|
|
|
|
|
|
2 Replies and 26312 Views
RM Groups in Version 10 26312 2
Started by ALB
What is the version 10 equivalent of RM groups
|
|
|
|
2 |
26312 |
by ALB 2/12/2016 1:43 PM |
|
0 Replies and 2592 Views
Rules for DT0 2592 0
Started by Jay2
When writing rules against the DT0 section of a form ie. AP52.3, do I only need to apply the rule to the object type FLD or do should I also apply the rule to the object type HDN. The problem is when I run a UserSecurityReport in one of my test data areas the Object Info column reports the line as HDN - DT0, In my other test data area it reports it as HDN -AP52.3, when I am expecting it to report as HDN - AP52.3,AMI-AU-GROUP like it shows it in the security class.
|
|
|
|
0 |
2592 |
2/10/2016 3:02 PM |
|
1 Replies and 19820 Views
New DN error in Tivoli directory server 19820 1
Started by rkm210
i have created suffix through idsxcfg window and I am creating empty DN for lsf10 from TDS Web Administration tool ... got an error when trying to add new entry under directory management..
environment is TDS 6.3 and Red hat 6.
Error GLPWDM003E
An error occurred while adding entry cn=lsf,dc=company,dc=org : &91;LDAP: error code 65 - Object Class Violation&93;.
any help from community is appreciated..
|
|
|
|
1 |
19820 |
by Roger French2/10/2016 2:20 PM |
|
4 Replies and 8286 Views
LSDUMP/LSLOAD PROFILE 8286 4
Started by Jay2
I am running LSF 9.0.1.5 I ran lsdump -f uat.xml PROFILE UAT -addRoleMapping I then ran lsload PROFILE uat.xml -p INT -addRoleMapping Now the problem I see is Profile description in the Security Administrator tool show User Acceptance Testing, How do I go about changing it to Integrated Testing. Is there a way to change it through SSOCONFIG
|
|
|
|
4 |
8286 |
by Greg Moeller1/29/2016 4:35 PM |
|
1 Replies and 4294 Views
How to restrict peer to peer access within HR 4294 1
Started by Eric Morris
We have HR employees that need to see pay information as part of their jobs. However, we want to restrict them from seeing their coworker's pay who also work in HR.
Has anyone done this
Any solutions to how this can be done
Our desired result is to be able to do this directly in HR11 without creating a customized program that points to a restricted view, but we also have to take into account the performance issues that complex rules can somtimes cause.
Thanks in advance!
|
|
|
|
1 |
4294 |
by Kwane McNeal1/6/2016 8:05 PM |
|
2 Replies and 5448 Views
SSO login issue 5448 2
Started by Anishkumar
Hi all,
Greetings!!!
Please help in solving the below issue.I can able to understand that multiple identities are mapped to the lawson user but i dont know where to delete the mapped identities where i am unable to login to the SSO itself
C:\lsfdev>ssoconfig -c
No upgrade available for Version 1.2
&91;WARNING&93; Unable to retrieve security context!...
com.lawson.lawsec.authen.LSFSecurityAuthenException:There are more than one iden
tity 0 using this OS user LOCAL\lawson. Please ch...
|
|
|
|
2 |
5448 |
by JimY1/4/2016 4:29 PM |
|
3 Replies and 8242 Views
Lawson Security Administrator 10.0.1.0 8242 3
Started by Maureen Castor
I recently installed Lawson Security Administrator 10.0.1.0; however, when I attempted to launch the application, I received this error: ActiveX component can't create object. I've tried uninstalling and re-installing on two different PCs always with the same result. Infor directed me to KB article 1616661, which did not resolve the issue. Researching the error only yields info specific to MS Windows applications; however, some of the information is leading me to the suspicion ...
|
|
|
|
3 |
8242 |
by Maureen Castor12/8/2015 1:23 PM |
|
4 Replies and 4724 Views
Security Class Rules - table grey color 4724 4
Started by Karen Ploof
I know green is full access, red is no access and blue is conditional. Never saw a table completely greyed out.
|
|
|
|
4 |
4724 |
by Greg Moeller12/4/2015 9:33 PM |
|
3 Replies and 4561 Views
ISS and email addresses 4561 3
Started by JLeonard
We've recently upgraded from LAUA to Lawson Security, and we're processing our new users via the loadusers utility and then syncing them. For the most part, this is going very well (thankfully!)--but it's not syncing the email address to LTM, though it's there in ISS and syncs to LSA. I thought/hoped it would update LTM as well, since that's where we really need it. (It does update the roles and other information, just not the email address.) Is this normal Do...
|
|
|
|
3 |
4561 |
by Peter O10/28/2015 5:57 PM |
|
1 Replies and 4167 Views
privuser 4167 1
Started by Lawson Moose
We're on 9.0.1.1, UNIX platform. Here and there we have a user name of 'privuser' show up on reports, Personnel Actions, various things. But we need to find out the actual user behind these cases. Can someone give an explanation of the origin of privuser, and any handling/investigation process that would help us We have no idea where this is coming from.
|
|
|
|
1 |
4167 |
by Kwane McNeal10/23/2015 4:41 PM |
|
1 Replies and 4052 Views
ESS forms accessed by FN/SC Users 4052 1
Started by Peter Maynard
Has anyone found a way to keep Finance and Supply Chain users from accessing ESS forms from the search box Forms like the HR11, PR12, etc.
|
|
|
|
1 |
4052 |
by Tim Cochrane10/21/2015 1:49 PM |
|
0 Replies and 2217 Views
Global limitation by vendor class 2217 0
Started by CMNew
If I want to do a global limitation by vendor class, can I (a) do it at the element level or (b) table level APVENMAST - or do I need to limit multiple tables or (c) do I need to do it at the form level also. It seems to be working by just doing it at the table APVENMAST level on Inquiry security classes but perhaps I am overlooking something. Can anybody point me to a good document outlining advanced security rules
|
|
|
|
0 |
2217 |
10/19/2015 4:49 PM |
|
0 Replies and 2459 Views
Global limitation by vendor class 2459 0
Started by CMNew
If I want to do a global limitation by vendor class, can I (a) do it at the element level or (b) table level APVENMAST - or do I need to limit multiple tables or (c) do I need to do it at the form level also. It seems to be working by just doing it at the table APVENMAST level on Inquiry security classes but perhaps I am overlooking something. Can anybody point me to a good document outlining advanced security rules
|
|
|
|
0 |
2459 |
10/19/2015 4:49 PM |
|
2 Replies and 5329 Views
ldifgen returning zero byte file 5329 2
Started by Chad Dirst
While running the ldifgen command using the XmlToDataLdif option I am receiving a zero byte file. I am running this command to convert our XML data file to an ldif format.
