Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Combo Roles ESS MSS w LS9 Security
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Jessica
Past 24 Hours:
2
Prev. 24 Hours:
0
Overall:
5164
People Online:
Visitors:
239
Members:
0
Total:
239
Online Now:
New Topics
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Combo Roles ESS MSS w LS9 Security
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
Margie Gyurisin
Veteran Member
Posts: 538
4/18/2011 11:31 AM
We just discovered that if we give a manager both the MSS and ESS role, they are able to drill back to information on their direct reports that they should not be able to see.
Example:
With MSS role only, they do not see dependents.
When ESS role is added they do even though the EMDEPEND table has this conditional rule on it. if(isElementGrpAccessible('COMPEMP','','HR',lztrim(table.COMPANY),lztrim(table.EMPLOYEE))) { 'ALL_ACCESS,' } else { 'NO_ACCESS,' }
Any help you can provide would be appreciated. We are in the process of rolling out ESS and this is preventing us from rolling it out to the managers.
Karen Sheridan
Veteran Member
Posts: 141
4/18/2011 11:46 AM
Margie,
Did you also include the element group in your security class?
Karen
Margie Gyurisin
Veteran Member
Posts: 538
4/18/2011 3:33 PM
Our element group rules are currently like this:
EmployeeSelfServ EmployeeSSFile ELG ELG$_$COMPEMP if(user.getCompany()==lztrim(COMPANY)&&user.getEmployeeId()==lztrim(EMPLOYEE)) { 'ALL_ACCESS,' } else { 'NO_ACCESS,' }
ManagerSelfServ ManagerSSFile ELG ELG$_$COMPEMP if(user.isInChainOfCmdOfEmpInHR(COMPANY,EMPLOYEE)) { 'I,' } else { 'NO_ACCESS,' }
Our IS person is going to try this on the table based on a suggestion received on Lawson community.
If (table.COMPANY==user.getCompany()) && (table.EMPLOYEE==user.getEmployeeId())
'ALL_ACCESS,'
else
'NO_ACCESS,'
Jimmy Chiu
Veteran Member
Posts: 641
4/19/2011 2:46 PM
The suggested workaround is a quick fix for your problem.
You are not authorized to post a reply.