Prev
Next
Forums Infor / Lawson Platforms Lawson Landmark

Landmark security class

 5 Replies
 2 Subscribed to this topic
 32 Subscribed to this forum
Sort:
Author
Messages
Jay2
Veteran Member
Posts: 84
Veteran Member
12/5/2016 3:47 PM

    We have noticed some changes have happened in the security class InbasketUser_ST which has caused issues with users having access to certain businessclasses.

    The two that have come to our attention so far are as follows:
    Previous rules:

     PfiWorkunitFolder BusinessClass
    is accessible
    for all creates, all inquiries
    unconditionally

    PfiWorkunit BusinessClass
    is accessible
    for all creates, all inquiries
    unconditionally


    Changed to:

     PfiWorkunitFolder BusinessClass
    is accessible
    for all creates, all inquiries
    when (actor = AttachBy or (PfiWorkunit.PfiQueueTaskRel exists and PfiWorkunit.PfiQueueTaskRel.ActorHasInbasketAccess))

    PfiWorkunit BusinessClass
    is accessible
    for all inquiries
    when (actor = Actor or (PfiQueueTaskRel exists and PfiQueueTaskRel.ActorHasInbasketAccess))


    I am trying to understand how these new conditions work .

    Woozy
    Veteran Member
    Posts: 709
    Veteran Member
    12/5/2016 4:05 PM
      Hi Jay2,

      What this appears to be saying is:

      - Users have Inquire and Create access to PfiWorkunitFolder but only if they "own" the PfiWorkUnitFolder (actor = AttachBy; i.e. they are the actor that created it) OR if they are assigned a task relating to that WorkUnit (PfiWorkunit.PfiQueueTaskRel exists) and have Inbasket Access to that task (PfiWorkunit.PfiQueueTaskRel.ActorHasInbasketAccess).

      - Users have Inquire-only access to PfiWorkUnit if they created the PfiWorkUnit (actor = Actor; current actor is the Actor who created the PfiWorkunit) OR if they are assigned a task relating to that WorkUnit and have Inbasket Access to that task.

      I hope this helps.
      Kelly
      Kelly Meade
      J. R. Simplot Company
      Boise, ID
      Woozy
      Veteran Member
      Posts: 709
      Veteran Member
      12/5/2016 4:13 PM
        By the way, I don't seem to have PfiQueueTaskRel.ActorHasInbasketAccess on my system, so I can't tell you what it means. You must be on a later version of apps than I am. Sorry!

        If you have someone in your organization that has Application Configuration access to Config Console, they should be able to look up the logic for that field.
        Kelly Meade
        J. R. Simplot Company
        Boise, ID
        Jay2
        Veteran Member
        Posts: 84
        Veteran Member
        12/5/2016 6:11 PM
          Thanks Woozy

          That is very helpful and more than the Infor analyst could give me. I will work from there. I just need to find a way to verify this information.

          I think what it is going to come down to is to revert the rules back to the orignals.
          Woozy
          Veteran Member
          Posts: 709
          Veteran Member
          12/5/2016 6:28 PM
            I hope you are able to figure it out.

            For what it's worth, since this is a *_ST security class (meaning it is a standard delivered class), I'm guessing you can't modify it. You'll probably have to clone it, modify the clone, and then change the security role to use the cloned security class instead of the original.

            I imagine you already know this, but just in case someone else wanders across this post.

            Good Luck!
            Kelly
            Kelly Meade
            J. R. Simplot Company
            Boise, ID
            Jay2
            Veteran Member
            Posts: 84
            Veteran Member
            1/27/2017 7:04 PM
              I just found out that this has been fixed in a later version.

              I am running 10.0.1.39