicor.com.