Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
User Experience
Lawson Portal
MSS Drill Down Security
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
437
Members:
0
Total:
437
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
User Experience
Lawson Portal
MSS Drill Down Security
Please
login
to post a reply.
4 Replies
0
Subscribed to this topic
13 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Kevin H
New Member
Posts: 2
4/23/2010 3:34 PM
I have an issue with MSS drill down security and it's effect on ESS. LAUA is being used until LSF is rolled out in a later phase.
The business wants to restrict drill security for direct reports. They want to hide benefit, deduction and certain employee information. In LAUA, I have used file and field security to restrict the data on the security class. Those changes make MSS work exactly how I want it to.
The problem is with ESS. The security restrictions also keeps the employee from keeping their own information as well.
I asked Lawson Support and they said to use a condition to correct the issue. This option will make maintenance a nightmare and director level employees will still see the information to their manager direct reports.
Has anyone else dealt with this problem?
Thx in advance.
Shane Jones
Veteran Member
Posts: 460
4/24/2010 1:47 AM
This is an issue that many of us have... This was going to be resolved with LSA but it does not resolve the issue in LID. If you setup the conditional security in LSA you can apparently make this work as long as users will only be using ESS/MSS/Portal - Not LID.
We are still using LAUA and have dual accounts for security - oone account for HR access and one for personal access. It is a bit messy but it has worked.
I got a proposal to setup LSA with conditional security and was told that the high price was primarily because of the conditional security.
Kevin H
New Member
Posts: 2
5/3/2010 12:40 PM
Thanks for the reply Shane. I don't think the business will go for it but at least I can give an option.
Shane Jones
Veteran Member
Posts: 460
5/4/2010 11:50 AM
Kevin,
I just tried to setup Lawson Security on our TEST box and have had some success with my own conditional access settings.
Since you can use both LAUA and Lawson Security on the same system you might want to think about using LAUA for HR/PAYROLL/BENEFITS/FINANCE users and then use Lawson Security for the EMSS users. (At least until you can move everyone to Lawson Security... LAUA will keep you from doing what you need.) Setting up Lawson Security is not a small thing - but I just setup my first account to use Lawson Security and it appears to have fixed the issue - as long as the user does not intend on using LID. (It took about 4-6 hours to setup my first role using conditional security access.)
The conditional setup was rather easy because it has an expression builder. You just say they can access if the form and user have the same company and employee numbers otherwise no access.
Hope this is helpful.
Fernando Labrada
Basic Member
Posts: 14
5/4/2010 2:22 PM
If you write the rules to the tables so that they can only be accessed by the user tied to the PDL_EMPLOYEE identity (where PDL is the product line) in the ESS class, then the user will be able to see their own data as intended in ESS but the managers will not.
So, for instance, the BENEFIT table would be secured in the ESS class with something like:
if(isElementGrpAccessible('COMPEMP','','HR',lztrim(table.COMPANY),lztrim(table.EMPLOYEE))){'ALL_ACCESS,'}else{'NO_ACCESS,'}
Where COMPEMP is an element group containing the elements COMPANY and EMPLOYEE and is restricted to the contents of the PDL_EMPLOYEE identity in RM with an element group rule like:
if(user.getCompany()==lztrim(COMPANY)&&user.getEmployeeId()==lztrim(EMPLOYEE)) {'ALL_ACCESS,'}else{'NO_ACCESS,'}
So that a user that drills into the BENEFITS table will only be able to see their own records and a manager will see nothing.
You will need these types of rules for every table you need to secure. It is a bit of work up front but once it is set up, it does not require much maintenance.
Please
login
to post a reply.