Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Securing LS Role Granting/Taking Away
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
195
Members:
0
Total:
195
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Security
Securing LS Role Granting/Taking Away
Please
login
to post a reply.
3 Replies
0
Subscribed to this topic
15 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Roger French
Veteran Member
Posts: 549
6/15/2011 2:48 PM
Greetings:
I'm creating some advanced security roles within LS Security, specifically for other security administrators.
I've successfully secured the granting of specific roles in the ROLE attribute, which means that for users with this role, they cannot see or grant specific roles for other users within those users' security profile.
Example: My advanced security role is called "SpecialAdminRole". I also have a role called "BenAdminRole".
If I give SpecialAdminRole to Joe, then when Joe logs into Sec Admin, he does NOT see or is able to grant the BenAdminRole to another user called Sara. This part works and is OK.
But, now if Sara has already had the BenAdminRole for months, what happens now is that Joe *does* see the BenAdminRole in the list of existing (granted) roles for Sara. And, Joe is able to take away and ungrant the BenAdminRole. This should not be happening. The security works on the granting side but it does not work if I want to ungrant or take away a role.
I've looked at my security set up for the ROLE attribute and it all looks fine, but I did not see anything that pops up.
Does anyone have any idea how to secure roles if the role being secured has already been granted? I'm thinking this is a bug or something else.
Thanks in advance,
Roger
Kwane McNeal
Veteran Member
Posts: 479
6/16/2011 2:46 AM
Roger,
Ok, I really had to think through this, and logically you are right, because Lawson didn't think through this well, but I think technically it *could* be right, but not sure of your exact implementation...
Here's what seems to be happening:
You have rules on ROL objects, restricting what can be seen, presumably disallow if ROL is in my list roles .
That works. The key is, IF a person already has a ROL, your users sees it because what you're seeing is a list of values on an RMA object, not a list of ROL objects.
Get the difference?
I don't know if you wrote an appropriate rule for the Role multivalue RMA for a specific RMO or all RMO's.
======================
NOTE: All *other* LawsonGuru readers:
My apologies for using very technical terms, with little explanation. For this post using the type code for the SecObjects (such as ROL, RMO, and RMA) was needed, instead of the description, because that would have been more confusing.
Legend:
RMO = Resource Manager Object (aka a resource, like an RMID)
RMA = An attribute (like Role or Group) on an RMO
ROL = a Resource manager ROLE
======================
Roger, feel free to call some evening, or send me your rulesets in question, and I'll do what I can to help.
Kwane
Roger French
Veteran Member
Posts: 549
6/16/2011 3:21 PM
Thanks much Kwane,
I did secure at the RMA level the role values like this:
if(Role.ID=='Employee'||Role.ID='SuperAdminRole')
'NO_ACCESS'
else
'ALL_ACCESS'
but for the user, I can still see both roles on the already-granted-side. I don't see them on the left side (to-be-granted).
Roger
Nathan Smith
New Member
Posts: 3
10/14/2011 2:02 PM
Roger, were you able to resolve this issue? We have a subadministrator who should be able to manage the finance roles, but not the HR roles.
Please
login
to post a reply.