I have successfully run this command in the past without issue, however, it is now not returning any results.
The syntax for the command that I am using is:
ldifgen XmlToDataLdif -f /tmp/sourceldapfile.ldif /tmp/sourcexmldata.xml
The above command is returning zero byte for for /tmp/sourceldapfile.ldif.
...
|
|
|
|
2 |
5329 |
by This_Guy10/8/2015 7:35 PM |
|
4 Replies and 5509 Views
Read-only access to LSA 5509 4
Started by Deleted User
Hi,
Wondering if anyone out there has had success with setting up a read-only view of LSA
We have some functional superusers that would like to be able to use the tool to view attributes of users in their department but don't want/need to change anything.
So far, I've had **some** sucess in that I created the following roles:
- ADM Profile - set up one security class (SuperInquiry) with Deny All for all objects except SERVER. For SERVER I have I and InqTypeRole. (otherwise you can't...
|
|
|
|
4 |
5509 |
by Deleted User9/25/2015 4:08 PM |
|
1 Replies and 4183 Views
Block users from seeing data related to certain AP Vendor Types 4183 1
Started by mikefortuna
I have an AP vendor class of 'ETE'. I am trying to block users from seeing vendors of this class on AP10, but also any invoices for these vendors on AP90 or any other screen where they might find this. I am trying to be able to do this with one global rule.
I tried setting on the Element VEN-CLASS:
if(VEN_CLASS=='ETE')
'NO_ACCESS,'
else
'ALL_ACCESS,'
This doesn't do anything for me.
I can set the rule on AP10 and block those vend...
|
|
|
|
1 |
4183 |
by GregSl9/18/2015 2:35 PM |
|
1 Replies and 3975 Views
LSF9 security logs 3975 1
Started by MBCI
I need to know the path containing the security logs for LSF9 on iSeries to track down an access issue . Can anyone help me with this
|
|
|
|
1 |
3975 |
by JimY9/4/2015 9:43 AM |
|
4 Replies and 4547 Views
Renaming user ID's 4547 4
Started by Ricardo
Does any one know how to rename (change ID and carry over its history) accounts in LSF9 (LAUA) MSS and ESS access Is it possible Where does this takeplace
|
|
|
|
4 |
4547 |
by Greg Moeller9/2/2015 3:50 PM |
|
1 Replies and 3818 Views
LSA Security - RQ10 3818 1
Started by SheilaClark
Currently in RQ10, the user logged into Lawson can enter any requester's ID and submit an order. How do I restrict the RQ10 to only accept the requester ID for the user logged into Lawson Our requester ID's are the same as the user ID's.
|
|
|
|
1 |
3818 |
by Kat V9/1/2015 5:18 PM |
|
0 Replies and 2435 Views
compare AD to HR11 termed users 2435 0
Started by Jared Lytle
We are attempting to do some clean up in Lawson Security / Active Directory.
I don't have much experience with querying against AD or ATOMS in LDAP, but has anyone developed a sql query that allows visibility of users that have been termed in HR11 in the last 30 days then compare that to any LDAP information so we can display what AD accounts should be inactivated
Currently, we use a manual process in which we take a similar query below and security manually inactivates users in ActiveDirecto...
|
|
|
|
0 |
2435 |
8/19/2015 8:22 PM |
|
17 Replies and 11542 Views
ldusers.pl - script to convert .csv file into .xml file for loadusers 11542 17
Started by Anya
Hello! We've been given (by Lawson consultant, who no longer works with us)&160;a Perl script to convert .csv file into .xml file to mass-load users into ADAM with loadusers routine. It worked fine on 9.0.2 platform, but on 9.0.3 one, the loadusers chocked because it seems like one of the field names changed - from 'Firstname' to 'FirstName'. It's no big deal to tweak the Perl script, but I was wondering if there was a place this script is maintained and can be downloaded from
Thanks!
|
|
|
|
17 |
11542 |
by xxxxxttysfh8/12/2015 6:36 PM |
|
2 Replies and 3995 Views
Way to see what security classes have certain token granted? 3995 2
Started by Ronnie
We have tons of security classes in our security. Instead of going and browsing each one, is there a way or report to run where I can see which security classes have access granted to a certain form token I am looking for instead of going through each one
|
|
|
|
2 |
3995 |
by Ronnie8/12/2015 1:16 PM |
|
1 Replies and 5473 Views
LSA Security 5473 1
Started by GalionGal
In our non-production environment, our security administrators noticed LSA security was turned off. They turned it on and noticed that they could not update security as the fields contained asterisks. The security administrators have the SuperAdminRole which has the AllRMAccess and AllADMAccess security classes. The role and the security classes look like production. Security reports can be kicked off but do not run even with the lawson user ID when security is on. ...
|
|
|
|
1 |
5473 |
by Brian Allen7/31/2015 4:24 PM |
|
0 Replies and 2571 Views
Renaming user ID's 2571 0
Started by Ricardo
Does any one know how to rename (change ID and carry over its history) accounts in LSF9 (LAUA) MSS and ESS access Is it possible Where does this takeplace
|
|
|
|
0 |
2571 |
7/15/2015 7:02 PM |
|
2 Replies and 4997 Views
LSA tables for creating a report 4997 2
Started by Kate Liamero
I want to create a security report to see which users are active along with their email , who has add-ins, the RMID, SSOP id and requester name. I need info from all 3 segments RM, Identities and Environment. Can anyone tell me what tables I need
Thanks Kate
|
|
|
|
2 |
4997 |
by Greg Moeller5/29/2015 1:26 PM |
|
|
3 |
4566 |
by Greg Moeller5/18/2015 3:42 PM |
|
1 Replies and 4477 Views
GL45 conditional rule for HOLD_CODE 4477 1
Started by Alex Shklovsky
Hello everyone
I'm trying to write a conditional rule for GL45 to allow user change one hold code, but no change if attempts to change other hold codes.
