• Search Forums
    Advanced Search Topics Posts
Prev
Next
Forums Infor / Lawson Platforms S3 Security

S3 LSF9 Securing User drops in Print Manager and on Jobs

 15 Replies
 2 Subscribed to this topic
 16 Subscribed to this forum
Sort:
Author
Messages
LeslieP
Basic Member
Posts: 7
Basic Member
7/1/2008 6:38 PM

I have been unable to successfully secure the print files and user drop downs. I do not want an AP bookkeeper to see the check files created by a PR User. I do want supervisors in departments to see their group but do not want the members of the group to access other members. I have approached it with rules on gen tables, rules on My security is complex having multiple companies and multiple productlines and users with different hats for different combinations of prodline, company and process level.

I have also tried this and variations on this but not been sucessful

On Unix, in the GEN profile for the 'UserName' element write the rule:
if(UserName==user.getHostServiceId()||isMemberOf('payroll',UserName))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'

MattM
Veteran Member
Posts: 82
Veteran Member
7/1/2008 7:01 PM
I can see why the UserName==user.getHostServiceId() would work but, don't see how isMemberOf('payroll',UserName) would work. For the group piece, would
user.attributeContains('Group','payroll') work?
John Henley
Posts: 3355
7/1/2008 7:13 PM
if(UserName==user.getHostServiceId()||isMemberOf('payroll',UserName))
'ALL_ACCESS,'
else
'NO_ACCESS,'

What is your intention for that rule?
Thanks for using the LawsonGuru.com forums!
John
LeslieP
Basic Member
Posts: 7
Basic Member
7/2/2008 5:39 PM

That rule was from a consultant. And was written on the UserName Element in GEN.

The intention was to allow the user to see people in their group.

John Henley
Posts: 3355
7/2/2008 6:17 PM
Well, then that rule should work for you. It's probably that you have another rule which is conflicting and has greater access.
Thanks for using the LawsonGuru.com forums!
John
Kwane McNeal
Veteran Member
Posts: 479
Veteran Member
7/11/2008 6:12 PM
No it's not that......

You need to write the rule in a few places. A few tips:
1) GEN rules apply to GEN objects...ONLY
2) There are TWO UserName ELEMENTS, one in GEN and one in the Productline. You have to have rules in BOTH places
3) There are SIGNIFICANT bugs with the rules engine for this exact issue. Your ESP level matters here.
4) Print Files cannot be secured in and of themselves

With that said, it can be done, in *certain* ESPs.

Give me a call, and I will help where I can,
Kwane
954.547.7210
alincoln
Basic Member
Posts: 12
Basic Member
2/25/2009 9:51 PM
Thread... rise from your grave!

I'm running into the exact same scenario here. I'm not so much concerned with securing individual print files, but I do need to grant the ability for users to view the print managers of people who are in the same group as they are.

I tried borrowing the conditional rule from above (using my own group name of course):

isMemberOf('payroll',UserName)

But I'm not getting anywhere with it. I've tried with various other conditional statements without success.

Did you ever get anywhere with this effort? Any help would be much appreciated! For reference sake, we're on Version 9.0.1.2.102 2008-02-20 04:00:00.
LeslieP
Basic Member
Posts: 7
Basic Member
2/26/2009 1:20 PM

Yes, I do have this working. Contact me at lesliep@britthaven.com for details or call 800 676 1191 x2302

Deleted User
New Member
Posts: 0
New Member
3/31/2009 8:33 PM
I am very curious about how this ended up working out as well.... Our Lawson consultant can't get it to work either using :

if(user.getUserName()==UserName)
'ALL_ACCESS,'
elseif(user.isMemberOf('PrintMgrPR2Group'))
'ALL_ACCESS,'
else
'NO_ACCESS,'
Chris
Advanced Member
Posts: 23
Advanced Member
2/9/2012 12:43 PM
I realize it's almost two years later, but has anyone been able to get this to work? We're still trying without success to grant access to jobs and reports to a group of users.
Chris
Advanced Member
Posts: 23
Advanced Member
2/9/2012 1:56 PM
Finally figured it out. In Windows (where username is the NT#) and in UNIX or IBM i when the RMID is not the same as the OS ID (as in our case), all the functions that evaluate group participation do not work. See KB #5427427.) The alternative solution is to create a structure in RM.
Patricia Mane
Basic Member
Posts: 24
Basic Member
10/21/2016 4:21 PM
Help Please.  We have been with Lawson for 2 years now and we need to put into place security around the Printer Manager and user changed the User name field to see reports.  Now that Payroll is part of the equation, what can we do to stop this.  A previous comment mentioned KB #5427427, and I wasn't able to find anything.
Brian Allen
Veteran Member
Posts: 104
Veteran Member
10/21/2016 4:35 PM
Have you looked at KB 1208815 - "How do I secure users so they can see only their own jobs and/or print files in the job scheduler and print manager".  This one also discusses env release levels.
Dave Amen
Veteran Member
Posts: 75
Veteran Member
10/21/2016 10:33 PM
A couple of thoughts with KB 1208815 . . .

First, here is the essential part of that KB:
Assign each user an environment user group that contains ALL users (example: the ALL user group). This can be done within the laua user profile OR in the Lawson Security Administrator, User Maintenance under Edit Lawson Environment Information.

Dave's note: you will probably need to first add the user through the usergrpdef command in LID. Then the system will let you attach them to the ALL user group.

In Lawson Security, under the GEN profile, create a security class with a conditional rule on the USERNAME Element as follows:
if(user.getUserName()==UserName)
'ALL_ACCESS,'
else
'NO_ACCESS,'

Make sure the security class is assigned to a valid security role that is assigned to the user.

Dave's note: attach that rule to the BatchRole, and everyone who sees batch jobs will be secured by it!

Regards,
Dave
(303) 773-3535
Russell E
Basic Member
Posts: 16
Basic Member
10/27/2016 7:38 PM

I have tried this and it does restrict users from seeing others print files, but I have found it also restricted the user from submitting any batch jobs.

 

Anyone have any idea?

LeslieP
Basic Member
Posts: 7
Basic Member
10/27/2016 7:53 PM

I have a word document that shows my rules and the conditions I applied. It works for me and I would be happy to share what I used. Using the user group never did work for me.

Contact me at

Lesliep@principle-it.com