Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Company Level Security Restriction
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Chris Radcliffe
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5187
People Online:
Visitors:
271
Members:
0
Total:
271
Online Now:
New Topics
S3 Customization/Development
Cobol - Extract Current Time
4/24/2024 7:21 PM
How do you extract just the Current System Time in
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1351
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Company Level Security Restriction
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
Greg Moeller
Veteran Member
Posts: 1498
2/16/2012 6:48 PM
We've been tasked to implement company level security to an already existing LSF9 security setup. We are taking on a different hospital, and now need their data to be separate from ours.
What's the best way to do such a feat? I'd prefer not to have to go into each and every security class and write more rules.
Any way to use the CompanyControl attribute of RM to do this? Who's willing to share an example?
Thanks in advance,
-Greg
Jimmy Chiu
Veteran Member
Posts: 641
2/16/2012 7:37 PM
CompanyControl is just an multi-value attribute you can use to "compare" against forms/tables/elements/element groups to grant access or not. So I am afraid you still need to go in secClass to add/modify the rules.
typically for table:
if(user.attributeContains('CompanyControl',lztrim(table.COMPANY)))
'I,'
else
'NO_ACCESS,'
Greg Moeller
Veteran Member
Posts: 1498
2/17/2012 4:04 PM
Thanks, Jimmy... I was afraid you were going to say that! We have 540+ security classes and 5500+ rules. This is going to take us a while, then.
I was hoping that there was a simpler (global) solution to company level security for both the screens and the tables.
John Crudele
Veteran Member
Posts: 50
2/17/2012 5:17 PM
Greg
What created a structure is resource manager
Then made it an attribute on the users profile and assigned the users company to the attribute
Then we created a security class with a rule on the company element
if(isStructNodeTitleAbove('PlatformStructure',COMPANY,user.getAttribute('Platform')))
'ALL_ACCESS,'
else
'NO_ACCESS,'
We assigned the security class to a role then assigned the role to everybody
Greg Moeller
Veteran Member
Posts: 1498
2/20/2012 4:01 PM
So, John, when you assign this role to everyone, does that fix the other existing roles that may have access wide open to company.. permission for every company?
John Henley
Senior Member
Posts: 3348
2/20/2012 6:41 PM
Since with LS, "most restrictive wins", having a "global" rule like that should achieve your goal. You just have to make sure it is include in a role that is assigned to every user.
Greg Moeller
Veteran Member
Posts: 1498
2/20/2012 6:47 PM
John: I thought it was "most permissive wins" ?
John Henley
Senior Member
Posts: 3348
2/20/2012 7:48 PM
Man, I blew that one, didn't I? You are correct: the first rule encountered that grants access ends the rules processing.
John Crudele
Veteran Member
Posts: 50
2/21/2012 12:45 PM
Greg
We set-up a role called "company role" and assign it to whoever needs to have their access limited by company. If you have full access to all companies we do not assign the role.
Regards
JC
Greg Moeller
Veteran Member
Posts: 1498
2/21/2012 7:00 PM
So, John. What do you have in the "company role"?
John Crudele
Veteran Member
Posts: 50
2/24/2012 12:40 PM
Greg
1) we created our company structure in resource manager
2) Created an attribute on the user profile and entered in the company information
3) created a security class called CompanySecClass with a conditional rule on the company element
if(isStructNodeTitleAbove('PlatformStructure',COMPANY,user.getAttribute('Platform')))
'ALL_ACCESS,'
else
'NO_ACCESS,'
4) Created a security profile calle CompanyRole and assigned the above security class to it
5) Add the CompanyROle security profile to the individual users profile
Regards
JC
Greg Moeller
Veteran Member
Posts: 1498
2/24/2012 6:38 PM
JC, Thanks! This helps, but since I've never done anything like this (except in class 4 years ago) I'd appreciate more help. Would it be possible for you to send me a screen shot of your structure? That way I may be able to wrap my brain around this quicker. If you cannot, I understand.
John Crudele
Veteran Member
Posts: 50
2/28/2012 8:17 PM
Greg
I am finishing up our LSO install and training. i will send you screenshots on Thursday
Greg Moeller
Veteran Member
Posts: 1498
2/29/2012 3:43 PM
That would be great, John. Thanks!
Greg Moeller
Veteran Member
Posts: 1498
3/13/2012 2:27 PM
John: A screenshot would be appreciated.
You are not authorized to post a reply.