We would like to remove access to the drill around button on a form in portal.  First, is that possible in LS9  We are trying to secure ESS and found an issue where a user was able to get access to other people data by drilling on the employee number.  We are working to close that hole, but it led to a discussion on the possibility of removing their ability to even select drill around.  Can anyone help me with this

We have LS set up to restrict user's access (those who have access to more than just EMSS) based on Process Level using the element group PROCLEVEL.  The problem arises when an employee, who used to be in process level ABC, transfers to a new job and is now in process level DEF.  With this transfer, her access also changes and she is now restricted to process level DEF.  When she goes into ESS to look at her pay checks, her old pay checks are not visible because at the time they were issued, she...

Hello, I have been approached to basically locked down anyone in HR during a certain time once every other week to avoid having any changes occur when payroll is processing. I'm quite new to security using LSF9 and just think there has to be a simple way of doing this. Any ideas anyone

I'm relatively new to LS Security and I'm building a new security class for HR users so that they can only see employees with the same user level. I built a new attribute in RM called 'UserLevel'.  I've read many of the postings regarding LS security so I'm familiar with some of the solutions. I've also read the security manuals too. I built a new ElementGroup called 'COUL' which contains Company and User Level Here is the rule of the element group 'COUL' on the new Security class: if...

We are new to Lawson with a go live date of early July. My question is: What are the default security roles that LS9 provides and are the practical to use for a 3500 employee company, Self Service, HR, Materials, Finance Or, would it be quicker and easier to set up with the Security Accelerator that we could purchase that my trainer in MN told us about, and what roles are included with it We had a crash course of 4 days and it seems that this could take quite a long time to setup and have it w...

Hello, I am trying to figure out how to mass load roles to each ESS users. Going to each user and adding these roles is very time consuming and was in search of finding a faster way of doing this task. Also, is there a way to have roles, prodline, and CheckLS set as a template so when a new user is added, we dont have to bother with adding roles, prodline, checkLS.

I am trying to secure AP90.3 using the following rule: isElementGrpAccessible('EGProcLevelAP','','AP',getDBField('APINVOICE','PROC-LEVEL',form.API_COMPANY,form.API_VOUCHER_NBR)) When I check the log it shows that it is not returning the PROC-LEVEL value: 2011-02-28 15:08:06 com.lawson.lawsec.default.FINEST com.lawson.lawsec.author.runtime.JSRMFactory.getDBField()() input parameters: userId=Jeremy.Test dataSource=INTTEST tableName=APINVOICE fieldName=PROC-LEVEL keys=10, 174785, ...

I am fairly new to Lawson Security and we have received a request to set up an additional level of security in HR11. We would like to be able to set controls at the Company/Accounting Unit level.  We have several companies and within each of those we can have the same Accounting Unit number.  I have not been able to find anything on how to utilize the combination Example: Co 100 AU 4350 Co 300 AU 4350 Co 870 AU 4350 Any suggestions would be appreciated.

I'm creating a new LSF environment and need to dump and load GROUPDATA.  Can someone tell me where are groups stored

I have a requirement where I need to add a new Securable Type within Security Administrator. For example in the ENV profile, I see a Class called TransITools, with rules which secure environment executables such as listed under the System Administration: appinst, autoinst, and so on. I want to add a brand new tree under the Securable Types/Executibles called 'Custom Scripts' for example, along with existing (custom) scripts or html files located on Lawson. Then of course, I want to have the a...

We have some user fields in the Billing and AP modules where staff is entering numeric client ID’s for one of our divisions. Problem is we have run into a data quality issue where users are entering invalid ID’s. I want security to allow form change action only if the user field is blank or if the value in the user field matches a valid client ID.   The data entered into those user fields should match a valid client ID in a custom Lawson table we have created called SCCLIENTS2. The primary key...

I have set up LSF9 security in HR with TRAdmin Role (for Training Administrator) and appropriate security class with restrictions on HR11 (cannot view SSN, pay rate etc). Since I am migrating from LAUA, there is already the existing HR Data and User security set up in HR09, HR10 and HR12. I find that the HR Data security completely overrides the security rules set up in the security class. For instance, if I deny access to view SSN in the security class, but the appropriate security level in HR0...

I need to set up a screen that users can access without logging in. This screen would use data transactions (dme) to display non-confidential information. I am trying to figure out a way to pass in a hard coded user id and password (this would be the same user/password for everyone that accesses the screen) then perform the data transaction. Does anyone know of a way to do this   I have tried using jsp and the lhc.jar but am running into a “HTTP Error 405 - The HTTP verb used to access this ...

