Migrating from LAUA to LSA security

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3288
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1348
Roger French	1311
mark.cook	1244

Greg Moeller

Veteran Member

Posts: 1498

12/8/2009 8:10 PM

We are trying to get a handle on LSF9 security (moving away from LAUA). We have been to training, and had a consultant here for a week. We also purchased the FastTrack security templates, but still seem to be having issues.

Situation: We need to restrict certain roles from seeing exec pay-rate by process level (900 & 950). We have the HRFFAFileAccess opened wide up (as delivered) and assigned to a role that should be able to see pay rate for everyone. User cannot see pay rate for anyone. The users that should be restricted, can't see anyone's pay rate either. I can't figure this baby out.

On the field in the table, we have the following rule applied:

if(trim(getDBField('EMPLOYEE','PROCESS-LEVEL',table.COMPANY,table.EMPLOYEE))=='900'||trim(getDBField('EMPLOYEE','PROCESS-LEVEL',table.COMPANY,table.EMPLOYEE))=='950')
'NO_ACCESS,'
else
'ALL_ACCESS,'

What are we missing?

MattD

Veteran Member

Posts: 94

12/8/2009 8:31 PM

What field in the table is this written on?

Matt

MattD

Veteran Member

Posts: 94

12/8/2009 8:37 PM

Also do you use HR09 Security? This still exists and can be used to now allow access to pay rate information.

Matt

Greg Moeller

Veteran Member

Posts: 1498

12/9/2009 3:23 PM

The field is PAY-RATE.

Yes, we have HR09 Security set up, but really aren't clear how to implement it with LSA Security. Could you elaborate?

Greg Moeller

Veteran Member

Posts: 1498

12/9/2009 3:30 PM

Also, our company is 0001 , but we always enter it as just 1 - do we need an lztrim in the formula somewhere or not?

GregSl

Veteran Member

Posts: 38

12/9/2009 3:59 PM

You have to use the same rule on HR11.PayRate Field.

If you are using ESS, check the Rules for the users access to ESS tables.

Hope this helps.

Greg Moeller

Veteran Member

Posts: 1498

12/9/2009 4:54 PM

We are, but with LSA Security shouldn't the most permissive access in the role win out?

Greg Moeller

Veteran Member

Posts: 1498

12/9/2009 6:52 PM

I removed the ESS portion from the role, and still no Pay-Rate field exists.

Here is the rule that we have applied to the HR11.PayRate field.
if(form.EMP_PROCESS_LEVEL=='900'||form.EMP_PROCESS_LEVEL=='950')
'NO_ACCESS,'
else
'ALL_ACCESS,'

GregSl

Veteran Member

Posts: 38

12/9/2009 8:05 PM

Try using the same logic on both : HR 11.PayRate and EMPLOYEE.PayRate
HR11 with (form.EMP_PROCESS_LEVEL=='900'||form.EMP_PROCESS_LEVEL=='950')

EMPLOYEE (table.PROCESS_LEVEL)=='900' etc.

The Role you are testing has no access to pay rate or Check LS ='N' ,pointing to LAUA secuirty. Grant access and check.

MattD

Veteran Member

Posts: 94

12/10/2009 1:28 PM

With regards to HR09 security if you are currently running HR09 security and have users restricted that way it will override Lawson Security 9. Lawson originally told me that HR09 doesn't work once you are on Lawson Security 9 but this is not the case. The most permissive rule "wins" in LS9, but only if it is an LS9 rule. HR09 will outrank them all even if it is more restrictive.

I would try writing the form rule on the Pay Tab. Get it working there, then work with the PAY_RATE field. It's just easier to tell if the form rule is working and that no other rules are "winning".

I would also remove all but one security class just to make sure another rule is not outranking your other rules. (Okay two security classes a file class and the class containing HR11)

Hope this helps.

Greg Moeller

Veteran Member

Posts: 1498

12/28/2009 9:27 PM

I think we've gotten this one working now! (although I'm not real sure what fixed it....) I believe that it was HR09 security that was blocking it all along, but can't confirm nor deny that.