[ Experts Corner Request ] Field Security vs Extended Properties

(Haso Keric) #1

Anyone with better understanding - up for creating a Experts Corner Article sharing the differences (pros/cons) of Field Security vs Extended Properties

Such as:

  • How are DMTs Affected
  • How are Method / Data Directives Affected
  • How are Updatable Dashboards Affected
  • How are Adapter Methods Affected by Field Security (I see often users just go to Field Security, not knowing that Extended Props has that magical hidden “view”)
  • How does Epicor’s Field Security Engine work (does it censor columns, exclude them or not even transfer them over net.tcp if None is Set?)
  • Extended Props has DataTables, Field Security Doesn’t
  • Is it okay to apply Read Security to PartTran.TranDate (seems kinda broad)
  • If you apply Field Security can it still be set by Print User or Async / Sync BPM?
  • Best Case for Extended Props
  • Best Case for Field Security

@aidacra @Bart_Elia @erikj @josecgomez @Rich @Chris_Conn @Mark_Wonsil @markdamen @edge @timshuwy

Fix All Report Styles (.rdl) with Issues
(Mark Wonsil) #2

Field Security vs. Extended Properties vs. BPM. We do use security group membership to control access to certain fields. It’s nice because it doesn’t bypass Security Manager - unless you want it to…

Mark W.

(Kristine Fierce) #3

Also how these should be used in a multi company environment.

  • Do you set either in one company or do you need to set up for each company?
  • Can we set different security or different properties for each company or do they have to be the same for all companies?


(Haso Keric) #4

@timshuwy where are you!!! :slight_smile:

(Mark Wonsil) #5


We only have one and it appears that it can be set company-wide as well as a single company. All of our security groups begin with the company ID or with a global identifier so we can control cross-company access.

Mark W.

(Kristine Fierce) #6

@Mark_Wonsil you are correct. What I am looking for is more best practices and documentation on how Epicor suggests we use this in a multi company environment.

(Tim Shoemaker) #7

Personally, I like BPM security for WRITE access to fields (ie… when you want someone to SEE a value but not CHANGE a field… reason, is because you can “logic based” rather than an all or nothing approach.
Example: Sales user is allowed to DECREASE the credit limit, and they are allowed to put a customer on-credit hold, BUT they are not allowed to INCREASE the credit limit or take the customer off hold. This logic based can easily be done in a BPM either in a Data In-Trans BPM or in a method BPM depending on the need.

(Nathan your friendly neighborhood Support Engineer) #8

Thy request is my command for I am this site’s humble(ish) servant.

And in 10.2.300, there is an additional X factor to throw in that piggybacks on the field security framework called data masking which I’ll throw in free of charge.

Give me a little bit to put it all together.

EDIT: spoiler, I am biased against field security but I’ll try to be as neutral as I can.

(Haso Keric) #9

AWESOME!!! I’ll make sure @josecgomez and @Chris_Conn get you drunk during Insights 2019. :slight_smile: i’ll throw in @Drozy2017 to buy dinner :slight_smile:

(Chris Conn) #10

Haha i barely got to go to Insights 2018 - and only because it was down the road from my house :stuck_out_tongue: I dont think they’re sending me to Vegas :frowning:

Think about all those slots I am gonna miss out on… time slots for courses of course.

(Haso Keric) #11

@Bart_Elia packs light, he always has extra room in his suitcase.

(Nathan your friendly neighborhood Support Engineer) #12

Just an update. I haven’t forgotten, just waiting until after October 1, 2018 so I can claim this white paper towards my FY2019’s annual review accomplishments :face_with_monocle:

(Jose C Gomez) #13