During our 10.2.200.12 testing, our sales team noticed they can’t delete lines on sales orders, and get an error of:

We didn’t make any changes that I know of, and simply updated our Live 10.0.700.4 database to the latest (10.2.200.12), so none of the security setting should of changed. Reluctantly, I submitted and EpicCare case, and the tech’s response is to run SO Entry in base mode, and if that didn’t work (it didn’t), it’s because of a customization, and then I need to contact my CAM (for consulting). Argh… Upgrading shouldn’t be a wild goose chase.

(Fortune teller says: I bet this group helps me figure it out, rather than Epicor, and E10Help.com should get our six figure Epicor maintenance fee instead…)

Any idea where I should dig next?

I don’t recall anything in BPM’s that could be driving this (not sure how to trace this, error message below does say BPM, but clues are in Greek to me…). The only data directive on the OrderDtl table is for the change log. I’m not sure what to look for in the Service Security Maintenance app (since it’s restricting access to menu items).

Application Error

Exception caught in: Epicor.ServiceModel

Error Detail

Message: Security prevents you from deleting rows in this table.
Program: Epicor.ServiceModel.dll
Method: ShouldRethrowNonRetryableException

Client Stack Trace

at Ice.TablesetBound3.DeleteRow(IceDataContext dataContext, String tableName, LinqRow dbRow, TablesetProfilingCollector parentTraceCollector) in C:\_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 1376 at Ice.TablesetBound3.WriteTable(IceDataContext dataContext, Int32 tableIndex, IIceTable table, TablesetProfilingCollector parentTraceCollector) in C:_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 1007
at Ice.TablesetBound3.InnerUpdate[TUpdater](IceDataContext dataContext, TFullTableset tableset) in C:\_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 892 at Erp.Services.BO.SalesOrderSvc.Update(SalesOrderTableset& ds) in C:\_Releases\ERP\UD10.2.200.12\Source\Server\Services\BO\SalesOrder\SalesOrder.Designer.cs:line 3898 at Epicor.Customization.Bpm.MethodCustomizationBase23.RunDirectives(TParam parameters) in C:_Releases\ICE\ICE3.2.200.12\Source\Server\Internal\Lib\Epicor.Customization.BPM\MethodCustomizationBase2.cs:line 197
at Epicor.Customization.Bpm.CustomizationBase23.Execute(TParam parameters) in C:\_Releases\ICE\ICE3.2.200.12\Source\Server\Internal\Lib\Epicor.Customization.BPM\CustomizationBase2.cs:line 73 at Epicor.Customization.Bpm.BO8A3809B7B8F74E1481D044B07DCBF5DA.SalesOrderSvcCustomization.Update(SalesOrderTableset& ds) at Erp.Services.BO.SalesOrderSvcFacade.Update(SalesOrderTableset& ds) in C:\_Releases\ERP\UD10.2.200.12\Source\Server\Services\BO\SalesOrder\SalesOrderSvcFacade.cs:line 8601 at SyncInvokeUpdate(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at Epicor.Hosting.OperationBoundInvoker.InnerInvoke(Object instance, Func2 func) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\OperationBoundInvoker.cs:line 59
at Epicor.Hosting.OperationBoundInvoker.Invoke(Object instance, Func`2 func) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\OperationBoundInvoker.cs:line 47
at Epicor.Hosting.Wcf.EpiOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\Wcf\EpiOperationInvoker.cs:line 23
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

at Epicor.ServiceModel.Channels.ImplBase`1.ShouldRethrowNonRetryableException(Exception ex, DataSet[] dataSets)
at Erp.Proxy.BO.SalesOrderImpl.Update(SalesOrderDataSet ds)
at Erp.Adapters.SalesOrderAdapter.OnDelete()
at Ice.Lib.Framework.EpiBaseAdapter.Delete(DataRow dr)
at Erp.UI.App.SalesOrderEntry.Transaction.Delete()

I see BPM in the trace… that raises my antena. Is this custom? if not disable all BPMs and try again

web.config change the this line

<customizationSettings disabled="false"

to true and recycle app server and try again. If the error goes away then issue == BPM.

Jose - Thanks for the suggestion. We just disabled the bpms that way (verified it worked when another BPM didn’t fire), but I still get the same result.

It’s interesting that the error message doesn’t reference BPM anymore. Here’s the new one:

Application Error

Exception caught in: Epicor.ServiceModel

Error Detail

Message: Security prevents you from deleting rows in this table.
Program: Epicor.ServiceModel.dll
Method: ShouldRethrowNonRetryableException

Client Stack Trace

at Ice.TablesetBound3.DeleteRow(IceDataContext dataContext, String tableName, LinqRow dbRow, TablesetProfilingCollector parentTraceCollector) in C:\_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 1376 at Ice.TablesetBound3.WriteTable(IceDataContext dataContext, Int32 tableIndex, IIceTable table, TablesetProfilingCollector parentTraceCollector) in C:_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 1007
at Ice.TablesetBound3.InnerUpdate[TUpdater](IceDataContext dataContext, TFullTableset tableset) in C:\_Releases\ICE\RL3.2.200.0\Source\Framework\Epicor.Ice\Services\TablesetBound.cs:line 892 at Erp.Services.BO.SalesOrderSvc.Update(SalesOrderTableset& ds) in C:\_Releases\ERP\UD10.2.200.12\Source\Server\Services\BO\SalesOrder\SalesOrder.Designer.cs:line 3898 at Erp.Services.BO.SalesOrderSvcFacade.Update(SalesOrderTableset& ds) in C:\_Releases\ERP\UD10.2.200.12\Source\Server\Services\BO\SalesOrder\SalesOrderSvcFacade.cs:line 8601 at SyncInvokeUpdate(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at Epicor.Hosting.OperationBoundInvoker.InnerInvoke(Object instance, Func2 func) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\OperationBoundInvoker.cs:line 59
at Epicor.Hosting.OperationBoundInvoker.Invoke(Object instance, Func`2 func) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\OperationBoundInvoker.cs:line 47
at Epicor.Hosting.Wcf.EpiOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) in C:_Releases\ICE\ICE3.2.200.12\Source\Framework\Epicor.System\Hosting\Wcf\EpiOperationInvoker.cs:line 23
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

