We recently went live on LSF9 and 9.0 apps (WIndows/SQL2005). We have done the LDAP bind to AD. We are having an issue with users accounts getting locked in AD. If you look at the event viewer - application logs you see hundreds of error messages. Does anyone have any ideas This is the detail of one user.  Event Type: Error Event Source: LAWSON:prod (LAWSON INSIGHT Environment) Event Category: Environment Event ID: 32783 Date:  6/10/2008 Time:  6:19:31 PM User:  N/A Computer: ESIHM1LW...

We primarily use Process Level Security, in LS, and most of our HR/PR users are limited by a process level, or range of process levels.  In our setup, Process Level is baiscally a company.  We need a way (with one login) to allow an HR user, who is restricted by a process level range, to see limited, specific data on all employees, across all process levels.  We need this in order for HR to view potential transfers, employment history, validate they are current or past employee, somewhere in ...

We are kicking around two different schools of thought as we start the migration from LAUA to Lawson Security.    The first is to take a functional area such as AP and build a single role that gives access to every token, table, etc that anyone in the company could ever have a need for in AP.  From there each person who gets that role would have security overrides for the tokens, tables, etc. that they don’t need.  So in a sense you would take away AP195, AP155, etc until that user had only w...

We have a requirement to change an environment from ldapbind to local password admin.  All of our 9.0.n environments are currently bound to AD for authentication.  If anyone can please offer some advise it would be appreciated.  I can't seem to find any information on switching back. Thanks, Marc

We've been tasked to implement company level security to an already existing LSF9 security setup.  We are taking on a different hospital, and now need their data to be separate from ours. What's the best way to do such a feat  I'd prefer not to have to go into each and every security class and write more rules. Any way to use the CompanyControl attribute of RM to do this  Who's willing to share an example Thanks in advance, -Greg

Hi Gurus! I would like to know where and how should i find all security classes. I need this to create rules. Thnaks

I am trying to delete a profile because is was inadvertently set up a RM instead of ERP. I keep getting the error Profile is currently being used by product lines {1}. Cannot delete. this is on our test box so I am not worried about losing anything. there are no security classes set up for it and the security is turned off on the profile.

Has anyone implemented Lawson Security on their own without the help of consultants  If so, how long did it take you  What was your experience like

Benefits would like to secure HR13 such that the data is visible but only one or two fields will be available for change; no adds and no deletes The active flag is the field in question.   I'm looking for an approach that doesn't require touching all fields if that is possible. On the form, you have to grant update at the token level (HR13.1) right  So, to remove update for all the other fields would require touching all the rest.   Does it work the same at the table level  Do you h...

When I try to add some rules to a security class in Lawson and click Apply, I get the following error message: 'A call to the server has timed out.' How do you fix this error  I have to get out and go back into Lawson Security every time.  Any help would be appreciated.

Has anyone developed an automated process of adding rules to a security class within Lawson Security  If so, how did you do it

When I define unconditional access to a form, HR11.1 for example...  I was expecting the A, C, D buttons to disappear.  Is this not the way that LSF security works I get security violations when I try to do any A, C, or D actions, but the buttons still show. PA16.1 is another example.  Same symptoms.

Is there a way to copy a security class defined in one profile over to a new profile without having to recreate the security class and all of its access

Within Lawson Security, I'm trying to turn on Lawson Security for one particular data source.  The only way to do that is if I change the default level access.  Is this normal or am I forgetting something

We currently have security set up by process level using an element group. Is there a way to add restrictions to specific work states within the process level. Thanks.

Hello, Does anyone know where the Lawson Security User Environment information is stored in LDAP  This is the screen with the user groups, printer groups and product line.  I'm using the Softerra ldapbrowser running Lawson S3 901.

I am trying to add a rule in Lawson Security. I have done this many times. But now I am getting a message which in effect says 'Data area (APP) has been suspended'. It has a lot more Java stuff too. The Lawson KB has an article on it which describes the problem and the cure. Bounce WAS and Lawson. KB Article 5153320. I am happy that the solution is correct, but they give the cause as the result of running a dbreorg while WAS is up. I have tried to reproduce this and cannot. With WAS up and...

To all, I need help understanding / troubleshooting a unique security issue. In our LDAP schema, we've defined a custom attribute named Region.  This attribute is defined as a 15-character string.  The values are limited to the following: CMS-HR Corporate-HR Cypress-HR Manasquan-HR Region-SW Wichita-HR In the Lawson Security Administrator, this Region attribute is then set for each employee in their RM record. We are licensed for Employee Self-Servic...

In an effort to clean up Lawson security, we recently ran a simple flow to delete the OS identity from all 'ESS only' users who had OS identities tied to their RMID's.  Now we are left with over 1,300 orphaned users in delusers. Does anyone know a way to clean out these ophaned records in mass  Manually deleting them via delusers will take forever. And while I'm on the topic, wth good is the ability to delete os identities via resource update node if it leaves orphaned records   Grrrr.....

Is the Lawson Security Element Group Proclevel meant to replace LAUA Data Level security

We upgraded AIX from 5.3 to 6.1 (on our test machine for now...) and nothing else has changed db2 is fine, ldap starts up as well, but lawson won't start.  I've traced it to startlaw, where it is trying to load startlase When I run startlase manually it runs to completion (apparently) saying: lase:  security environment 9.0.1.5.174 2009-08-07 04:00:00 (200910) started. However, when I try to run lase, it says  />startlase lase:  security environment 9.0.1.5.174 2009-08-07 04:00:00 (...

I am looking for some information in Lawson LDAP.  It is the USER_ID field that is present in many of the Lawson Tables, which starts off with the Letter 'NT.'  Where in Lawson LDAP is this stored so I can cross reference this information.  I am sort sort of new to Lawson LDAP.

Can you write LSF rules that restrict what a user can enter into a form field.  Specifically, when creating a requisition in RQ10 and RQC, I have restricted the Requesting Locations that are displayed in the Drill Around. It only displays their assigned locations.  However, the user can manually type in any Requesting Location and order for any location.  Can I restrict what Locations a user can enter or is there some way to have fields validate before the requisition is submitted

We are anticipating the eventual move to LSF 10.  We understand that LAUA goes away.  I have been trying to get this completed before that time.  I have documentation that tell me what I need to have in place, but when I try to enter a batch job from Lawson portal, enter the name - click inquire and I get a message at the bottom that says 'field is required'.  I can't get past this.  In the LSF 9 Security I have the user setup as CheckLS = 'Y', I have Batch role assigned.  The user identity is s...

We have begun planning our security upgrade and were wondering if there is any downside to using a privileged identity for MSS users.  We heard that in doing so that the managers uid would no longer be attached to the action.  Is this true  If so, any recommendations in working around this thank you