LesliePPrivatePrivate (17 points) Basic Member Posts:7  Send Message: 
7/1/2008 6:38 PM |
|
I have been unable to successfully secure the print files and user drop downs. I do not want an AP bookkeeper to see the check files created by a PR User. I do want supervisors in departments to see their group but do not want the members of the group to access other members. I have approached it with rules on gen tables, rules on My security is complex having multiple companies and multiple productlines and users with different hats for different combinations of prodline, company and process level.
I have also tried this and variations on this but not been sucessful
On Unix, in the GEN profile for the 'UserName' element write the rule:
if(UserName==user.getHostServiceId()||isMemberOf('payroll',UserName))
'ALL_ACCESS,'
else
'NO_ACCESS,'
|
|
|
|
MattMPrivatePrivate (214 points) Veteran Member Posts:82  Send Message: 
7/1/2008 7:01 PM |
|
I can see why the UserName==user.getHostServiceId() would work but, don't see how isMemberOf('payroll',UserName) would work. For the group piece, would user.attributeContains('Group','payroll') work?
|
|
|
|
John HenleyPrivatePrivate (9899 points) Senior Member Posts:3317  Send Message: 
7/1/2008 7:13 PM |
|
if(UserName==user.getHostServiceId()||isMemberOf('payroll',UserName)) 'ALL_ACCESS,' else 'NO_ACCESS,' What is your intention for that rule?
Thanks for using the LawsonGuru.com forums!
John
|
|
|
|
LesliePPrivatePrivate (17 points) Basic Member Posts:7  Send Message: 
7/2/2008 5:39 PM |
|
That rule was from a consultant. And was written on the UserName Element in GEN.
The intention was to allow the user to see people in their group.
|
|
|
|
John HenleyPrivatePrivate (9899 points) Senior Member Posts:3317  Send Message: 
7/2/2008 6:17 PM |
|
Well, then that rule should work for you. It's probably that you have another rule which is conflicting and has greater access.
Thanks for using the LawsonGuru.com forums!
John
|
|
|
|
Kwane McNealPresident Private (1431 points) Veteran Member Posts:477  Send Message: 
7/11/2008 6:12 PM |
|
No it's not that...... You need to write the rule in a few places. A few tips: 1) GEN rules apply to GEN objects...ONLY 2) There are TWO UserName ELEMENTS, one in GEN and one in the Productline. You have to have rules in BOTH places 3) There are SIGNIFICANT bugs with the rules engine for this exact issue. Your ESP level matters here. 4) Print Files cannot be secured in and of themselves With that said, it can be done, in *certain* ESPs. Give me a call, and I will help where I can, Kwane 954.547.7210
|
|
|
|
alincolnPrivatePrivate (26 points) Basic Member Posts:12  Send Message: 
2/25/2009 9:51 PM |
|
Thread... rise from your grave! I'm running into the exact same scenario here. I'm not so much concerned with securing individual print files, but I do need to grant the ability for users to view the print managers of people who are in the same group as they are. I tried borrowing the conditional rule from above (using my own group name of course): isMemberOf('payroll',UserName) But I'm not getting anywhere with it. I've tried with various other conditional statements without success. Did you ever get anywhere with this effort? Any help would be much appreciated! For reference sake, we're on Version 9.0.1.2.102 2008-02-20 04:00:00.
|
|
|
|
LesliePPrivatePrivate (17 points) Basic Member Posts:7  Send Message: 
2/26/2009 1:20 PM |
|
Yes, I do have this working. Contact me at lesliep@britthaven.com for details or call 800 676 1191 x2302
|
|
|
|
Frank Z (82 points) Advanced Member Posts:32  Send Message: 
3/31/2009 8:33 PM |
|
I am very curious about how this ended up working out as well.... Our Lawson consultant can't get it to work either using : if(user.getUserName()==UserName) 'ALL_ACCESS,' elseif(user.isMemberOf('PrintMgrPR2Group')) 'ALL_ACCESS,' else 'NO_ACCESS,'
|
|
|
|
ChrisPrivatePrivate (65 points) Advanced Member Posts:23  Send Message: 
2/9/2012 12:43 PM |
|
I realize it's almost two years later, but has anyone been able to get this to work? We're still trying without success to grant access to jobs and reports to a group of users.
|
|
|
|
ChrisPrivatePrivate (65 points) Advanced Member Posts:23  Send Message: 
2/9/2012 1:56 PM |
|
Finally figured it out. In Windows (where username is the NT#) and in UNIX or IBM i when the RMID is not the same as the OS ID (as in our case), all the functions that evaluate group participation do not work. See KB #5427427.) The alternative solution is to create a structure in RM.
|
|
|
|
Patricia ManeSystems Analyst II Private (48 points) Basic Member Posts:24  Send Message: 
10/21/2016 4:21 PM |
|
Help Please. We have been with Lawson for 2 years now and we need to put into place security around the Printer Manager and user changed the User name field to see reports. Now that Payroll is part of the equation, what can we do to stop this. A previous comment mentioned KB #5427427, and I wasn't able to find anything.
|
|
|
|
Brian AllenPrivatePrivate (300 points) Veteran Member Posts:102  Send Message: 
10/21/2016 4:35 PM |
|
Have you looked at KB 1208815 - "How do I secure users so they can see only their own jobs and/or print files in the job scheduler and print manager". This one also discusses env release levels.
|
|
|
|
Dave AmenPrivatePrivate (209 points) Veteran Member Posts:75  Send Message: 
10/21/2016 10:33 PM |
|
A couple of thoughts with KB 1208815 . . .
First, here is the essential part of that KB:
Assign each user an environment user group that contains ALL users (example: the ALL user group). This can be done within the laua user profile OR in the Lawson Security Administrator, User Maintenance under Edit Lawson Environment Information.
Dave's note: you will probably need to first add the user through the usergrpdef command in LID. Then the system will let you attach them to the ALL user group.
In Lawson Security, under the GEN profile, create a security class with a conditional rule on the USERNAME Element as follows:
if(user.getUserName()==UserName)
'ALL_ACCESS,'
else
'NO_ACCESS,'
Make sure the security class is assigned to a valid security role that is assigned to the user.
Dave's note: attach that rule to the BatchRole, and everyone who sees batch jobs will be secured by it!
Regards,
Dave
(303) 773-3535
|
|
|
|
Russell ELawson Sr Developer BAE Systems  (32 points) Basic Member Posts:16  Send Message: 
10/27/2016 7:38 PM |
|
I have tried this and it does restrict users from seeing others print files, but I have found it also restricted the user from submitting any batch jobs.
Anyone have any idea?
|
|
|
|
LesliePPrivatePrivate (17 points) Basic Member Posts:7  Send Message: 
10/27/2016 7:53 PM |
|
I have a word document that shows my rules and the conditions I applied. It works for me and I would be happy to share what I used. Using the user group never did work for me.
Contact me at
Lesliep@principle-it.com
|
|
|
|