at Epicor.ServiceModel.Channels.ImplBase`1.ShouldRethrowNonRetryableException(Exception ex, DataSet[] dataSets)
at Erp.Proxy.BO.SalesOrderImpl.Update(SalesOrderDataSet ds)
at Erp.Adapters.SalesOrderAdapter.OnDelete()
at Ice.Lib.Framework.EpiBaseAdapter.Delete(DataRow dr)
at Erp.UI.App.SalesOrderEntry.Transaction.Delete()

Hmmm and you are sure there is no Field or Process security in place?

Field Security: Erp.OrderDtl has Full Access for all fields. All users have Default access. Any other tables that I need to look at?

I’m not sure what to look for in Process Security (now renamed to Service Security Maintenance in 10.2). Looking at bo.Salesorder and bo.SalseOrdHedDtl - both have Allow Access to all groups/users checked, and nothing for Disallow Access

Questions:

1. Can you provide me your epiccare case number please and thank you?
2. Can you delete any other sales order related things other than lines without this error (like releases)?
3. Can you delete the sales order itself?
4. Is the user that is logged in a security manager?
5. Do you get any results from this query in SSMS against the database in question? process/service security check

select * from ice.security
where parentseccode='OBJECT'
and (entrylist <> '*'
or NoEntryList <> '')
and description like '%order%'

6. Do you get any results from this query in SSMS against the database in question? field security check

select * from ice.SecColumn
where tablename like '%order%'
and (writeallowlist <> '*'
or WriteAllowList <> ''
or readallowlist <> '*'
or readdenylist <> '')

Found another case with this error message, and these are the resolution notes:

image.png1146×123 6.66 KB

So if not the BPM, a security setting somewhere–process/service, field, menu (though probably not), extended properties (though probably not), UI customization (though probably not)…

Nathan - Thanks for chiming in.

1. Case CS0001156484
2. I get the same error when attempting to delete a release. Any/All lines can not be deleted (doesn’t seem related to specific parts)
3. Can’t delete the SO either - same error
4. When the logged in user is NOT a security manager, they can’t delete rows. If the user is a security manager, they CAN delete rows. I’ve been testing using my own login, so it doesn’t seem related to the sales people user groups, as I’m in a different SysAdmin user group.
5. No results.
6. One result for the OrderHed - ShipOrderComplete column:
   
   

   image.png1513×84 5.51 KB

BPM’s are disabled via web.config. UI customization is using BASE. I’ll look into the extended properties. Thanks for the help guys!

That confirms it’s field security.

Change the writeallowlist to All in field security for that column, and try again.

Dumb question - how do I set the writeallowlist to All on the ShipOrderComplete column?

I think this was it: I clicked on detail, and changed default access to Full instead of Read, but it still doesn’t allow me to delete, so I didn’t do something right.

When I click on the Users/Groups tab, everyone (Groups and Users) are Default, except for handheld.

Here’s the 2nd query results now:

image.png1680×56 6.27 KB

I’m not sure why I’d have 2 rows for the same column…

image.png927×413 15.1 KB

Was:

image.png774×45 2.46 KB

Changed to:

image.png758×19 1.21 KB

Just like the 2000 supreme court ruling that allowed President Bush to win the state of Florida, what I am about to say doesn’t set a precedent.

1. Backup your database first.

2. Run the following against the database in question.

   delete from ice.SecColumn
   where tablename like ‘%order%’
   and (writeallowlist <> ‘’
   or WriteAllowList <> ‘’
   or readallowlist <> '’
   or readdenylist <> ‘’)

3. Recycle your appserver process afterwards.

4. Try again.

If it works, great!

What is the purpose of restricting this field in field security / can it be done a different way?

Without knowing why, my vote is to restrict access via extended properties for “causal” restriction (it won’t prevent a truly motivated person who knows a fair amount to bypass but it is simple to implement–so, for 99% of use cases for “causal” restriction it works well) or a BPM for “strict” restriction–there is almost always a better option to restrict access to a field than to use field security.

Nathan - Thanks. We’ll give that a try. At least this is ‘only’ our 10.2 upgrade test environment, and this isn’t golive weekend!

Fixed on the EpicCare case (Thanks Nathan and Patricia!). It seems the uplift from 10.0.700.4 to 10.2.x may have changed the Service Security setting on the bo.SalesOrder > DeleteByID method and made it Security Manager Access Only. I unchecked it and added Allow Access to All Groups/Users, and it works.

Next step is figuring out how to find any other differences between 10.0 and 10.2 security settings to stay ahead of this, rather than having end users bring up issues on GoLive day.

Change it from this:

To This:

Meanwhile, inside the mind of @Mark_Wonsil when reading the SQL update comment…

and yes I am about a week behind reading forum posts!

Anyone from Epicor gets a total pass on direct updates. Also, @aidacra was VERY clear about backing up. After all, he WAS describing how to make your database un-usable!

Mark W.