Getting a security violation message on a hold code that should be accessible based on my rule. Would you guys advise on what am I doing wrong
trim(getDBField('GLCONTROL','HOLD_CODE',form.GLC_COMPANY,form.GLC_FISCAL_YEAR,form.GLC_ACCT_PERIOD,form.AB_GLC_SYSTEM,form.AB_GLC_JE_TYPE,form.AB_GLC_CONTROL_GROUP,form.AB_...
|
|
|
|
1 |
4477 |
by Alex Shklovsky5/8/2015 7:39 PM |
|
0 Replies and 2771 Views
Security Role access to PDLs 2771 0
Started by Xin Li
I have two PDLs under one environment. How do I create a role and assigned to user so that user will have access to both PDLs
Thanks in advance.
|
|
|
|
0 |
2771 |
5/1/2015 7:57 PM |
|
0 Replies and 2986 Views
GL45 conditional rule for Hold-code 2986 0
Started by Alex Shklovsky
Posted earlier a conditional rule for a hold_code in GL45. Is it possible to get one working using getDBfield function in multi line form like GL45 What might be other approach to accomplish it with a conditional rule. Any ideas Thanks Alex
|
|
|
|
0 |
2986 |
4/30/2015 10:55 AM |
|
|
1 |
3782 |
by xxxxxttysfh4/26/2015 3:51 PM |
|
|
2 |
3822 |
by Kyric4/5/2015 3:07 PM |
|
0 Replies and 2776 Views
Lawson Security Reports 2776 0
Started by Daniel
I am trying to run an attribute report in Lawson Security that needs to include criteria for an attribute(Role) that is blank. I cannot seem to come up with a criteria within Lawson Security reports that will allow me to exclude users with their 'role' attribute blank. I am trying to create a query that will allow me to update just the users with a particular 'portal role' but their 'role' cannot be 'blank'. I am using the 'is not' function within the report. Any help is appreciated.
|
|
|
|
0 |
2776 |
3/24/2015 2:45 PM |
|
4 Replies and 4648 Views
Lawson Security changes not taking effect 4648 4
Started by Shaun C
We just upgraded to Lawson 10.0.6 and when I add or take away a ROLE in ISS it doesn't seem to be taking affect. I cleared IOS cache and the server cache in LSA. I've had it sit all night and in the morning still not in effect. Once I bounce WAS then it finally will take and work. I'm at a lost at this point. The ROLE is showing in both ISS and LSA and ran a report in LSA and it also shows the ROLE is attached to user. Then you go into Portal can't access form...
|
|
|
|
4 |
4648 |
by Jimmy Chiu3/24/2015 12:13 PM |
|
24 Replies and 12790 Views
Batch Jobs 12790 24
Started by KerriR
Does anyone have the exact setups that are needed to allow users to submit batch jobs&160; We are using LS9 and some of our users are getting 'security violation' errors when trying to inquire on their jobs (HR170, PR260, PA490 are some examples).&160; If they wait about 10 minutes, they can then inquire and run the job without any problem.&160; I find this very interesting because in my mind, security is either on or off, there's no in between.&160; So why would it NOT work one minute but ...
|
|
|
|
24 |
12790 |
by randys3/20/2015 2:54 PM |
|
3 Replies and 5163 Views
Printers in Portal and LS Security 5163 3
Started by Roger French
I'm doing some work with printer issues in Lawson portal. Some users are using LS Security and when they're in Portal and running jobs such as CU201, when they actually want to print the report, the report shows up in print manager find, and it displays fine on screen, but when they want to send to printer and click on the drop down of the Printer field to list all of the printers, NO printers appear.
These users DO have the BatchRole in their LS Security. I've checked the BatchRole for...
|
|
|
|
3 |
5163 |
by Dave Amen3/19/2015 10:39 PM |
|
1 Replies and 2934 Views
Prevent User from submitting more than 2 jobs 2934 1
Started by Gina
When multiple PR295 jobs are submitted one right after the other, it forces other users jobs into a waiting status. This creates issues when we are trying to peform the ACH Payment cycle. Is there a way that we can prevent a specific user from submitting more than 2 jobs at a time
|
|
|
|
1 |
2934 |
by Jimmy Chiu3/4/2015 7:52 PM |
|
2 Replies and 2753 Views
Don't allow drill around but allow search 2753 2
Started by Nancy
We want to allow some users access to PA22 but do not want to have access to drill around.
The only problem I am having is with the employee table. The users still need to be able to use the search to find the correct employee by name.
Do I have to go into each field on the employee table and deny access to it except for the employee number, and name fields to allow them to search
Any help would be appreciated. Thanks.
|
|
|
|
2 |
2753 |
by Nancy3/3/2015 7:28 PM |
|
2 Replies and 2959 Views
Prohibit Job Submission 2959 2
Started by Gina
Hello,
I am looking for a way to prohibit IT Support Users from submitting batch jobs in the production environment. These users still need the ability to view job queues and manage jobs submitted by others. They also need to be authorized to the programs so that they can setup or maintain job defintions and job schedules (recdef). But just not submit any jobs themselves. I have tried denying them access to the job queues, but that was too restrictive as they could not e...
|
|
|
|
2 |
2959 |
by Ari2/18/2015 12:34 AM |
|
5 Replies and 4362 Views
Setting an account for Lawson Security Admin access 4362 5
Started by Ronnie
OK,
So we have 1 account we usually use for just all open access for all lawson. So we usually use this account to create accounts in lawson security.
