Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Securing AR reports by Credit Analyst
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
426
Members:
0
Total:
426
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Security
Securing AR reports by Credit Analyst
Please
login
to post a reply.
9 Replies
1
Subscribed to this topic
15 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Wade-T
Veteran Member
Posts: 54
4/16/2013 11:42 AM
I have a listing of Analyst codes and names on AR06 and would like to keep the AR pieces seperated by these names. I see, for instance, that the AR251 has a selector on the Customer tab for Credit Analyst, and that LSF has a form.ANLYST_NAME object but I am not sure how to write the rule so a user can only see their grouping. Would I assign the rule one time, or on each screenthat contains the Credit Analyst field?
Georgette
Veteran Member
Posts: 52
4/16/2013 3:22 PM
Hi Wade,
What you are referencing above is Data Control based on User Attribute.
Values are assigned to the attributes in each employee's profile in the Security Administrator application. The rules are then written on each form (select user folder) to compare the values in the Lawson tables to the values assigned to the employee's profile attribute.
For example, suppose the CompanyControl attribute is assigned the values 1220 and 4321 to represent companies the employee is allowed to access.
The rule would be written on the form as user.attributeContains('CompanyControl'.form.____).
We don't use AR, but I am assuming you may want to populate the ANALYST_NAME attribute with whatever the value is in the appropriate Lawson tables (analyst code, or whatever). The other thing is make sure the credit analyst field is actually being populated on each form.
Hope this helps.
Georgette
Veteran Member
Posts: 52
4/16/2013 4:43 PM
Sorry, another quick comment. I just noticed your title mentions reports. The above will not secure the report data, it will only determine who can run the reports.
A way around this is to publish the AR reports in LBI and use the bursting tool to distribute the reports to the various analysts. Make sure drill around is also secured which is another layer.
Wade-T
Veteran Member
Posts: 54
4/16/2013 4:56 PM
Thanks for the info. We do not have LBI at this time, just a very basic HR/Financials install using the Portal. The one user we are trying to lock down is also tied to one process level. I attempted to secure him to only that process level witht he following, but it didn't seem to work.
if(SystemCode=='AR'&&((COMPANY==1999&&PROCESS_LEVEL>=650000&&PROCESS_LEVEL<=650999)))
'ALL_ACCESS,'
elseif(SystemCode!='AR')
'ALL_ACCESS,'
else
'NO_ACCESS,'
Georgette
Veteran Member
Posts: 52
4/16/2013 5:50 PM
Additional attributes to People Object in RM are available in versions 9.0.0.6, 9.0.1.3 and higher. Such as CompanyControl, AccountingUnitControl, etc. Or you can create your own using the schema editor.
I am assuming you assigned the user these values in the appropriate attributes on his/her profile on the Security Administrator. CompanyControl should be assigned 1999 and UserProcessLevell has the range of values you mentioned.
I am not familiar with the AR tables so I don't know which forms you need to secure the Company and Process Levels with. You can use two different security classes, one to secure the AR files and the other to secure the forms.
First secure the tables (files) with an ARFileAccess security class that grants all access to all AR tables. This security class will be assigned to the credit analyst role.
Then to secure the AR forms create another security class (or create an ARFileAccessLimited security class that grants all access to AR system code and then limits the forms),
Go to each form and place the rules (select the user folder) --
If(user.getAttribute(‘CompanyControl’) == form.______
&&
user.isAttributeInRange(‘UserProcessLevel’) == form.______)
then Grant All Access
else no Access
Hope this helps!
Georgette
Veteran Member
Posts: 52
4/16/2013 5:58 PM
for example for PA42.1, the form name would be
==form.PJR_PROCESS_LEVEL
Georgette
Veteran Member
Posts: 52
4/16/2013 6:02 PM
i realize it is a pain to go to every single form, but you have to secure the form AND the drill around. No easy way around it.
Greg Moeller
Veteran Member
Posts: 1498
4/16/2013 6:12 PM
Unless you are just concerned about company control, then there's a (relatively) simple solution to it.
Create a rule against Object Type of Element.
user.attributeContains('CompanyControl',lztrim(COMPANY)))
'ALL_ACCESS,'
else
'NO_ACCESS,'
I see Process-Level in the Element list as well... perhaps it could be expanded to secure by process level as well? Unsure.
Greg Moeller
Veteran Member
Posts: 1498
4/16/2013 6:17 PM
Assign this security class to a role and every form/table seems to follow it.
We don't have this implemented yet in production, but in test, it seems to work just fine.
Georgette
Veteran Member
Posts: 52
4/17/2013 11:23 AM
Hi Wade,
I was looking at your code again and have a suggestion. I learned best practice is to create different security classes for each system code. Such as ARFileAccess for all of the AR tables, HRFileAccess, GLFileAccess, etc. Each of these security classes are assigned to the role. Give access to all tables that fall in each system code. For the one credit analyst, create an ARFileLimited security class and apply either the ANALYST_NAME or PROCESS_LEVEL user rule to each form that needs the data limited.
Again, the values need to be in the employee's profile attribute to use as a compare to either the form value or the file value.
Please
login
to post a reply.