How to do “Record Level Security” within Epicor 10

Built into Epicor ERP, we have multiple levels of security based on various areas (Note that this is not a
complete list).

1. Menu – Gives or blocks an entire menu option

2. Field – Gives or blocks a field from various types of access
3. Process – Gives or blocks specific business methods within programs
4. Buyer – Buyers can access specific POs based on Buyer code
5. CRM Sales Person – gives access to only specific customer CRM Data
6. Company & Plant – Gives or blocks access to specific Company or Plant data

There are instances where the security options above are not enough. For example, I may have some
users that are allowed to enter or modify a supplier record, but there may be “Special” suppliers that
are not allowed to be used, or even seen by all users. Security may be even so tight that those suppliers
are to be hidden even in supplier search functions. Note that this same technique can be used for many
different types of records including Parts, Jobs, Sales Orders, Purchase orders or Customers.

SOLUTION:

This may not be the entire solution, and there are other tricks that can do similar functions (such as a
default quicksearch). If you really want to hide a specific supplier from all views, reports, and
dashboards, there may be additional changes that need to be applied.

The solution below will help go toward making a supplier so that they don’t appear in regular search
windows, nor will it be allowed to be directly accessed if the user knows the supplier ID.

To achieve this filtering, we first must establish some flag that we can filter on so that we can eliminate
the records, and some way to know WHO is allowed and disallowed from seeing those records.

In my example, I created some rules to be applied to my company:

1. We have a special group of suppliers that need to have restricted access. These suppliers are all
“Partners” who receive special payments.
2. We decided that these suppliers all belong to a supplier group called “PTNR”.
3. We have created a special security group within the company called “PTNR” – Only people in this
security group are allowed to see suppliers who are “Partners”
This will require TWO BPMs to hide suppliers in search functions:

Both of these BPMs are nearly identical. Each one has a condition that checks the users Security group(s)
to find out if they belong to a group that is allowed to see/edit Partners. If they are not allowed, then we
have one line of C# code that removes all the Partners from the list of visible suppliers.

BPM 1: Vendor.GetList/Post Processing – This BPM executes when the user presses the <Supplier
Search> function in any process. It removes all the suppliers that are marked as PTNR from the search
window if the user is not in a special security group.

BPM 2: Vendor.GetByVendID/Post Processing – This BPM executes when a user directly enters a
supplier ID into the supplier ID Field. This will basically do the same as BPM 1… only it will just treat the
supplier entered as a “new” supplier until they try to save, at which time, it will say that it is a duplicate
supplier ID.

Below are screenshots of the BPM Flowcharts as well as the C# code that is required to make them
work.

BPM 1

The C# code inside the “Remove Partners” box above is:

ttVendorList.RemoveAll(ttVendorList_Row => ttVendorList_Row.GroupCode == "PTNR");

BPM #2

The C# code inside the “Remove Partners” box above is:

ttVendorList.RemoveAll(ttVendorList_Row => ttVendorList_Row.GroupCode == "PTNR");