PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 01/27/2017 2:04 PM by  Jay2
Landmark security class
 5 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Jay2
Private
Private
Veteran Member
(166 points)
Veteran Member
Posts:74


Send Message:

--
12/05/2016 10:47 AM

    We have noticed some changes have happened in the security class InbasketUser_ST which has caused issues with users having access to certain businessclasses.

    The two that have come to our attention so far are as follows:
    Previous rules:

     PfiWorkunitFolder BusinessClass
    is accessible
    for all creates, all inquiries
    unconditionally

    PfiWorkunit BusinessClass
    is accessible
    for all creates, all inquiries
    unconditionally


    Changed to:

     PfiWorkunitFolder BusinessClass
    is accessible
    for all creates, all inquiries
    when (actor = AttachBy or (PfiWorkunit.PfiQueueTaskRel exists and PfiWorkunit.PfiQueueTaskRel.ActorHasInbasketAccess))

    PfiWorkunit BusinessClass
    is accessible
    for all inquiries
    when (actor = Actor or (PfiQueueTaskRel exists and PfiQueueTaskRel.ActorHasInbasketAccess))


    I am trying to understand how these new conditions work .

    Woozy
    Private
    Private
    Veteran Member
    (3469 points)
    Veteran Member
    Posts:701


    Send Message:

    --
    12/05/2016 11:05 AM
    Hi Jay2,

    What this appears to be saying is:

    - Users have Inquire and Create access to PfiWorkunitFolder but only if they "own" the PfiWorkUnitFolder (actor = AttachBy; i.e. they are the actor that created it) OR if they are assigned a task relating to that WorkUnit (PfiWorkunit.PfiQueueTaskRel exists) and have Inbasket Access to that task (PfiWorkunit.PfiQueueTaskRel.ActorHasInbasketAccess).

    - Users have Inquire-only access to PfiWorkUnit if they created the PfiWorkUnit (actor = Actor; current actor is the Actor who created the PfiWorkunit) OR if they are assigned a task relating to that WorkUnit and have Inbasket Access to that task.

    I hope this helps.
    Kelly
    Kelly Meade
    J. R. Simplot Company
    Boise, ID
    Woozy
    Private
    Private
    Veteran Member
    (3469 points)
    Veteran Member
    Posts:701


    Send Message:

    --
    12/05/2016 11:13 AM
    By the way, I don't seem to have PfiQueueTaskRel.ActorHasInbasketAccess on my system, so I can't tell you what it means. You must be on a later version of apps than I am. Sorry!

    If you have someone in your organization that has Application Configuration access to Config Console, they should be able to look up the logic for that field.
    Kelly Meade
    J. R. Simplot Company
    Boise, ID
    Jay2
    Private
    Private
    Veteran Member
    (166 points)
    Veteran Member
    Posts:74


    Send Message:

    --
    12/05/2016 1:11 PM
    Thanks Woozy

    That is very helpful and more than the Infor analyst could give me. I will work from there. I just need to find a way to verify this information.

    I think what it is going to come down to is to revert the rules back to the orignals.
    Woozy
    Private
    Private
    Veteran Member
    (3469 points)
    Veteran Member
    Posts:701


    Send Message:

    --
    12/05/2016 1:28 PM
    I hope you are able to figure it out.

    For what it's worth, since this is a *_ST security class (meaning it is a standard delivered class), I'm guessing you can't modify it. You'll probably have to clone it, modify the clone, and then change the security role to use the cloned security class instead of the original.

    I imagine you already know this, but just in case someone else wanders across this post.

    Good Luck!
    Kelly
    Kelly Meade
    J. R. Simplot Company
    Boise, ID
    Jay2
    Private
    Private
    Veteran Member
    (166 points)
    Veteran Member
    Posts:74


    Send Message:

    --
    01/27/2017 2:04 PM
    I just found out that this has been fixed in a later version.

    I am running 10.0.1.39
    You are not authorized to post a reply.