PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 01/02/2020 10:57 AM by  Roy
Lawson Security admin and rule writing
 3 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Ronnie
Lawson Analyst II
Private
New Member
(6 points)
New Member
Posts:4


Send Message:

--
11/19/2019 10:25 AM

    Can someone point me to the direction where I can find out what the expression builder in Lawson Security Admin is meaning when it says "form.process_level"  or "form.author_name"  etc. 

    Where are these forms it is speaking of?  Like for process_level, there are numerous forms inside of Lawson that contain process level.

     

    We are needing to create a security role for an internal audit team where they will have access to see info / run reports on all of our process levels (clinics), except for our corporate process level. 

     

    I am a little confused on how to work this one out.

     

    I know for others who can only see certain locations, we are using the process level control attribute in the security administrator Edit RM information on a person, but we have over  500+ locations for this to work we would have to manually add all locations except the corp to those users. That would take forever.

     

    Surely there is a rule I can write somehow to do the opposite?

     

    Thoughts?

    Jay2
    Private
    Private
    Veteran Member
    (180 points)
    Veteran Member
    Posts:80


    Send Message:

    --
    11/19/2019 11:59 AM
    The first question: those signify fields on the form you are currently writing a rule for.

    You should be able to write:
    If
    Form.Process_Level!=
    All Access
    Jay2
    Private
    Private
    Veteran Member
    (180 points)
    Veteran Member
    Posts:80


    Send Message:

    --
    11/19/2019 12:01 PM
    It cut my value out

    If it does not equal the Corp process level then all access
    Roy
    Business Programmer/Analyst
    BMHCC
    Basic Member
    (13 points)
    Basic Member
    Posts:5


    Send Message:

    --
    01/02/2020 10:57 AM

    Are you keeping your data level access security classes separate from the form based access security classes?

    In our case we have form based security classes that give access to the forms, e.g. AP20, GL90, etc. and data level access classes that look at attributes.  The first rule in the data level access class look for the word "ALL" in the attribute, which gives access to all companies/process levels, then it compares against the actual value of the attribute, these rules are in the element group (we have custom element groups, but still have PROCLEVEL as well because we never completely weaned off of PROCLEVEL, as you know PROCLEVEL supersedes any other rule, so if PROCLEVEL is false, it doesn't matter what other rules there are):

    if(attributeContains(user.getRDId(),'DLPROC','ALL'&&(SystemCode=='AM'||SystemCode=='AP'||SystemCode=='CB'||SystemCode=='GL'||SystemCode=='IC'||SystemCode=='IF'||SystemCode=='MA'||SystemCode=='PO'||SystemCode=='RQ'||SystemCode=='TX'||SystemCode=='WH'||SystemCode=='LM'||SystemCode=='AR'||SystemCode=='BL')
       'ALL_ACCESS,'
    else
       if(attributeContains(user.getRDId(),'DLPROC',COMPANY)&&(SystemCode=='AM'||SystemCode=='AP'||SystemCode=='CB'||SystemCode=='GL'||SystemCode=='IC'||SystemCode=='IF'||SystemCode=='MA'||SystemCode=='PO'||SystemCode=='RQ'||SystemCode=='TX'||SystemCode=='WH'||SystemCode=='LM'||SystemCode=='AR'||SystemCode=='BL')
       'ALL_ACCESS,'
    else
       'NO_ACCESS,'

     

    You are not authorized to post a reply.