Company-Specific Security Groups Not Appearing

e10

(Bryan Bussey) #1

We converted from E9 to E10 a year ago, and all the inherent Security Groups were flagged as All-Companies (or at least, that’s how they converted over). We’ve since added a second company and now, any new Security Groups created automatically are assigned to the current company as the Owning Company field defaults to the current company. That’s fine, as that’s what we want to happen. However, these new Security Groups do not appear anywhere and cannot be chosen. Is there a system setting that needs to be flagged?


New Security Group “_116T” entered in the Maintenance UI.


The new Security Group does not appear in the search screen.


The new Security Group does not appear as a selection option in Menu Maintenance.



The new Security Group does not appear as a selection option in User Maintenance even though the user is authorized for the specific company.

Epicor’s “solution” is to create multiple iterations of the menus for each company and assign the different Security Codes. But this is academic if the option to create global Security Codes no longer exists. And it would seem that if company-specific security codes can be accessed, then only one menu set is required.

Has anyone encountered something similar? Any suggestions?


(Haso Keric) #2

May be a longshot since I haven’t done company-specific Securities yet. BUT.

Try this first if it is not… change your Description to be Unique. I cant recall fully there is a bug… Make sure your IDs and Descriptions are Unique, see if you have the same issue I had.

Meaning dont have 2 Cash Apps Descriptions despite IDs being diff.

In addition
After walking through many screens we discovered that even though the Security Group is not displaying in the Menu Group list, it is however included in the list behind the scenes. Then we wondered how is it doing this?

We were able to replicate this by adding a User Name that matched the name of our security Group (It doesn’t matter what the Id is). When this occurs the listing disappears from the Menu access screen. On the other hand If then you delete that User, it will also remove access of the Security Group from all Menu ID’s. Leaving Users without access.

I believe that this is what happened at some point with loading the training Users into the system and why we are missing access.

Recommendations:

  1. Do not add a User Name (First + Last) that will match a Security Group description. This causes Invisibility Bug on Menu Maintenance although security functionality remains active
  2. Do not add a User with an ID that Matches the ID of a security group. This causes Epicor to assume that they are the same thing and it will remove the remain group from all security Menu access.

Also if you do have a UserID called SalesTest and a Security Group SalesTest, by deleting one or the other I cant recall it will remove the Security from all Menus.


(Haso Keric) #3

For us it was we had a security group:
SALESADM (Sales Admin)

Then we had a User Named Sales Admin (First Name + Last) for Training purposes, it made the Security Group Invisible on the Menu Maintenance… Actually… We even assigned it to Menu’s then realized “it disappeared” well on the frontend it did, but in the database it did not; which lead us to some more research hence the answer above.


(Bryan Bussey) #4

Okay, I made sure the description is a unique name. The code already is unique. Signed out and back in, still not visible in the search or the two maintenance screens. I can access the record by the security code in Security Group Maintenance to modify it.


(Bryan Bussey) #5

I take that back. The Code is indeed showing now that the description is different. Thanks for the help.


(Haso Keric) #6

Who knew that a Users Name / Security Description lack of uniqueness could cause such havoc… I am sure even if you had a John Smith 2x, with diff id’s as User’s it would cause a problem.


(Bart Elia) #7

Ticket please!


(Haso Keric) #8

Will do I have a backlog of 5 tickets to write… I did the Evernote Collection / Replication Screenshots.

@Bart_Elia How do I create a Ticket without spending hours / webex sessions with the Support Rep… I submit the Replication steps + Screenshots and they paste a Script (following process) which I ignore or I reply to it saying “I spoke with Bart Elia, this is legit, proceed to your next step” they close the ticket with “Customer didnt respond”

Not want to pick on Support here, we already did that… BUT I am going to submit it, wether it ever gets to you guys, is out of my hands :slight_smile:


(Bryan Bussey) #9

Actually, that definitely solved the Security Group issue but the concept still isn’t working as I think it should. For example, if I want a user with access to both companies to be able to apply credit memos only in Company-2: I would have two security codes for Accounts Receivable, one for Company-1 (we will say AR1) and one for Company-2 (AR2), and two codes for Apply Credit Memos (ACM1 and ACM2). The standard security id for Accounts Receivable (SEC007) would have AR1 and AR2 added to the Allow Access combo box. The standard security id for Apply Credit Memos (SEC216) would have ACM1 and ACM2 added to the Allow Access combo box. If I have User-A that should have access to A/R in both companies, and to Apply Credit Memos in Company-2 but not in Company-1, the user should have Security Groups AR1, AR2 and ACM2 added to their user security record combo box in my mind. I’ve done that, yet the user still has access to Apply Credit Memos in Company-1.


(Haso Keric) #10

Are all of them Company Specific? AR1, AR2 and ACM2 = Specific to Respective Companies?

@Mark_Wonsil I think deals more with cross-company Security lets tag him


(Haso Keric) #11

Actually if I recall you also need to Clone your Menu Item / Security ID / Menu Path

Make for example:

  • Accounts Receivables / General Operations / My Menu Item (This is Company A) [Specific to A]
    ** Here the Menu ID is A_WHTV823 and A_SECWHTV823
  • Accounts Receivables / General Operations / My Menu Item (This is Company B)
    ** Here the Menu ID is B_WHTV823 and B_SECWHTV823

I know it was a cumbersome process… I think thats the only way to get it to toggle Menu’s Per Company and Re-Evaluate Security.

@Mark_Wonsil was that your finding too?


(Haso Keric) #12

Check out https://www.ctnd.com/content/epicor-security-setuptool/

and


(Bryan Bussey) #13

Yeah, you have it correct. It’s annoying. That option or creating multiple user records for personnel that need to access both companies are the two solutions that Epicor recommended. I told them that they could solve the problem by adding Company to the security group logic when determining whether or not access should be granted to a menu item. That’s a bug in my mind. They have it listed as a problem to be resolved, but not anytime soon.


(Mark Wonsil) #14

We’re in the middle of rethinking our Security Groups but we’re leaning towards:

{comp}-capability

so something like:

C1-CanApplyCM
C2-CanApplyCM

And like @hasokeric says, you have to create a Security ID within each company. Yes, it’s a pain but I don’t know away around it.

The next step is to define “Roles” in a UD table to group a list of capabilities for a role.

Then create an “Exclusion” table for capabilities that shouldn’t belong together in a role.

Then a customization to copy all of the capabilities from a “Role” to the User or from another User.

Finally, create security ID for all BAQs and and key Business Objects to lock down items from non-Menu access (like REST, etc.)