Things are changing. We now have a few employees who may need to create user accounts in Lawson Security Admin. With this said....I am not sure what all I need to set role wise etc for a user to just be able to use Lawson Security Admin application.
|
|
|
|
5 |
4362 |
by Brian Allen2/13/2015 1:29 PM |
|
0 Replies and 2966 Views
lsdump/lsload 2966 0
Started by TJ Mann
lsdump all 172 roles - took about 15 mins.
lsload -o all 172 roles - took 17 hours.
anyone uses lsdump/lsload on Roles
i normally use lsdump/lsload only Profile, and it goes much faster.
|
|
|
|
0 |
2966 |
2/3/2015 11:36 AM |
|
0 Replies and 2465 Views
HREMP element Group 2465 0
Started by Garry Ferwerda
We have had our back office users on LS9 security for a while and we are now implememting EMS security. We also have multiple accounts, one for back office and one for EMS that we planning to combine (eliminate the back office login). We use the HREMP Element group to enforce record level security in the HR modules. We have discovered that for a certain subset of HR employees that they cannot access their own information in EMS once the EMS and back office roles are applied to ...
|
|
|
|
0 |
2465 |
2/2/2015 7:09 PM |
|
4 Replies and 5185 Views
Copy User's Jobs When Deleting User 5185 4
Started by Kyle Jorgensen
When you delete a user from security it gives you the option to copy the user's jobs to another user.
We've found that when we do this the jobs do copy but if the 'departing' user's job had any setup in jobdef (file distribution, csv attributes, etc) the job that gets created for the 'receiving' user is missing all of the jobdef setup.
Are we doing something wrong, or is this just how it works (which is lousy)
|
|
|
|
4 |
5185 |
by Scott Perrier2/2/2015 2:38 PM |
|
6 Replies and 3696 Views
Securing AP 90 by Acct Unit 3696 6
Started by Carla Ferrari
We are trying to secure AP90 by users' accounting units, using the RM attribut AccountingUnitControl. Tried writing a rule against APDISTRIB, DIS-ACCT-UNIT file using
getDBfield, with no luck. Has anyone else tried to secure this form
|
|
|
|
6 |
3696 |
by Karen Beyer Goode1/31/2015 11:24 PM |
|
0 Replies and 2363 Views
PROCLEVEL and 9.01 security 2363 0
Started by MC
We recently upgraded to 9.01.9 and we are now experiencing a issue if we have more than 1 process level in the RM ProcessLevelControl field. We are only using this with ESS/MSS to prevent managers from selecting department(s) etc that they do not have access to from within Personnel actions.
We are using the PROCLEVEL element group and did not change our definition during the upgrade.
We have a few mgrs. that have emps in more than 1 process level. Prior to this...
|
|
|
|
0 |
2363 |
1/19/2015 8:52 PM |
|
5 Replies and 3217 Views
MSS and ProcessLevelControl 3217 5
Started by MC
We have placed a custom rule, then an role in RM for MSS users. This custom rule is checking the PROCESSLEVELCONTROL feature in RM. The goal was when the manager would create a personal action they would only be able to select the departments that are in the specific process level...Works like a charm for fields like Department (only shows the departments that the mgr has access to). The problem is the Expense Account / Sub Account and activity. when we have the rule for ...
|
|
|
|
5 |
3217 |
by MC1/15/2015 5:11 PM |
|
6 Replies and 6113 Views
LSF9 Security & Distribution Lists 6113 6
Started by Greg Moeller
Hi everyone! Where do I find my LAUA distribution groups in LSF9 security I've been looking for several hours now, but can only find a way to secure printers and job queues. We have lots of distribution groups created that the users still want to have access to, but I cannot find where they are at in order to add them to an appropriate security class. Thanks in advance, -Greg
|
|
|
|
6 |
6113 |
by Greg Moeller1/12/2015 7:27 PM |
|
11 Replies and 3735 Views
Needing help locking down drill screens 3735 11
Started by Ronnie
We are in the process of implementing our infor 10 system. We are currently on Lawson 9 and have been now since 2008. HR has just noticed during implementation that managers can potentially go to PA42 and drill around and see info they should not see.
The way they can do this is by getting a job requisition workunit in their inbasket to approve or deny. Inside of the details for that workunit there is a related links screen which takes them to the form where they can see info on the requisition...
|
|
|
|
11 |
3735 |
by KatieW1/6/2015 9:53 PM |
|
0 Replies and 2894 Views
Set form access to Read Only for all forms 2894 0
Started by Jon Gustafson
I just found out from an audit that we have two users that are Business Analysts and they need to have read only access to the forms in production. They have every security class assigned to them, so I am really hoping that I do not have to create a hundred new security classes with read only access.
Is there a way that I can globally grant them read only access to all forms in a productline or environment
Jon Gustafson
|
|
|
|
0 |
2894 |
12/29/2014 7:36 PM |
|
0 Replies and 2803 Views
LSA Report 2803 0
Started by This_Guy
I was hoping someone can help me figure out how to develop a report in LSA that will show the audit history for a specific person that has access to the LSA tools, when they accessed, add/changed/modified a record, date stamps, etc..
