I can see why the UserName==user.getHostServiceId() would work but, don't see how isMemberOf('payroll',UserName) would work. For the group piece, would
user.attributeContains('Group','payroll') work?

if(UserName==user.getHostServiceId()||isMemberOf('payroll',UserName))
'ALL_ACCESS,'
else
'NO_ACCESS,'

What is your intention for that rule?

That rule was from a consultant. And was written on the UserName Element in GEN.

The intention was to allow the user to see people in their group.

Well, then that rule should work for you. It's probably that you have another rule which is conflicting and has greater access.

No it's not that......

You need to write the rule in a few places. A few tips:
1) GEN rules apply to GEN objects...ONLY
2) There are TWO UserName ELEMENTS, one in GEN and one in the Productline. You have to have rules in BOTH places
3) There are SIGNIFICANT bugs with the rules engine for this exact issue. Your ESP level matters here.
4) Print Files cannot be secured in and of themselves

With that said, it can be done, in *certain* ESPs.

Give me a call, and I will help where I can,
Kwane
954.547.7210

Thread... rise from your grave!

I'm running into the exact same scenario here. I'm not so much concerned with securing individual print files, but I do need to grant the ability for users to view the print managers of people who are in the same group as they are.

I tried borrowing the conditional rule from above (using my own group name of course):

isMemberOf('payroll',UserName)

But I'm not getting anywhere with it. I've tried with various other conditional statements without success.

Did you ever get anywhere with this effort? Any help would be much appreciated! For reference sake, we're on Version 9.0.1.2.102 2008-02-20 04:00:00.

I am very curious about how this ended up working out as well.... Our Lawson consultant can't get it to work either using :

if(user.getUserName()==UserName)
'ALL_ACCESS,'
elseif(user.isMemberOf('PrintMgrPR2Group'))
'ALL_ACCESS,'
else
'NO_ACCESS,'

I realize it's almost two years later, but has anyone been able to get this to work? We're still trying without success to grant access to jobs and reports to a group of users.

Finally figured it out. In Windows (where username is the NT#) and in UNIX or IBM i when the RMID is not the same as the OS ID (as in our case), all the functions that evaluate group participation do not work. See KB #5427427.) The alternative solution is to create a structure in RM.

Help Please.  We have been with Lawson for 2 years now and we need to put into place security around the Printer Manager and user changed the User name field to see reports.  Now that Payroll is part of the equation, what can we do to stop this.  A previous comment mentioned KB #5427427, and I wasn't able to find anything.

Have you looked at KB 1208815 - "How do I secure users so they can see only their own jobs and/or print files in the job scheduler and print manager".  This one also discusses env release levels.

A couple of thoughts with KB 1208815 . . .

First, here is the essential part of that KB:
Assign each user an environment user group that contains ALL users (example: the ALL user group). This can be done within the laua user profile OR in the Lawson Security Administrator, User Maintenance under Edit Lawson Environment Information.

Dave's note: you will probably need to first add the user through the usergrpdef command in LID. Then the system will let you attach them to the ALL user group.

In Lawson Security, under the GEN profile, create a security class with a conditional rule on the USERNAME Element as follows:
if(user.getUserName()==UserName)
'ALL_ACCESS,'
else
'NO_ACCESS,'

Make sure the security class is assigned to a valid security role that is assigned to the user.

Dave's note: attach that rule to the BatchRole, and everyone who sees batch jobs will be secured by it!

Regards,
Dave
(303) 773-3535

I have tried this and it does restrict users from seeing others print files, but I have found it also restricted the user from submitting any batch jobs.

 

Anyone have any idea?

I have a word document that shows my rules and the conditions I applied. It works for me and I would be happy to share what I used. Using the user group never did work for me.

Contact me at

Lesliep@principle-it.com