RSS and restrictions

 29 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Page 1 of 212 > >>
Author
Messages
Greg Moeller
Veteran Member
Posts: 1498
Veteran Member
    I'm just relatively OK with this new Lawson security product. I've tried rules like:

    On the POR-PO-NUMBER field in PO30.1
    if(trim(getDBField('POLINESRC','REQUESTER',form.POR_COMPANY,form.POR_PO_NUMBER))==user.getRequesterId())
    'ALL_ACCESS,'
    else
    'NO_ACCESS'

    But it never seems to take effect. What am I missing here? Is there a better way to do it?

    I know I also have to limit the drills, but wanted to get the form portion of this working first.

    Thanks in advance for any help that you may offer.
    -Greg

    John Henley
    Posts: 3353
      Try putting a trim() around user.getRequesterId(). I would also recommend moving this to the form itself rather than the POR-PO-NUMBER field.
      Thanks for using the LawsonGuru.com forums!
      John
      Greg Moeller
      Veteran Member
      Posts: 1498
      Veteran Member
        John/others: I've tried that as well (the trim around user.get...) I think I had tried it on the form itself, but was getting other strange errors. Maybe I need to try again?
        And maybe this should be in the security forum?
        Greg Moeller
        Veteran Member
        Posts: 1498
        Veteran Member
          OK... just tried it on the form itself. Waiting for the reload time to the server, and then I'll test. Will update you more when I know more.
          Greg Moeller
          Veteran Member
          Posts: 1498
          Veteran Member
            Is it possible that the attached screen shot is just a web-page-generated one, that would require customizations to a javascript, or other to enable this feature?

            Whooops..... I don't have an attachment button here??
            John Henley
            Posts: 3353
              Thanks for noticing that I didn't have attachments enabled.
              Thanks for using the LawsonGuru.com forums!
              John
              John Henley
              Posts: 3353
                Moved to S3 security forum.
                Thanks for using the LawsonGuru.com forums!
                John
                Greg Moeller
                Veteran Member
                Posts: 1498
                Veteran Member
                  Is it possible that the attached screen is a javascript screen and not "actually" PO30.1 controlled?
                  Attachments
                  John Henley
                  Posts: 3353
                    Now I understand why you're so frustrated
                    RSS uses a combination of javascript/XML/XSL that calls Data/DME and AGS/Transaction. This particular screen is using Data, and probably pulling from the PURCHORDER table I guess. There is a tracing/debug function in RSS/RQC that you enable by appending &DEBUG=TRUE to the RSS URL (or pressing Ctrl+Shift+T), and it will show the calls as they are made.
                    Thanks for using the LawsonGuru.com forums!
                    John
                    Greg Moeller
                    Veteran Member
                    Posts: 1498
                    Veteran Member
                      So, if I understand what you are saying, John is that this is NOT LSF security controlled. Correct?
                      And I'm sure if we'd like it modified, it would be billable and customized. We have a group of users here that should see everything, and a group of users that should ONLY see their "stuff".
                      John Henley
                      Posts: 3353
                        Posted By Greg Moeller on 09/13/2011 04:52 PM
                        So, if I understand what you are saying, John is that this is NOT LSF security controlled. Correct?
                        And I'm sure if we'd like it modified, it would be billable and customized. We have a group of users here that should see everything, and a group of users that should ONLY see their "stuff".

