Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Need help troubleshooting a rule
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
chaoticist
Past 24 Hours:
2
Prev. 24 Hours:
0
Overall:
5185
People Online:
Visitors:
280
Members:
0
Total:
280
Online Now:
New Topics
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Infor ION
ION vs IPA
2/29/2024 1:24 AM
We had a person new to Lawson and Infor go to Info
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Need help troubleshooting a rule
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
John Costa
Veteran Member
Posts: 154
5/9/2012 6:16 PM
To all,
I need help understanding / troubleshooting a unique security issue.
In our LDAP schema, we've defined a custom attribute named Region. This attribute is defined as a 15-character string. The values are limited to the following:
CMS-HR
Corporate-HR
Cypress-HR
Manasquan-HR
Region-SW
Wichita-HR
In the Lawson Security Administrator, this Region attribute is then set for each employee in their RM record.
We are licensed for Employee Self-Service, LP - Absence Management, and TA - Event Management. In 2010, we converted from TA to LP. Since then, all employee Leave Balances are tracked in the LP module.
Here's where it gets interesting. I have a security class that is assigned to specifc HR employees. The purpose of this class is to limit the data those employees can see based on the Region attribute in their RM record. The rule for that class is as follows:
if(SystemCode=='AC')||isStructNodeTitleAbove('ClassDataStructure',PROCESS_LEVEL,user.getAttribute('Region'))){'ALL_ACCESS.'}else{'NO_ACCESS,'}
For some reason, any HR employee that has this class assigned to their role sees their PTO balance as it existed in the TA module at the time of the conversion. If I remove this class from their role, they then see their PTO balance as it currently exists in the LP module.
Can someone help me out in understanding why this rule limits Leave Balance access to the old information in the TA module and not the current information in the LP module?
John Henley
Senior Member
Posts: 3348
5/9/2012 6:46 PM
John,
Usually when I see that happen it is because the class has a securable object type (i.e. table or form) combined with a given system code/category. That combination results in all tables/forms being available for the entire system code. That would be the first thing I'd look at. See this article:
https://www.lawsonguru.co...cation-Security.aspx
You are not authorized to post a reply.