We were told by a consultant that we can certainly design this report to help audit who is accessing LSA. Anyone
|
|
|
|
0 |
2803 |
12/18/2014 7:32 PM |
|
4 Replies and 5140 Views
RM Viewing Role 5140 4
Started by trueblueg8tor
I'm trying to create a role for Viewing RM only. I created a Role called 'RmView' and security class called 'RMView'. In the security class, I granted unconditional 'Inquire' access to everything. Even after I attach the security class to the role and the role to the user I'm unable to log into Lawson Security Administrator. How can I test my role with giving 'SuperAdminRole'
|
|
|
|
4 |
5140 |
by trueblueg8tor12/4/2014 5:57 PM |
|
19 Replies and 4258 Views
Two security classes one allows the other does not 4258 19
Started by JimY
Hello,
&160;&160;&160;&160; I have two security classes.&160; One class is set up for requisitioners and the second is for people who will approve requisitions.&160; The first one restricts access to RQ12 and RQ13 the second one allows.&160; When I login with the user set up for requisition approval I get access denied for RQ12 and Rq13.&160; Obviously I am doing something wrong.&160; How do I set up security classes with in the same application (RQ) that restrict forms for some, but a...
|
|
|
|
19 |
4258 |
by cwelford12/2/2014 6:02 PM |
|
8 Replies and 13781 Views
Hide/show on Form 13781 8
Started by PV Rajan
Hi:
Is it possible to show/hide a field on Lawson Portal based on the RD30 Record . E.g I want to hide the field 'Process Level' on AP20 form to some ids while it shall be displayed for others. If yes, how to do this. Thanks in advance!
|
|
|
|
8 |
13781 |
by Mark F. Hardy11/24/2014 3:41 PM |
|
3 Replies and 4135 Views
Mass Add/Remove a Role in Lawson Security 4135 3
Started by MCordero
Is it possible to mass remove a role in Lawson Security We have over 3500 users that have it and only about 50 or so should.
|
|
|
|
3 |
4135 |
by MCordero11/13/2014 2:19 PM |
|
|
2 |
2687 |
by Al11/12/2014 12:46 PM |
|
3 Replies and 2875 Views
User Attribute for ADDINS on V8 iSeries 2875 3
Started by Ron Swanson
Lawson V8.1, iSeries, off support. Original support staff long gone.
I have limited knowledge of Lawson, though very familiar with iSeries.
Need to add authority for new user to access ADDINS for Office. I have limited knowledge of security admin, but have defined new users and assigned to groups.
ADDINS and User Config manuals (Windows and Unix - no iSeries versions around) refer to an Attribute to assign. Have searched through documents, screens, tables and just can'...
|
|
|
|
3 |
2875 |
by Ron Swanson10/15/2014 4:00 PM |
|
0 Replies and 3047 Views
Infor's 30 character limit for domain\userid 3047 0
Started by imjulian
Because of Infor 10 on windows has a 30-character limit on domain\userid field, this is causing issues for users whose domain\userid exceeds the 30-character limit.
Infor support's advice is to reduce the domain name characters. Any one has any other suggestions because reducing the domain name is not an option for us.
Thanks,
|
|
|
|
0 |
3047 |
10/15/2014 1:23 PM |
|
2 Replies and 3066 Views
LSF9 report 3066 2
Started by TJ Mann
if i double post, please accept my apology.
i'd like to write a report to get:
SecClassName AttrType ObjName Access
APINQUIRE TKN AP10.1 P,I,N
ACINQUIRE GPM &...
|
|
|
|
2 |
3066 |
by TJ Mann9/18/2014 9:40 PM |
|
|
0 |
2642 |
9/15/2014 5:59 PM |
|
0 Replies and 2625 Views
Structure 2625 0
Started by Xin Li
Is it possible and how to create structure in such a way that two nodes inherit same node below
|
|
|
|
0 |
2625 |
9/3/2014 3:25 PM |
|
1 Replies and 2691 Views
Securing Jobs and Print manager 2691 1
Started by Deleted User
We have a role built that successfully prevents users from seeing another user jobs...But we still need to prevent a user from deleting their own jobs or jobs in 'needs recovery'...this is the security class we have built.
|
|
|
|
1 |
2691 |
by Kate Liamero8/19/2014 4:21 PM |
|
1 Replies and 2473 Views
LS9 File Security 2473 1
Started by Bob S
In order to use forms we need to provide access to the files obviously. Our initial idea was to provide all files needed for the area the user was in (HR needs HR, BN, PR,PA, etc). The issue is that we have quite a few users with add-ins. Are we opening ourselves to issues with Add-in queries allowing indirect access to data we might want secured The upload wizard uses the forms that the user is restricted to, but query seems to provide access to any file they have acces...
|
|
|
|
1 |
2473 |
by Carl.Seay8/1/2014 1:17 PM |
|
2 Replies and 2605 Views
LS9 CheckLS madatory with 10.x 2605 2
Started by Mark F. Hardy
I came across an article of July 9, 2013 on lawsonguru.com regarding LS will now become mandatory () with 10.x . It mentioned having to create a new security class allowing all access and applying it to our SysAdmin users. Currently our Admin users have LS = NO and assigned a role named SUPERADMINROLE. Not sure if turning LS on once we go to 10.x will limit them too much as I unsure what this role contains. I cannot find the article; anyone remember this articl...
|
|
|
|
2 |
2605 |
by Mark F. Hardy7/31/2014 3:04 PM |
|
0 Replies and 2492 Views
Data Security for HR170 2492 0
Started by Rick Pearl
We are trying to limit the results of the HR170 rport to specific departments. We have several departments per process level and would like to further limit the department. For Process Level x, we have departments x, y and z. would like the report to only contain department y. When a user runs HR170, the PROCLEVEL element group limits the data in the report to Process Level x but contains all three departments.
I've written rules on the DEPTCODE table so the Department dro...
|
|
|
|
0 |
2492 |
7/29/2014 4:52 PM |
|
7 Replies and 6597 Views
LSF vs LAUA security 6597 7
Started by Greg Moeller
When setting up a job in LID, you have the option for option C (CSV File Attributes)
Is this available using the new LSF&160;security, and if so, how do I get there
Thanks in advance,
-Greg
|
|
|
|
7 |
6597 |
by John Henley6/27/2014 11:02 AM |
|
4 Replies and 2957 Views
Securing PA52 selections. 2957 4
Started by Jay2
In S3 portal I have secured the file GLNAMES so that agency users can only select from account unit within their own process level.
Now we are using PA52 to change expense data for an employee.
