Prev
Next
Forums Infor / Lawson Platforms S3 Security

RM Viewing Role

 4 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
trueblueg8tor
Advanced Member
Posts: 41
Advanced Member
9/3/2008 2:18 PM

    I'm trying to create a role for Viewing RM only. I created a Role called "RmView" and security class called "RMView". In the security class, I granted unconditional "Inquire" access to everything. Even after I attach the security class to the role and the role to the user I'm unable to log into Lawson Security Administrator. How can I test my role with giving "SuperAdminRole"?

    Kwane McNeal
    Veteran Member
    Posts: 479
    Veteran Member
    9/3/2008 2:41 PM
      When you say Inquire for everything, what does that mean? All Objects of type "Type", or did you go into the RMO/RMA objects?

      Also, Lawson Security Administrator Access is controlled by the ADM profile, NOT the RM profile. You'll need a class defined from BOTH Profiles placed into the ROLE.

      ADM LS SecClass needs to give you access to the lase Security Service structures to get at the RM, and the RM LS SecClass needs to control what you can see or do.

      If you have any questions, feel free to call.

      Kwane
      954.547.7210
      trueblueg8tor
      Advanced Member
      Posts: 41
      Advanced Member
      9/3/2008 4:05 PM

        Thanks I'll give it shot!

         

        Mike Flynn
        Basic Member
        Posts: 5
        Basic Member
        10/15/2008 11:42 AM
          I have created something very similar but am unable to figure out how to lock down the 'manage identities' information. I have everything else locked down to inquire only but they can still go into "manage identities" and change passwords. Anyone know how to secure that piece?
          Leonard Courchaine
          Veteran Member
          Posts: 55
          Veteran Member
          12/4/2014 5:57 PM
            Kwane,
            I'd greatly appreciate your clarification on something you wrote. This statement that you made (several years ago) was:
            "ADM LS SecClass needs to give you access to the lase Security Service structures to get at the RM, and the RM LS SecClass needs to control what you can see or do."

            What do you mean by giving "access to the lase Security Service?" In other words, which rules are required for that access?? I've opened up just about all objects in both the RM and ADM profiles yet I'm still seeing the "Administrator is not authorized - Access Denied" error when I attempt to login to LSA and am attached to my new role.
            Thanks so much!
            Lenny