• Search Forums
    Advanced Search
Prev
Next
Forums Infor / Lawson Platforms S3 Security

ESS Payment Modelling

 8 Replies
 0 Subscribed to this topic
 18 Subscribed to this forum
Sort:
Author
Messages
ALB
Veteran Member
Posts: 132
Veteran Member
New Poster
New Poster
Congrats on posting!
Engaged Poster
Engaged Poster
Wow, you're on a roll!
Avid Poster
Avid Poster
Seriously, you're a posting maniac!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
8/27/2013 3:50 PM
We have been having security violations with Payment Modelling in ESS.  The rule is:

if(isElementGrpAccessible('COMPEMP', '', 'PR', form.EMP_COMPANY, form.EMP_EMPLOYEE))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'

We have tried using lztrim and trim.  So far, we have not had any success.  We had to build an Element Group COMPEMP with company and employee.

I would appreciate any ideas.

Thanks!
Deleted User
New Member
Posts: 0
New Member
8/27/2013 4:07 PM
Do you have a Grant All on PR89 and this rule on PR89.1?
ALB
Veteran Member
Posts: 132
Veteran Member
New Poster
New Poster
Congrats on posting!
Engaged Poster
Engaged Poster
Wow, you're on a roll!
Avid Poster
Avid Poster
Seriously, you're a posting maniac!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
8/27/2013 4:51 PM
I have grant all access on the application PDL, PR, and PR89.  I have conditional access on PR89.1 as originally posted so that an employee can only model his/her own information.  There is also file access.  We are not getting to the transaction.
Al
Basic Member
Posts: 17
Basic Member
New Poster
New Poster
Congrats on posting!
8/27/2013 5:17 PM
This works for us on PR89.1:

if(user.getCompany()==form.EMP_COMPANY&&user.getEmployeeId()==form.EMP_EMPLOYEE)
'ALL_ACCESS,'
else
'NO_ACCESS,'

Al
Deleted User
New Member
Posts: 0
New Member
8/27/2013 5:27 PM
AngelaC, your rule is identical to mine, and our Payment Modeling works fine.
ALB
Veteran Member
Posts: 132
Veteran Member
New Poster
New Poster
Congrats on posting!
Engaged Poster
Engaged Poster
Wow, you're on a roll!
Avid Poster
Avid Poster
Seriously, you're a posting maniac!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
8/27/2013 5:53 PM
I was trying to figure out if there is an issue with the element group.  It looks like there is not much to it.  I just has company and employee.  Which profiles do you have COMPEMP defined? 
Greg Moeller
Veteran Member
Posts: 1498
Veteran Member
MVP
MVP
You're an MVP!
New Poster
New Poster
Congrats on posting!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
8/27/2013 6:05 PM
I think COMPEMP needs to be defined in the same profile that the rule to PR89.1 is in.
Karen Beyer Goode
Basic Member
Posts: 4
Basic Member
8/27/2013 6:19 PM
do you have a rule written on your element group?

This is the rule on our COMPEMP element group and its assigned to the same profile where access to ESS resides.


if(user.getCompany()==lztrim(COMPANY)&&user.getEmployeeId()==lztrim(EMPLOYEE))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'
ALB
Veteran Member
Posts: 132
Veteran Member
New Poster
New Poster
Congrats on posting!
Engaged Poster
Engaged Poster
Wow, you're on a roll!
Avid Poster
Avid Poster
Seriously, you're a posting maniac!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
8/27/2013 7:13 PM
We have the rule on our group element. 

After seeing the responses, I suspected it had to do with our identity.  It appears to be due to putting leading zeros into the company on the identity for functionality for job reqs.