LS Report to see user access to forms, classes, and roles

Robert,
There are two standard reports I find useful:

- Object Security Report - you enter an object such as HR11.1 or the EMPLOYEE table and it shows everyone who can touch it and how.

- User Security Report - select a user to report on and it shows everything they can access and how. The concern with this one is that it blows up if you try to run it for more than 5 or 6 users at once. To sort of get around that, I attach EVERY Role to a specific user and run the report for that user to see everything. It still doesn't show what each user can do, though. You can combine that with the Role/Security Class Report and the the Role/User Assignment report to get what you're asking, but you have to monkey around with them a lot.

Next would be to extract the LDAP data into LDIF format, which is a text file. It's rather complex, but you can dismantle the LDIF file and extract anything you want (look on the web for LDIF and you can find how to run the extract and look at the file). LDIF is a good backup method also. LDAP tools such as JXplorer will also export files in LDIF format.

You can also get much of this information by running Lawson's lsdump command in various ways to create XML files. As would be the case with LDIF, you would dismantle or extract what you need from the XML files.

Next level of effort would be to connect directly to LDAP with Java or a tool/language you prefer, analyze the results and re-assemble them into what you need.

Sorry - none of this is simple or easy. Hopefully this gives you some ideas you can use, though.


As another option, the Lawson partner company Kinsey & Kinsey has an LS9 Reporting system that shows that and lots more (access to tables and screens by Role, Security Class, User, along with user attributes sliced and diced lots of ways, etc.). If you're interested in that, call Guy Henson at 757-621-8236 (or g.henson@kinsey.com).

Best regards,
Dave
(303) 773-3535