I was testing my security set up at my client. I find that I cannot get my field level rules to work on any form. For example, If I want to deny access to Pay rate in HR11.1 or inquiry only access to Vendor Name in AP10.1, the unconditional rule does not work on their server. However, exactly the same rule works in another environment. Has anyone encountered similar issue. Is this a technology patch issue or am I missing something

We are moving from Unix to Windows and am looking for a quick () way to load online/batch users into the gen database (i.e. convert the UID's to NTxxxxxxx).  If anyone can give me some help with this, I would truely appreciate it.

We just discovered that if we give a manager both the MSS and ESS role, they are able to drill back to information on their direct reports that they should not be able to see. Example: With MSS role only, they do not see dependents. When ESS role is added they do even though the EMDEPEND table has this conditional rule on it. if(isElementGrpAccessible('COMPEMP','','HR',lztrim(table.COMPANY),lztrim(table.EMPLOYEE))) { 'ALL_ACCESS,' } else { 'NO_ACCESS,' } Any help you can provide wou...

I have created a new security class to run HR170 for field users.  However, when viewing the report in Print Manager it has the ability to drill around in the information.  I need this ability to be turned off. Does anyone have any suggestions Yes, we are using LSA.

We are having a heck of a time with Security Administrator locking up on a regular basis - like every couple of times we try to change something.  We've been having this issue for some time under LSF 9.0.1.4, but we recently upgraded to LSF 9.0.1.7 and the latest version of SecAdmin and now the problem is even worse. We've contacted Global Support, and didn't get much help. Does anyone have any solutions or suggestions Thanks!

We have a user assigned to a service account which runs recurring 100 level (update) jobs for AP; lets call the service account SERVICEACCT.  Other Lawson users have access to the SERVICEACCT jobs because they are in the same LAUA User Group.  Is there anyway to prevent users who are in the same LAUA User Group as the SERVICEACCT user from recovering update jobs that have gone into needs recover or is my only option removing them from the User Group Your help is greatly appreciated.

Hi, Our Lawson 9 system is LSF 9.0.0.6 and APP 9.0.0.7 on IBM iSeries and the subsystem is LAW9. Now the user ID to run LAW9 system is LAWSON. I would like to change the user ID from LAWSON to LAW9. Would anyone know how to change the user ID which was used to run Law9 sub system Thanks a lot. Huizong

I see the previous thread posted on Company level security, but would like some more clarification/revisit. We have had no luck here trying to get company level security to work, and now we are going to be bringing on another company and trying to fold them into our existing LS security. Although setting up the new company shouldn't be difficult, they shouldn't see anything but themselves...  there will be existing users here that will also need access to the new company.  I'd like to know...

We're planning to upgrade everything from 9.0.0.x to 9.0.1.x. (environment, applications, security, etc.) Are there any tips/tricks anyone who has already made this leap can provide, as it relates to converting Security from 9.0 to 9.0.1 We're on LS9 security, but are not LDAP bound. This too is something we'd like to do, but assume it would be best to do it after the upgrade, not as part of the upgrade. I'm not sure this factors in at all, but we're also upgrading the O/S at the same time t...

Sorry - this is somewhat of a cross-post We would like to limit who can receive in RSS, but allow all RSS users access to the receiving page because of the other imformation provided on that page including PO information. Is PO30 the backoffice form for this  Our RSS security class doesn't have PO30 access, but users are receiving that shouldn't.  Any help would be appreciated. Thanks, Karen

We are on LSF9. We have a section of HR employees who currently have view only access to HR11.1.  I've been asked to provide them with full access to only one tab (Work Tab).  Current HR11.1 conditional rule: if (user.getCompany()==form.EMP_COMPANY)&&(user.getEmployeeId()==form.EMP_EMPLOYEE) then ,-,I,N,P ElseIf     (user.getEmployeeId()!=form.EMP_EMPLOYEE)&&isElementGrpAccessible('PROCLEVEL','','HR',form.EMP_COMPANY,form.EMP_PROCESS_LEVEL) then ',-,G,H,I,M,N,P,T,W,X,Y,Z' else No_Access ...

I was wondering and would like to know how everyone is managing their application/users licenses with Lawson Security 9 Any ideas would really help. Thanks. Neng