We have an action called Exp-Data that was defined in PA50 using the topic E2 - Pay Distribution. One of the fields we have selected is Expense Acct Unit. When an agency user uses this action in PA52 and clicks on the arrow next to this field it opens HRSC.1 and it shows all the Account ...
|
|
|
|
4 |
2957 |
by Jay26/6/2014 5:54 PM |
|
1 Replies and 2583 Views
Inadvertent deletion of SSO HTTP Endpoint 2583 1
Started by Rick Morrison
I inadvertently deleted an SSO http endpoint BEFORE removing it from an http endpoint group. Now, when I try to do anything with http endpoint groups I get the following error in ssoconfig:
Got exception: com.lawson.lawsec.authen.LSFSecurityAuthenException:Got exception while listHTTPEndPointGroup for Error when listing all HTTP Endpoint Group in LDAP. Message {2}.
Stack Trace : com.lawson.lawsec.authen.LSFSecurityAuthenException:Got exception while listHTTPEndPointGroup for Error when...
|
|
|
|
1 |
2583 |
by Kwane McNeal6/4/2014 2:38 PM |
|
1 Replies and 3624 Views
Lawson Desktop Client Logon LAUA 3624 1
Started by Kenny
Hello,
I am having an issue running the LAUA function in the form transfer section of the Lawson Desktop client logon, after typing in the function into the Menu ID, I receive an operation time out error. Can someone please assist
|
|
|
|
1 |
3624 |
by Ragu Raghavan5/6/2014 9:12 PM |
|
0 Replies and 2203 Views
Restricting access to a S3 Form in Smart office only 2203 0
Started by L G
Is it possible to restrict access to a S3 Form in Smart Office only while allowing users access to the form in Portal
Basically we have some Design Studio mods to a custom form that all users access.
However Smart Office does not apply the customizations and is only available to power users. Is it possible to remove access to the Form from smart office while not impacting the DS access for that form
|
|
|
|
0 |
2203 |
4/2/2014 2:04 PM |
|
0 Replies and 2185 Views
Adding users 2185 0
Started by aashoks2002
Hello All, I want to integrate 'user information' from external applications to LAWSON erp. What are the ways in which I can achieve it. PS: I am new to LAWSON ERP. Please let me know if it can be done via api/some app/inserts into db. Thanks in advance. Ashok
|
|
|
|
0 |
2185 |
3/21/2014 6:35 PM |
|
2 Replies and 2475 Views
Dumb Question - But 2475 2
Started by Deleted User
What language does Lawson Security use , is it in Java
|
|
|
|
2 |
2475 |
by Deleted User3/18/2014 2:32 PM |
|
5 Replies and 2578 Views
SecAdmin doesn't recognize new form on existing program 2578 5
Started by Woozy
Hi All,
We have a custom program (ZS31) that has been in-place for some time. Recently we added a new form (ZS31.2) to the program. In our DEV environment, we were able to add security to the new form using SecAdmin without any issues. However, when it was promoted to PROD, the new form does not appear in SecAdmin.
I've confirmed that the form is in tokendef, pgmdef, and laua (for the right security class) in PROD. I've recompiled the program, ran srgen and scrgen, ...
|
|
|
|
5 |
2578 |
by Woozy3/11/2014 5:17 PM |
|
4 Replies and 4218 Views
Prevent Users From Deleting Jobs In Job Scheduler 4218 4
Started by Jeremy
I'm being told by our security team that you can't give access to Job Scheduler and prevent users from deleting a job that is in 'Needs Recovery.'
I did some very basic LSA work a while back and I thought this was an option. I no longer do this work, but if possibly, I'd like to pass along to our team how to do this.
Is it possible to simply take away the 'delete' option
Thank you!
Version is 9.0.1.11 I believe.
|
|
|
|
4 |
4218 |
by Gina2/26/2014 3:08 PM |
|
3 Replies and 2593 Views
LS9 file associations - advice needed on a faster method 2593 3
Started by Bob Heitzman
We are spending a lot of time on our LS9 project identifying file associations and are looking for some advice - here are our questions:
1. What is the process you use to determine which files are needed for LS9 security classes &91;Note: We are looking for a 'faster way to determine the files needed' - we know how to manually go through each form and one by one identify the file associations. Anyone figure out a way to dump this information out&93; This is our biggest need as ...
|
|
|
|
3 |
2593 |
by Bob Heitzman2/20/2014 10:39 PM |
|
2 Replies and 2666 Views
Need Report of All users with Access to RQ10 2666 2
Started by Wanda
We are on Lawson 9.01 and use LAUA and LSF9 security. We are in desperate need of a list of users that have access to a specific screen in Lawson, RQ10. Can any of you help me
|
|
|
|
2 |
2666 |
by Deborah Griffin2/19/2014 6:24 PM |
|
2 Replies and 5739 Views
LS9 'Security Accelerator' templates 5739 2
Started by Kirk
Looking for folks who have used LS9 Accelerator templates, who would be willing to share their experience with them. I have several questions, actually; so I won't try to list them all right now. Wondering if anyone who has experience with them might be willing to chat, via phone call If not, perhaps we can just dialogue here.
We are located in Winston-Salem, NC; we have approx. 1,000 Lawson financial users, with about 100 laua-defined Security ...
|
|
|
|
2 |
5739 |
by Kirk2/18/2014 4:52 PM |
|
0 Replies and 2439 Views
Delete delivered LSF9 security classes and roles 2439 0
Started by JudeBac
We are about to move from LAUA to LS9. I noticed that there are Lawson delivered security classes. There seems to be no way to rename them.
