PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 03/20/2015 10:54 AM by  randys
Batch Jobs
 24 Replies
Sort:
You are not authorized to post a reply.
Author Messages
KerriR
Private
Private
Advanced Member
(84 points)
Advanced Member
Posts:34


Send Message:

--
11/04/2009 2:39 PM

    Does anyone have the exact setups that are needed to allow users to submit batch jobs?  We are using LS9 and some of our users are getting "security violation" errors when trying to inquire on their jobs (HR170, PR260, PA490 are some examples).  If they wait about 10 minutes, they can then inquire and run the job without any problem.  I find this very interesting because in my mind, security is either on or off, there's no in between.  So why would it NOT work one minute but work 10 minutes later? 

    riegerj
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:44


    Send Message:

    --
    11/04/2009 2:55 PM
    We ran into a problem with a custom locale. When the users were assigned the custom locale you had to inquire on the job twice before the submit button was available. Are you using the default locale for these users?
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/04/2009 3:10 PM
    I'm pretty new to this so can you tell me where I check to see which locale is assigned to the users?
    riegerj
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:44


    Send Message:

    --
    11/04/2009 3:23 PM
    Sure thing, if you go into Lawson Security Administrator, User Maintenance, find a user and go to the Edit Lawson Environment Information. You will see the locale listed there (this is the screen where you do user groups and printers and etc.)
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/04/2009 3:48 PM
    The locale for our users is blank.
    riegerj
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:44


    Send Message:

    --
    11/04/2009 3:56 PM
    Ok, then it must be something else. You are using Lawson 9 security right? Do the users have the BatchRole assigned to them?
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/04/2009 4:12 PM
    Yes, we are using Lawson 9 security. The users do have BatchRole assigned to them. This would make so much more sense if it didn't work all of the time. Instead, it works intermittently which makes me think their security must be correct and it has to be something else. Do you know if there is some sort of caching of the security classes/roles that may take some time to load when the user logs in? I know I'm grasping at straws but I've been through every piece of documentation I can find and have checked and double checked the "batch" security rules and it appears everything is set up correctly. There must be some setting or something we're missing.
    riegerj
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:44


    Send Message:

    --
    11/05/2009 7:17 AM
    I don't know of anything except the initial IOS Cache Refresh or the Server Management Clear Cache which would only be used if security changes are taking a while to propagate. I am not sure what would cause the security to change intermittently. Is it only the first time the user accesses the form or can it be the 3rd or 4th time they access the form?
    John Crudele
    Private
    Private
    Veteran Member
    (108 points)
    Veteran Member
    Posts:50


    Send Message:

    --
    11/05/2009 7:43 AM
    Check the users Lawson Environment Info and verify the users are assigned to a User Group. Also check that the data Area/ID is populated.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/05/2009 7:43 AM
    It can happen at any time. I was hoping someone out there would have the exact rules that are needed to allow users to run batch jobs. That way I could compare them to what we have and make sure we didn't miss anything.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/05/2009 7:51 AM
    All of the users are assigned to a User Group and have the data area/ID filled in.
    John Henley
    Private
    Private
    Senior Member
    (9563 points)
    Senior Member
    Posts:3205


    Send Message:

    --
    11/05/2009 8:32 AM
    If it works sometimes, then it's probably not an issue with the rules. Have you looked at the lase*.log files?
    Thanks for using the LawsonGuru.com forums!
    John
    riegerj
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:44


    Send Message:

    --
    11/05/2009 9:42 AM
    Do each of the users have unique environment/OS IDs? I think this can cause issues for batch users too.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/05/2009 10:27 AM
    riegerj - Checking for unique environment/OS IDs is something I've already checked and they are unique. Thanks for the suggestion.

    John - Lawson has also suggested looking at the lase*.log files but we cannot reproduce the security violation error on demand so at this point I'm stuck.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/05/2009 12:49 PM
    Good News! One of our users just got the "security violation" error. Now, can someone tell me what I need to be looking for in the logs?
    GregSl
    Private
    Private
    Veteran Member
    (102 points)
    Veteran Member
    Posts:38


    Send Message:

    --
    11/05/2009 1:25 PM
    You can check IOS log file as well as lase.logs depending on CHECKLS flag for the users concerned.

    To trap the error messages, use Auditing + logging, select ALL and select the users ( who got the security violation)
    Logs will tell you the reason for the security violation eg. access denied.

    Hoep this helps.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/05/2009 1:44 PM
    I found this in a log but I don't know what was denied access. The nodeName is blank.

    2009-11-05 10:54:29 com.lawson.lawsec.default.FINE com.lawson.lawsec.author.runtime.LawsonSecurityRequestOptImpl.evaluateNonContentNodeSecurity()
    USER: jafoley
    nodeName=, FC=I, Default ruleResult=NO_ACCESS, FcResult=ACCESS DENIED

    GregSl
    Private
    Private
    Veteran Member
    (102 points)
    Veteran Member
    Posts:38


    Send Message:

    --
    11/05/2009 3:28 PM
    Never seen that. I would suggest you select user jafoley for Auditing.

    I am not sure if stoplase/startlase, will clear the cache or bouncing the server might help.
    mark.cook
    Private
    Private
    Veteran Member
    (1244 points)
    Veteran Member
    Posts:444


    Send Message:

    --
    11/06/2009 7:32 AM
    We also had an issue with intermittant security issues on one security class. Ours will work fine for 4-6 weeks with no issues and then out of no where the issue appears again. We had been given a PT to install and have not seen it reappear for a while. If your on SP4 the PT is 183606 or if on SP6 183785. Check to see where you are on these PT's. They basically push out a new lawsec.jar file so you have to make sure enough testing is completed. A similar PT that effected lawsec.jar also required us to upgrade our RSS because we could not click check out without an error.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    11/12/2009 1:54 PM
    We just applied the patch to our production box. I'll update this post in a few weeks if all goes well. Thanks for all of your help.
    KerriR
    Private
    Private
    Advanced Member
    (84 points)
    Advanced Member
    Posts:34


    Send Message:

    --
    12/09/2009 2:11 PM
    The patch seemed to fix our issue. Thanks for everyone's help.
    randys
    application specialist
    city of corpus christi
    New Member
    (6 points)
    New Member
    Posts:2


    Send Message:

    --
    03/19/2015 11:31 AM

    Does anyone no what this means "Submitting job GL240HH to default job queue (User secured from submitting jobs)" 

    The user cannot submit any jobs.

     

    BarbLR
    Systems Architect
    Munson Healthcare
    Veteran Member
    (888 points)
    Veteran Member
    Posts:306


    Send Message:

    --
    03/19/2015 12:11 PM
    Yes, it means that the user does not have the security rights to submit batch jobs.
    BarbLR
    Systems Architect
    Munson Healthcare
    Veteran Member
    (888 points)
    Veteran Member
    Posts:306


    Send Message:

    --
    03/19/2015 12:19 PM
    The user must be granted:
    ENV profile - a number of the online securable types (executables)
    GEN profile - online UN, several files (job, jobstep, queuedjob, userrpt) and element username
    randys
    application specialist
    city of corpus christi
    New Member
    (6 points)
    New Member
    Posts:2


    Send Message:

    --
    03/20/2015 10:54 AM
    Thank you for the responses it lead us in the right direction. We found a missing role "process flow role" and a setting in security for workflows that was supposed to be set to a "1" and not "0".
    You are not authorized to post a reply.