Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Mass Assignment in RM
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Chris Radcliffe
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5187
People Online:
Visitors:
171
Members:
0
Total:
171
Online Now:
New Topics
S3 Customization/Development
Cobol - Extract Current Time
4/24/2024 7:21 PM
How do you extract just the Current System Time in
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Mass Assignment in RM
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
TBonney
Veteran Member
Posts: 277
7/7/2010 12:52 PM
Is there a tool that can be used to remove a role from multiple profiles at the same time, such as you you would apply it to multiple roles simultaneously using Mass Assignment in Resource Administrator?
We have a role that we'd like to remove from several hundred user profiles, but leave all other roles on those profiles in place.
Has anyone else encountered this situation and know of a way to accomplish this? Thank you.
Dave Amen
Veteran Member
Posts: 75
7/7/2010 2:22 PM
I use two methods for adjusting Roles in an automated way:
- Mass Assignment (as you indicated) will ADD Roles to those already in place.
- loadusers DELETES and REPLACES all Roles.
There are several ways of capturing the existing Roles, including one of the recently added Lawson Security reports. You can collect those in a file, edit the file to remove the offending role from those users, format it as the XML used by loadusers and run it. It will basically wipe out their existing roles and replace with all but the offending role.
Does that all make sense?
Best regards,
Dave
(303) 773-3535
TBonney
Veteran Member
Posts: 277
7/7/2010 8:11 PM
Thanks Dave.
It has been our experience that when you run the load users script, it can only be done for a NEW SETUP/ADD, or a FULL DELETION of a profile. We have been unable to use it to modify existing roles on a profile, which is what we are aiming for in this case. We'd liek to delete the role from anyone who has it, but keep all of their other roles and settings in tact as is.
Is this possioble with the loadusers script? (Or by any other means for that matter?)
Thanks again for any direction you can provide.
Dave Amen
Veteran Member
Posts: 75
7/7/2010 11:05 PM
Here's part of the loadusers XML file I used to add the TimeKeeper Role to several users (since it wipes existing Roles, I had to include EVERY Role I wanted the user to end up with):
<USER ID="NT00000008" ROLE="TimeKeeper,BatchRole,LawsonQueryToolsRole,PortalBookmarkAdminRole,ProcessFlowRole"></USER>
The entire body of the XML file looks just like that. Some versions of LSF also require you to include Firstname and Lastname (rather odd), so watch for an error that seems to indicate that. Also, you may have to watch out for passwords. If you're bound, then there's no problem. If you're not bound, loadusers does tend to reset passwords. Suggestion: build and run this for one user to get all of that figured out, then run for 10 or so, then the entire population.
Mine was obviously a Windows system. If you have that, you probably know the listusermap command to get the translation between NT000000xxx and the user ID. For Unix, the RM ID goes there.
TBonney
Veteran Member
Posts: 277
7/9/2010 2:10 PM
Thanks Dave. I am familiar with the LoadUsers.xml. So it sounds like what you're saying is that any time you use it, it overwrites any existing info for the user with ONLY the information you're loading back with the file. If this is the case, then there is no way to maintain roles 1, 2 and 4, while removing role 3 form any given user (or users). Is this correct?
Has anyone devised a way to accomplish this, making UPDATES to an existing profile, without needing to remove the users existing roles?
Thank you.
Dave Amen
Veteran Member
Posts: 75
7/9/2010 3:20 PM
You're right in that whatever Role(s) you "add" with loadusers will completely REPLACE all Roles that are already in place. If they already have 5 roles and you run loadusers with 1 Role, they will have only 1 Role when it's done.
I don't have another way to surgically update individual Roles (yet, anyway). Maybe we'll find out here someone else knows a way to do that!
Remember to be wary of passwords with loadusers if you're not bound!
Best regards,
Dave
(303) 773-3535
TBonney
Veteran Member
Posts: 277
7/9/2010 3:44 PM
Thanks Dave. I hope so too. perhaps I'll make a new post with a closer description to what I'm really asking here so it catches the eyes of anyone who might have an answer. Thanks for your feedback!
Brian Allen
Veteran Member
Posts: 104
7/21/2010 2:58 PM
There's a current env patch that appears to address this...
JT-134962 [REL_900_SP8] The loadusers tool should append the specified roles to a user's list of roles rather than replace them.
Brian Allen
Veteran Member
Posts: 104
8/5/2010 7:45 PM
The latest (May 2010) Lawson Administration Resources and Security 9.0 Guide describes the current delete capability. I'm just starting to explore this...
You can use the loadusers utility to mass-delete users, roles, or groups. You might do this, for example, if you want to clean up your system to eliminate faulty or old data. Mass-deleting through this method is powerful and should only be done by a system administrator who is knowledgeable about the Lawson system and about XML.
The loadusers utility accepts input from an XML file that you create. You can populate any attributes that you want to delete.
Following is an example of an XML file that has been used to delete users, roles, and groups.
loadusers -f filename -p defaultProdLine -d defaultDomain
-u -g username
...
John Henley
Senior Member
Posts: 3348
8/13/2010 7:26 PM
I have used this (-u) and it does work.
You are not authorized to post a reply.