LAUA Security Condition?

 8 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
This_Guy
Veteran Member
Posts: 93
Veteran Member

    I need to restrict a Security Class: "Volunteer" from accessing any Employee records in HR11 that do not belong to a particular Emp Status and/or Range of Employee Numbers.

    For Example:


    Condition 1:
    When (([FIELD] Employee Status = [VALUE]"ZX"
    And
    [FIELD]Employee Status = [VALUE] "ZC))

    -OR- I've tried the range of Employee Numbers

    When ((Field [EMPLOYEE] > [VALUE] '810000'
    and
    Field [EMPLOYEE] < [VALUE] '840000'))

    It sort of works - with either condition EXCEPT that you can still Inquire, Next, Previous on Employee Records in HR11 that fall outside of those conditions. I.E, I can still see Employee # 359802 on the second condition (above) but cant drill on it, or select any Employee Numbers outside of this condition from the drop-box.

    What am I doing wrong?
     

    MattM
    Veteran Member
    Posts: 82
    Veteran Member
      The above rules look like they are written on the tables only. Have you written rules on the tokens (screens) also? If no restrictions have been placed on the token, the sec class will have full access to all functions on the screen. Writing rules on the file only secures select and drill. If a user hand enters an employee number on the screen, they will still be able to inquire even if the file rules prohibit it. Hope this helps.
      This_Guy
      Veteran Member
      Posts: 93
      Veteran Member

         Don't think I have ever done it the token way ... hmmm? You have an example by chance? Thanks Matt! 

         

         

        MattM
        Veteran Member
        Posts: 82
        Veteran Member
          I think the following expression would accomplish what you are after. I am assuming the employee status is an OR rather than an AND statement as employees can only be assigned one status. The following expression states if the employees status is ZX or ZC and the employee number is between 81000 and 84000, all access otherwise no access.

          form.EMP_EMP_STATUS=='ZX'||form.EMP_EMP_STATUS=='ZC'&&form.EMP_EMPLOYEE>'81000'&&form.EMP_EMPLOYEE<'84000'

          There is also a function that compares a value on a form or in a table to a range specified. The following is an example of that function for the values above on the employee form. This function may be easier to use than creating multiple expressions as above.

          isNumInRange(form.EMP_EMPLOYEE,'81000','84000')

          Although the methods above will work, I would suggest using an element group and an attribute on the Lawson user to perform the security. Using hard coded rules as above, while possibly easier to implement in the outset, are quite a handful to maintain and troubleshoot if issues arise.

          Let me know if I can assist you further.

          Take care,

          Matt
          MattM
          Veteran Member
          Posts: 82
          Veteran Member
            These rules are written on HR11.1
            This_Guy
            Veteran Member
            Posts: 93
            Veteran Member

              I can write these without being on LawsonSecurity? I can see where to apply conditions in LAUA to teh Data File and/or Field from the file, but not the actual form? 

              This_Guy
              Veteran Member
              Posts: 93
              Veteran Member
                We're not on Role Based.
                This_Guy
                Veteran Member
                Posts: 93
                Veteran Member
                  So I can't accomplish this in LAUA???? Is that right??
                  Norm
                  Veteran Member
                  Posts: 40
                  Veteran Member
                    LAUA conditions for record level security are based on allowing viewing of the record when the condition is true. For example, we have a condition in AP against APVENMAST to restrict the viewing of records when they are in two groups. The intent is to RESTRICT if group = EMP or group = INA.

                    However, the condition has to be coded as when to ALLOW, so it looks like

                    group <> EMP AND group <> INA

                    You need to code yours the same way. Be careful about the Boolean logic rules when mixing AND and OR conditions or you may not end up with what you want. I believe that the LAUA condition rulse allow for some grouping within parentheses.