How to make sure your underlying data directories are Secure in Epicor 9.
In Epicor 9, all XML files and reports are generated in each usernames directory. In the example below, there is only one username called epicor. You can see the XML’s and TXT files along with the dates created. Epicor uses a file naming standard that a person can easily figure out what report each file belongs to. For example-AP Invoice Edit List, AR Invoice, Journal Listing, Petty Cash report, SO Pick list and so on.
In an Epicor production system, every Epicor user will have a directory in this reports directory. Even if you did a perfect job locking down the Epicor Menu security, you have to secure these directories. When the CFO or payroll person prints, all the files are placed in the username directory. If you do not secure these directories then corporate financials or payroll information is available thru window explorer.
Also remember to secure these directories also when new employees are hired. When a person leaves the company, someone needs to review the contents and delete every file not needed. All files that need to be kept should be copied to another directory. Then delete the ex-employees directory from the reports directory.
If there is a need to keep special, weekly, monthly, or yearly reports for a long period, these reports need to be moved somewhere else on the server. Some companies have written windows Command routines to purge all files from these directories on a periodic basis.