                        It is under LSF control.  It's a mix of putting rules on the tables to control drill around, select lists, etc. as well as rules on the forms (e.g. RQ10) to control transactions (i.e. if a user enters directly without a select list).  It can ALL be done with security rules (I know because I've done it).  
                        Thanks for using the LawsonGuru.com forums!
                        John
                        Greg Moeller
                        Veteran Member
                        Posts: 1498
                        Veteran Member
                          OK, John. I'm sorry if I seem short with anyone... it's been an extremely LONG month for me already.
                          I'll just have to try more rule-writing. Thanks for all of your help so far! I'm sure I'll be asking for more.
                          Greg Moeller
                          Veteran Member
                          Posts: 1498
                          Veteran Member
                            All:
                            Sorry if I seem to be beating a dead horse here... I got the security restriction to work by restricting the LOCATION = Requester ID, but am now told that will not work for us here. So I'm back to trying to make RequesterID=Requester on the PO. Just can't seem to get the rule correct.
                            I've got the rule set on the PO-NUMBER field of the PURCHORDER table... like this:
                            trim(user.getRequesterId())==trim(getDBField('POLINESRC','REQUESTER','COMPANY','PO-NUMBER'))
                            What am I doing wrong, or missing here?
                            Greg Moeller
                            Veteran Member
                            Posts: 1498
                            Veteran Member
                              Question: Am I using the key fields correctly in my rule (10/18/2011 @ 8:51 AM)?
                              John Henley
                              Posts: 3353
                                No, when using getDBField, you need to pass in the key values for the primary index. Are you trying to get the requester for the purchase order?
                                Thanks for using the LawsonGuru.com forums!
                                John
                                Greg Moeller
                                Veteran Member
                                Posts: 1498
                                Veteran Member
                                  Yes, John. Trying to match the requester id to the requester on the PO.
                                  Greg Moeller
                                  Veteran Member
                                  Posts: 1498
                                  Veteran Member
                                    How would I write the rule correctly?
                                    John Henley
                                    Posts: 3353
                                      Let's go back a step. What object are you trying to secure -- PO20 ?
                                      Thanks for using the LawsonGuru.com forums!
                                      John
                                      Greg Moeller
                                      Veteran Member
                                      Posts: 1498
                                      Veteran Member
                                        no, actually that screen that I uploaded earlier... from Fiddler, I got that it was accessing the PURCHORDER table... So, I'm trying to write the rule on the PO-NUMBER field.
                                        John Henley
                                        Posts: 3353
                                          Well, that could be a problem, depending on how requisitions are entered and POs are generated. The *easy* thing to do would be to look at the "default" requester (PCR-DFLT-REQUESTER) on the PO, since you already have PURCHORDER record. However, be aware that it's on the default requester. So scenarios could exist with multiple requisitions/reqlines result in a single PO, in which case you'd need to look at each POLINE one the PURCHORDER record, then POLINESRC, which has the REQUESTER field. So, I'd start simple and see if you can assume one req to one PO (I think that was one of the changes in RSS->RQC), and in that case you can just look at the PCR-DFLT-REQUESTER on the PURCHORDER record.
                                          Thanks for using the LawsonGuru.com forums!
                                          John
                                          John Henley
                                          Posts: 3353
                                            Which means that on the PURCHORDER table, your rule is simply:
                                            if(trim(user.getRequesterId())==trim(table.DFLT-REQUESTER))
                                            'ALL_ACCESS,'
                                            else
                                            'NO_ACCESS'
                                            Thanks for using the LawsonGuru.com forums!
                                            John
                                            Greg Moeller
                                            Veteran Member
                                            Posts: 1498
                                            Veteran Member
                                              I'll see if that will work for our users. I've already asked the 'can we assume...' question. Haven't heard anything back yet. Thanks as always!!
                                              Greg Moeller
                                              Veteran Member
                                              Posts: 1498
                                              Veteran Member
                                                Our Lawson is set to combine reqs to PO's to cut down on the number of PO's processed so if they have the same ship to vendor and purchase from there would be multiple reqs and requesters on some PO's. -- on the multiple requesters PO's, you can't see them with just the DFLT-REQUESTER rule in place.
                                                Greg Moeller
                                                Veteran Member
                                                Posts: 1498
                                                Veteran Member
                                                  I'm not sure if we "need" to see those PO's or not. My "guess" is that the users will want to see those PO's as well. I think I'll need more help in rule-writing.
                                                  Greg Moeller
                                                  Veteran Member
                                                  Posts: 1498
                                                  Veteran Member
                                                    Would it be easier to just have whomever is logged in see everything in that initial Receiving screen, but only be allowed to receive their own stuff?

                                                    So, would that then be PO30 that I'd need to secure?
                                                    Page 1 of 212 > >>