8.12 Security/Menu Access

serenity_now

Active Member
Hi All,

Just have a generic questions. A requirement for our company was that users ONLY see the menus in which they have access to.

In order to do this we had to mark all menus as secured, and then change the relevant setting in Solution Explorer security. So esentially, we have about 30 roles, each role can see different parts of the menu.

There is no real security applied, the users just cant see anything they are not supposed to, and they do not have access to fastpath/BV.

This approach has become tiresome, as if a specific users needs to access another portion of the menu, I have to create a new role for this purpose. I cant change her existing role because the other users belonging to it are not supposed to see that item.

I guess my question is, how uncommon is this security setup? What is the approach others have taken when it is required that users only see specific menus?
 
yikes!

"There is no real security applied, the users just cant see anything they are not supposed to, and they do not have access to fastpath/BV. "

that is the worst possible security. that is the school of "open door/menu only security". I hope that your company is not required to pass any kind of an IT or SOX audit because it would fail miserably. Your setup is now VERY uncommon. The current methodology that most companies are following is "all doors closed / grant back". In that model all objects are secured, and only the objects that the usergroup needs are allowed.

if your company decides to do a closed door approach, take a look at all-out security or qsoft. Both applications can speed up the process of defining a closed system.

- Gregg
 
Thanks, I figured the security model was off. What I am specifically looking for clarification on is menus. How do you go about filtering the menus so only specific users/roles can see specific menus?
 
[ QUOTE ]
Thanks, I figured the security model was off. What I am specifically looking for clarification on is menus. How do you go about filtering the menus so only specific users/roles can see specific menus?

[/ QUOTE ]

Not to beat a dead horse, but if your security model was correct, ie a closed system, your question would be moot.

To hide menus, use FineCut.
 
[ QUOTE ]
[ QUOTE ]
Thanks, I figured the security model was off. What I am specifically looking for clarification on is menus. How do you go about filtering the menus so only specific users/roles can see specific menus?

[/ QUOTE ]

Not to beat a dead horse, but if your security model was correct, ie a closed system, your question would be moot.

To hide menus, use FineCut.

[/ QUOTE ]

It is now called Menu Filtering.

If an item is secured it will not appear on a menu. If you implement real security you would kill two birds with one stone.
 
[ QUOTE ]
If you implement real security you would kill two birds with one stone.

[/ QUOTE ]

And, as an added bonus, you'll get two experienced CNC pundents off your case.
grin.gif


Thanks for the jargon correction Jeff. I guess I've been around this app for too long and am still using the old jargon. my bad
 
[ QUOTE ]
[ QUOTE ]
If you implement real security you would kill two birds with one stone.

[/ QUOTE ]

And, as an added bonus, you'll get two experienced CNC pundents off your case.
grin.gif


Thanks for the jargon correction Jeff. I guess I've been around this app for too long and am still using the old jargon. my bad

[/ QUOTE ]

NP Gregg, I still think "Fine Cut" every time I do it even though the button says "Menu Filtering."
 
I suppose that was the part I was missing. So if RoleA was not able to run P4101, then RoleA wouldnt see this application on the menu? Or would I still have to explicitly disable that menu item for Role A?
 
[ QUOTE ]
I suppose that was the part I was missing. So if RoleA was not able to run P4101, then RoleA wouldnt see this application on the menu? Or would I still have to explicitly disable that menu item for Role A?

[/ QUOTE ]

If RoleA did not have the security for P4101, even if it was in their menu, they would not see it.
 
[ QUOTE ]
Hi All,

Just have a generic questions. A requirement for our company was that users ONLY see the menus in which they have access to.

In order to do this we had to mark all menus as secured, and then change the relevant setting in Solution Explorer security. So esentially, we have about 30 roles, each role can see different parts of the menu.

There is no real security applied, the users just cant see anything they are not supposed to, and they do not have access to fastpath/BV.

This approach has become tiresome, as if a specific users needs to access another portion of the menu, I have to create a new role for this purpose. I cant change her existing role because the other users belonging to it are not supposed to see that item.

I guess my question is, how uncommon is this security setup? What is the approach others have taken when it is required that users only see specific menus?

[/ QUOTE ]

Here's something I wrote up that you may find interesting:

http://jeffstevenson.karamazovgroup.com/2010/03/bypassing-enterpriseone-menu-based.html
 

Similar threads

E9.2 How do I block access to security for all users?
Replies
5
Views
2K
Harry Chen
E9.1 Assess if only one user ID should be used to run all scheduled jobs in JDE
Replies
1
Views
1K
markdcci
markdcci
E9.2 Role not granting user complete access to object
Replies
4
Views
2K
peterbruce
peterbruce
E9.2 Associate Menu and Security
Replies
1
Views
2K
MFreitag
MFreitag
DrWhat?
E9.2 Security not applying equally
Replies
5
Views
2K
Harry Chen
Back
Top