• Search Forums
    Advanced Search Topics Posts
Prev
Next
Forums Infor / Lawson Platforms S3 Security

Securing based on Process Level

 8 Replies
 0 Subscribed to this topic
 16 Subscribed to this forum
Sort:
Author
Messages
Shari
Veteran Member Send Private Message
Posts: 78
Veteran Member
8/7/2007 7:03 PM
We have a new position that needs inquiry access to HR11 but only for those employees within the same process level. For example:

John Doe is in PLevel 001 - should only be able to see employees in his PLevel=001
Jane Doe is in PLevel 002 - should only be able to see employees in her PLevel=002

Has anyone found a fairly simple way to accomplish this?

Thanks!

-Shari
John Henley
Send Private Message
Posts: 3351
8/7/2007 7:28 PM
Shari, that can be done via LAUA data security...
Thanks for using the LawsonGuru.com forums!
John
Shari
Veteran Member Send Private Message
Posts: 78
Veteran Member
8/7/2007 7:32 PM
Ok, I should have mentioned - we are using Lawson Security for all of our end users. The only users that use LAUA are Lawson Administrators (myself and one other person). Is there a relatively simple way to do this using Lawson Security (I've written conditional rules on other security issue...)?
John Henley
Send Private Message
Posts: 3351
8/7/2007 11:33 PM
You would need to write rules using the PROCLEVEL emp group. There are some examples of this (unfortunately there for AP not HR) in the 'Implementing Lawson Security' documentation...
Thanks for using the LawsonGuru.com forums!
John
Shari
Veteran Member Send Private Message
Posts: 78
Veteran Member
8/9/2007 12:35 PM
Thanks, John. I took a look at the documentation and I can see that I need to hard-code a process level. I'm trying to think if there is any way I can make this dynamic...

Here is our situation...We have about 18 process levels (representing 18 different retirement communities). There are one or two employees that would need this security role to them per community. Ideally, I would like to write a rule that dynamically gives an employee has access to their own process level assigned on their HR11 record. Is that possible?

From reading the documentation - sounds like I would either need to create 18 different security classes and roles...or I'm thinking, would a custom attribute in their LS record work?

-Shari
MattM
Veteran Member Send Private Message
Posts: 82
Veteran Member
7/1/2008 2:48 PM

You could use a custom attribute or write a rule on the element group that looks at the users process level in their employee record.

Shari
Veteran Member Send Private Message
Posts: 78
Veteran Member
7/1/2008 2:54 PM

We ended up created a custom attribute using the RM Schema editor.  Because we use LDAP (ADAM) I couldn't even think of a way to look up someone's employee record based because LS sits outside of Lawson.  How would that even be done?  Just curious....Thanks.

-Shari

MattM
Veteran Member Send Private Message
Posts: 82
Veteran Member
7/1/2008 3:01 PM
The process level for a user contained within their HR11 record is stored in the EMPLOYEE table and could be found using a getdbfield function if I understand what were trying to do.
klive
Veteran Member Send Private Message
Posts: 40
Veteran Member
7/1/2008 5:48 PM
you could go to the form, in this case hr11.1 and write a rule there that looked in the employee table at the proc_level and then compared it to what was on the form...or you could write a rule that said if user is then only grant access to the suggested Proc_level...we actually created the unique attribute and used the group element rule to accomplish the task...