Has anyone deleted all Lawson security classes before adding your company security classes
Thanks,
Jude
|
|
|
|
0 |
2439 |
2/10/2014 5:27 PM |
|
1 Replies and 2579 Views
secload -o experience? 2579 1
Started by Stan Thiemann
We're migrating platforms and environment release levels (Win03 -> Win08 & Env 9.0.1.5 -> Env 9.0.1.11). The process of loading, configuring, and testing the new production environment will last about 6 weeks. Secload was used initially to enable testing, but I'm thinking about the best way to load the latest LAUA security changes from current production to the new environment. If we opt to continue processing security change requests in production (including new and t...
|
|
|
|
1 |
2579 |
by TJ Mann1/30/2014 1:34 PM |
|
1 Replies and 2829 Views
Read Only Access for LSA tool? 2829 1
Started by Gina
We want to be able to give a few users Read Only Access to the data in Lawson Security Administrator. Is there a way to do this
|
|
|
|
1 |
2829 |
by Gina1/15/2014 7:58 PM |
|
0 Replies and 2117 Views
ProcessLevelControl issue after LSF 9.0.1.10 patches 2117 0
Started by Deleted User
We applied some LSF patches to our 9.01.10 and after that have problems with PR36. Customers can add the form, but if they try to add a new line to an existing form it's like the keyboard isn't working any more, they can't type anything onto the new line. I found that removing the Security Class on the PROCLEVEL element group solves the problem, but of course we can't do that. Has anyone found this problem and solved it
|
|
|
|
0 |
2117 |
12/26/2013 7:12 PM |
|
1 Replies and 2806 Views
SSOPV2_LDAP_BIND - change to secure port? 2806 1
Started by Sam Adams
Lawson 10 environment here, not yet in production. We have ldap bind set up to AD, which was was done by consultants.
I'm curious how one changes it to be a secure connection I could be wrong, but based on my experience to date, I can't imagine that the system will know that changing the port to 3269 means to switch to secure ldap automatically. I'm not planning on doing this along, but I heard through the grapevine that the consultant said it's not recommended to go that r...
|
|
|
|
1 |
2806 |
by Alex Tsekhansky12/22/2013 10:01 PM |
|
0 Replies and 2387 Views
Tip: Schema changes and Process Flow Integrator 2387 0
Started by David Britton
I recently added 2 new attributes (secLevel and secLocation) to the People schema using the Lawson Schema Editor.
I ran ldifgen and ldifde to load the changes into LDAP as outlined in the Lawson Administration: Resources and Security manual.
I then stopped and started the Security Server as instructed.
The new attributes showed up in the Security Administrator forms but did not show up in the Process Flow Resource Update build menu.
I then stopped and started all of the ...
|
|
|
|
0 |
2387 |
12/12/2013 2:24 PM |
|
9 Replies and 4208 Views
Securing Development Utilities LSF9 Security 4208 9
Started by ALB
We are moving to Lawson 9 security. We have run into a couple issues with utilities and menus used for development. We are getting security violations for tmcontrol, but I do not see were it is located. Also, we gave access to laenv and latools, but we receive the message 'LAPM Does Not Support LS Users.' How do we get around this
|
|
|
|
9 |
4208 |
by Greg Moeller12/5/2013 2:27 PM |
|
2 Replies and 2469 Views
LSF9 Upgrade from LAUA 2469 2
Started by dstallma
We are planning to upgrade to LSF9 next year. Can you give me an estimate of how many professional service hours might be needed
|
|
|
|
2 |
2469 |
by Kwane McNeal11/27/2013 3:59 AM |
|
1 Replies and 2687 Views
Prevent Role Access to Administrative Users 2687 1
Started by mikefortuna
We are creating a role for our Help Desk so that they can assign roles to users. They are restricted from doing other things such as creating or modifying classes and roles.
Is there a way to prevent them from being able to assign certain roles For example, the SuperAdminRole is restricted to only a few administrators. We do not want the Help Desk to be able to assign this role to anyone, or give themselves access to that role.
|
|
|
|
1 |
2687 |
by Brian Allen11/18/2013 5:58 PM |
|
4 Replies and 2833 Views
Securing User Jobs using LS Security 2833 4
Started by Roger French
Has anyone successfully put in a security rule or process to allow a user to see his/her own jobs ONLY (and no one else's) in Job Scheduler This is using LS Security, NOT LAUA.
This is for v 10.0.x and also v9.0.1
I've put in the rule in the UserName element in the Batch class which is part of the GEN security profile:
if(UserName==user.getHostServiceId()||isMemberOf('BatchUsers',UserName))
'ALL_ACCESS,'
else
'NO_ACCESS,'
CheckLS=Yes for all users; sec...
|
|
|
|
4 |
2833 |
by Kwane McNeal10/16/2013 3:00 PM |
|
0 Replies and 2326 Views
Blocking Vendors of a certain class 2326 0
Started by mikefortuna
I am trying to block users from seeing vendors of a certain class, and invoices and other information related to those vendors.
As an example, I am using on APVENMAST if(trim(table.VEN_CLASS)=='PT')
and on element VEN_CLASS if(VEN_CLASS=='PT')
This is good if I am using the Inquire button, but Next and Previous let me get to vendors that I don't want to see.
Also, I want to block this vendor class system-wide. If I run something like AP230, I get invoices ...
|
|
|
|
0 |
2326 |
10/4/2013 7:15 PM |
|
0 Replies and 2460 Views
LSF 9 security for AC 2460 0
Started by EricS
Folks,
I'm hoping someone can help with this one. I'm working with LSF 9.0.1.10 security administration. I'm trying to define AC40 and AC45 security so that a user will not be able to release their own transactions. There is a nice example of how to do this in GL in 'Implementing Lawson Security'. I'm afraid I'm stumped by AC. Has someone done this successfully that would mind sharing the solution Thanks in advance for any time ...
|
|
|
|
0 |
2460 |
9/26/2013 12:52 PM |
|
1 Replies and 2445 Views
Loading Nodes to an existing Security Structure 2445 1
Started by Chad Dirst
We have a fairly large Security Structure and there are plans to add hundreds of additional nodes.
I have dumped the structure and have been reviewing the data within LDAP and am wondering if anyone has manually created an xml or ldif file to load via ldapmodify
The item that has me hung up is mapping the following fields:
zzlwsnattrLineage
zzlwsnattrParentNode
Thank in advance.
Chad
|
|
|
|
1 |
2445 |
by Chad Dirst9/17/2013 10:17 AM |
|
0 Replies and 2314 Views
Company Control for AP Forms 2314 0
Started by AjaxSlax
What's the best way to restrict access on the AP forms so that only 1 particular company is selectable
We had developed a separate security class to restrict all forms to 1 company, however, we discovered they need access to the other company for their employee self service work.
