Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Company/Accounting Unit Level Security
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Chris Radcliffe
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5187
People Online:
Visitors:
295
Members:
0
Total:
295
Online Now:
New Topics
S3 Customization/Development
Cobol - Extract Current Time
4/24/2024 7:21 PM
How do you extract just the Current System Time in
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1351
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Company/Accounting Unit Level Security
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
terrig
New Member
Posts: 2
3/16/2011 12:23 PM
I am fairly new to Lawson Security and we have received a request to set up an additional level of security in HR11.
We would like to be able to set controls at the Company/Accounting Unit level. We have several companies and within each of those we can have the same Accounting Unit number. I have not been able to find anything on how to utilize the combination
Example:
Co 100 AU 4350
Co 300 AU 4350
Co 870 AU 4350
Any suggestions would be appreciated.
Roger French
Veteran Member
Posts: 545
3/17/2011 11:41 AM
You may want to rethink Co/AU level security.
Lawson provides Company/Process Level and Security Level/Security Location 'out of the box' (but of course you have to define the security for them). For both online and batch forms it does work properly if you set it up properly. You should look into this if you've not already.
If you really want to use Co/AU or other non-standard combinations, you are faced with obstacles such as customizing your Lawson programs so in fact they can take advantage of that specific type of security. I've been through this type of scenarios and from my experience you are better to take advantage and use the 'out of the box' standard type of security structures. But...you're organization may be different and you have the resources and ways to customize your programs.
-Roger
terrig
New Member
Posts: 2
3/17/2011 2:20 PM
Thanks for your input Roger!
Kwane McNeal
Veteran Member
Posts: 479
3/17/2011 6:55 PM
I'll disagree with Roger on this one. The work I did at a large healthcare client's security team, was the catalyst for these fields being added to the standard Lawson installation for all clients.
The issue you have, is the same one we had, and why we implemented this in a far different way than Lawson did. The key is the security engine evaluates the fields independently of each other, and in a linear fashion. This means that AU will be evaluated across all Company, and vice-versa.
If you are willing to re-evaluate the execution of this, you get some very nice results from security to accomplish this.
If you have any questions, feel free to contact me.
Kwane
954-547-7210
Roger French
Veteran Member
Posts: 545
3/18/2011 3:03 PM
From my experience (the last instance is that we tried to use Company/User Level as the security component) is that we ran into the road block for Batch Jobs. Within many HR, PR batch jobs, there are the security API's which specifically use 'built in' Company/Process Level and Sec Level/Sec Location as the security components to secure the data within batch reports. We first tried to secure the Company/User Level on the EMPLOYEE table and other PR related tables, but it did not work, and on the PR batch jobs we saw data we should have not been seeing.
We tried other combinations and saw the same thing. Yes we were able to secure ONLINE screens OK, but not batch jobs report data using Company/User Level.
You can, as I said before, customize your batch jobs with API's to take into account Company/Accounting Unit or other 'non-standard' combinations. From my experience I don't know of many customers who wish to customize their standard batch reports just for security, but, maybe there are some.
Again, I do know that you can customize your batch jobs to take into account. And, I'd be happy to understand if any other client has successfully secured batch jobs using 'non-standard' Company/Accounting Unit, etc WITHOUT customizing the batch jobs.
Thanks,
Roger
Jesse
Basic Member
Posts: 10
4/1/2011 4:13 PM
Terrig, if by accounting unit you are referring to process level in HR, then you can use the PROCLEVEL element group in LS 9, populated with COMPANY and PROCESS-LEVEL. This element group is treated in a special way by LS 9, in that it secures the combination of COMPANY and PROCESS-LEVEL across all application suites in Lawson. Note that PROCESS-LEVEL is the equivalent of ACCT-UNIT on the Finance side.
Using this approach, you can write a rule on the PROCLEVEL element group to check the user's access to each COMPANY/PROCESS-LEVEL combination. Of course, you also need to store the COMPANY and PROCESS-LEVELs that the user has access to somewhere. We have done this by creating extra multi-value fields in RM, as well as using an existing Lawson table, HRUTILITY. You really do have some flexibility on the approach you'd like to take, depending on your organization's needs.
However, one big caveat to note—when securing a combination of COMPANY and PROCESS-LEVEL using LS 9, it truly applies the security across all suites, which may have unintended consequences if you don't keep this in mind. You basically will need to make sure the rule isn't accidentally granting all access to other suites, or the opposite, securing all access to other suites.
Again, a lot of this will depend on your requirements, but at least from what I've read, it does sound like what you'd like to do is possible, and we are in fact doing what I described successfully at the University of Pennsylvania Health System (UPHS). I can give you a great contact at Lawson who helped us if you send me a private message.
Jesse
You are not authorized to post a reply.