Conditional Access Rules on tables

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3288
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1348
Roger French	1311
mark.cook	1244

John Costa

Veteran Member

Posts: 154

7/15/2009 7:07 PM

We are on environment 9.0.0.6 and Apps 8.1.0.6.

I am trying to create a security class to provide access to the "Personal Profile" link in Employee Self-Service. According to the technical documentation for Employee/Manager Self-Service, I need to provide access to the PAEMPLOYEE table of my product line database. However, I found I also needed to grant access to the EMPLOYEE table as well (documentation error I suspect).

So I created a security class that provides full unconditional access to the HR catalog and the EMPLOYEE and PAEMPLOYEE tables. This particular class works fine and I am able to retrieve data in Portal. However, if I create conditional access rules on the tables that limit access to the data based on the employee ID, the link on employee self-service no longer works, resulting in an error message saying "No employee record found."

I even tried to grant unconditional "Inquiry" access to the tables and I still could not retrieve data in the Portal. So it seems that I have to grant either "All Access" to the tables or no access at all is provided.

So I'm wondering, do conditional access rules apply to table objects?

wintergreen

Veteran Member

Posts: 93

7/15/2009 9:16 PM

Do you use the element group? If you do, I feel there is some table file you need to put condition rule too. Not sure about that. Lawson has programmatic security and it could lock your access.

Derek Czarny

Veteran Member

Posts: 63

7/16/2009 11:30 AM

This is how we wrote the conditional rules for Employee access to the EMPLOYEE table. Don't try to copy this directly because the copy paste in the security administrator tool doesn't work too well.

IF
isElementGrpAccessible('COMP_EMPLOYEE','I','HR',table.COMPANY,table.EMPLOYEE)
THEN
I
ELSE
NO_ACCESS

John Costa

Veteran Member

Posts: 154

7/16/2009 12:07 PM

No, we are not using element groups. Here is the conditional rule I am trying to use on the EMPLOYEE table:

if(user.getEmployeeId()==table.EMPLOYEE) 'I,' else 'NO_ACCESS,'

The rule was built using the Expression Builder so I have to assume the syntax is correct. And like mentioned earlier, I even tried using "Unconditional Access for Action" for Inquire and met with similar results. It seems like if I try to filter or restrict access to the table in anyway, I simply get no data back resulting in the "No Employee Record Found" error in Portal.

wintergreen

Veteran Member

Posts: 93

7/16/2009 12:26 PM

somthing to do with the employee record security?? HR12, HR10, HR09?

wintergreen

Veteran Member

Posts: 93

7/16/2009 12:58 PM

Do you need to lztrim(table.EMPLOYEE)?

John Costa

Veteran Member

Posts: 154

7/16/2009 1:31 PM

I doubt it has anything to do with record-level security since we don't use that either. However, adding in the lztrim syntax seems to have resolved the problem. My rule is now as follows:

if(user.getEmployeeId()==lztrim(table.EMPLOYEE)) 'I,' else 'NO_ACCESS,'

I assume the lztrim() part of the statement removes spaces from the column within the table record?

wintergreen

Veteran Member

Posts: 93

7/16/2009 1:43 PM

Yes. That is correct. It is better to use lztrim or trim for access database. lztrim should be used to strip leading zeros that may exist in values from database table. Trim is used on alpha numeric fields and lztrim is used on numeric fields.

John Costa

Veteran Member

Posts: 154

7/16/2009 1:54 PM

Great. Thanks for your help folks.