[ Experts Corner Request ] Field Security vs Extended Properties


(Haso Keric) #1

Anyone with better understanding - up for creating a Experts Corner Article sharing the differences (pros/cons) of Field Security vs Extended Properties

Such as:

  • How are DMTs Affected
  • How are Method / Data Directives Affected
  • How are Updatable Dashboards Affected
  • How are Adapter Methods Affected by Field Security (I see often users just go to Field Security, not knowing that Extended Props has that magical hidden “view”)
  • How does Epicor’s Field Security Engine work (does it censor columns, exclude them or not even transfer them over net.tcp if None is Set?)
  • Extended Props has DataTables, Field Security Doesn’t
  • Is it okay to apply Read Security to PartTran.TranDate (seems kinda broad)
  • If you apply Field Security can it still be set by Print User or Async / Sync BPM?
  • Best Case for Extended Props
  • Best Case for Field Security

@aidacra @Bart_Elia @erikj @josecgomez.sixs @Rich @Chris_Conn @Mark_Wonsil @markdamen @edge @timshuwy


(Mark Wonsil) #2

Field Security vs. Extended Properties vs. BPM. We do use security group membership to control access to certain fields. It’s nice because it doesn’t bypass Security Manager - unless you want it to…

Mark W.


(Kristine Fierce) #3

Also how these should be used in a multi company environment.

  • Do you set either in one company or do you need to set up for each company?
  • Can we set different security or different properties for each company or do they have to be the same for all companies?

Kristine


(Haso Keric) #4

@timshuwy where are you!!! :slight_smile:


(Mark Wonsil) #5

Kristine,

We only have one and it appears that it can be set company-wide as well as a single company. All of our security groups begin with the company ID or with a global identifier so we can control cross-company access.

Mark W.


(Kristine Fierce) #6

@Mark_Wonsil you are correct. What I am looking for is more best practices and documentation on how Epicor suggests we use this in a multi company environment.


(Tim Shoemaker) #7

Personally, I like BPM security for WRITE access to fields (ie… when you want someone to SEE a value but not CHANGE a field… reason, is because you can “logic based” rather than an all or nothing approach.
Example: Sales user is allowed to DECREASE the credit limit, and they are allowed to put a customer on-credit hold, BUT they are not allowed to INCREASE the credit limit or take the customer off hold. This logic based can easily be done in a BPM either in a Data In-Trans BPM or in a method BPM depending on the need.