Thoughts
|
|
|
|
0 |
2314 |
9/16/2013 3:31 PM |
|
0 Replies and 2647 Views
lsfsecurityauthenexception 2647 0
Started by Gary Padgett
Getting an error with ldapbind in an environment that is normally not ldapbound, but we are binding in order to test a few things. I have run the ldapbind in this environment before, and feel confident in my procedure. Note - I was in LID when the ldapbind encountered the error message, so I cannot guarantee I got the same message shown here. I ran the ssoconfig -l of the backup file in an SSH client when I got this message. Any ideas/help would be greatly appreciated.
...
|
|
|
|
0 |
2647 |
9/13/2013 11:38 AM |
|
0 Replies and 2309 Views
GL95.1 Major Account 2309 0
Started by AjaxSlax
Hi all!
I'm needing to restrict the values that are available for selection on the GL95.1 screen under the Major Account. I was to restrict it so that only one account is available for selection.
Apparently the fields are FR-ACCOUNT and TH-ACCOUNT.
Neither of them seem to be defined as an element.
Any ideas on how to restrict the field
Even the ability to only allow that value to be inquired upon would work.
Thanks
|
|
|
|
0 |
2309 |
9/12/2013 12:24 PM |
|
0 Replies and 2757 Views
Securing PA52 Action Codes 2757 0
Started by Sandra Badini
I need to secure the PA52 to one action code for a user. I defined an element group for the PA action code to limit the list available to the user.
The functionality is working to allow the user to add, change and delete an action. However, the next and previous functions are returning a security violation. The security class had permission to PERSACTYPE, PERSACTION and EMPLOYEE. We do not have security on company or process level.
Any ideas about what security...
|
|
|
|
0 |
2757 |
9/11/2013 8:05 PM |
|
0 Replies and 2420 Views
LS9 Granting Access to a Range of Company or Process Levels 2420 0
Started by Trident Enterprises
I am trying to write rules in LS9 for granting access to a range of companies or process levels. An example would be 1000 to 1299 and 4000 to 5999. And oh by the way I need access to company 15 too.
ProcessLevelControl and CompanyCompany in RM only accept values like 1000, 1001, 1002, etc. It would not be practical to load up all of those values in that method.
I can't find any documentation on ProcessLevelControl or CompanyControl in any of the Lawson manual or Inforxtre...
|
|
|
|
0 |
2420 |
9/5/2013 1:36 PM |
|
5 Replies and 3053 Views
After LDAP Bind the Logon Error handling is inconsistent 3053 5
Started by mikeD
If user enters an invalid user name, then the name and password are cleared and message 'Invalid username or password. Please try again.' is displayed.
If user enters an invalid password, then the name and password are cleared and no message is displayed.
Has anyone run into this Is there a way to correct this
Ideally an invalid name and/or password give same error message to the user.
|
|
|
|
5 |
3053 |
by Joe O'Toole9/4/2013 7:25 PM |
|
|
3 |
3644 |
by Peter Maynard9/3/2013 7:20 PM |
|
1 Replies and 2801 Views
Removing custom attribute from LSA 2801 1
Started by Chad Dirst
I am attempting to remove a couple of custom attributes via the Lawson RM Schema Editor. My understanding is that making the change via the schema editor only puts the change in a “temporary” location and the actual change needs to be generated via ldifgen and then loaded via ldapmodify.
My question is really on the ldifgen command.
Here is the command I am planning on running:
ldifgen xmltoschemaldif RmMeta_Default.xml -f schema.ldif -r reorg.ldif -m updat...
|
|
|
|
1 |
2801 |
by Alex Tsekhansky8/31/2013 5:45 PM |
|
0 Replies and 2114 Views
Replacing Data Level Security on Finance Programs 2114 0
Started by ALB
We are going from LAUA to Lawson 9 security. Our financial modules used the Data Security. Since data security is tied to the SC field on the screens, LAUA leveraged that. Is there something similar in Lawson 9 security Do I have to look at each transaction we use to see if it is using company/process level security Our consultant suggested we use the CompanyControl and AccountingUnitControl attributes, but we would have to maintain that. We thought about pu...
|
|
|
|
0 |
2114 |
8/28/2013 3:13 PM |
|
8 Replies and 2842 Views
ESS Payment Modelling 2842 8
Started by ALB
We have been having security violations with Payment Modelling in ESS. The rule is:
if(isElementGrpAccessible('COMPEMP', '', 'PR', form.EMP_COMPANY, form.EMP_EMPLOYEE))
'ALL_ACCESS,'
else
'NO_ACCESS,'
We have tried using lztrim and trim. So far, we have not had any success. We had to build an Element Group COMPEMP with company and employee.
I would appreciate any ideas.
Thanks!
|
|
|
|
8 |
2842 |
by ALB8/27/2013 7:13 PM |
|
4 Replies and 2297 Views
Secure jobs/prints by Group attribute for users with Multiple Groups 2297 4
Started by mikefortuna
I can use this function to find a user's group attribute and then limit them to seeing jobs/prints of users within their own group. This works, but not if the user has multiple groups assigned to them.
UserName==user.getHostServiceId()||isMemberOf(user.getAttribute('Group'),UserName)
'All_ACCESS,'
else
'NO_ACCESS'
How can I do this so that it checks all of the groups assigned to the group attribute
|
|
|
|
4 |
2297 |
by Roger French8/22/2013 1:35 PM |
|
3 Replies and 3113 Views
ESS & Address Changes 3113 3
Started by Deleted User
I'm trying to allow employees to make address changes via ESS however i do not want them to have access to HR11.1 screen to make any changes to their or anyones elses data.
I've tried giving full access to HR11, Employee specific access to HR11.1 using 'lztrim(table.EMPLOYEE)==lztrim(user.getEmployeeId())' and then denying access to all tabs except Address but i'm still getting the 'Address change cannot be made at this time; please contact your HR department to make this change. ...
|
|
|
|
3 |
3113 |
by Deleted User8/13/2013 2:41 PM |