Has anyone found a way to mass delete users in LSF 9 - kinda the reverse of loadusers Our migration of users from 8.0 to LSF9 was a total mess. I'd like to basically start over for about 90 of our users. I've got the loaduser xml ready but I know it will fail because the existing users are tied to the SSOP identities that I'll be trying to load - hence I need to delete all the existing RMIDs. Any methods other than manually doing all 5500 one-by-one

We are implementing LSF9 security with the goal to have one user id for each employee.  If an employee has application access then through portal they will have a search box.  We are attempting to limit access to HR/PR and remove drill around access.  I have gotten this to work with the exception of the Wage Analysis drill around.  I have placed conditional security on the Employee table as a whole and have deny all access to all the salary fields and the Wage Anaylsis still appears.  Is it poss...

This one is a stumper for me, hoping someone else has seen this. For any of our LSF9 users, any time they go to AC10.1, they receive the following error:  com.lawson.ios.agent.SystemRuntimeException: 2009-07-22 09:18:27 : INCIDENT_ID1248275907899-0009 An error occurred outside of IOS while accessing Lawson Security  at com.lawson.ios.security.ls.LsSecurityRuntime.isTokenSecured(LsSecurityRuntime.java:803) This is just going to the program, not on inquire or anything else, just simply ...

We have a couple of domain controllers and Lawson isbound to one of them. This controller keeps failing and crashing and needs to be replaced.  I asked Lawson where thedocumentation was for changing my LDAPbind and they stated I needed to contact Professional services. How difficult is it to do Do I really need to spend $2**/hr with them WouldI be better off with someone like Ciber or Absolute (not a partner, but half the price and no issues when we used them in the past. Go Todd!) Two crash...

I created a  security class and use the element group(which was delivered by Lawson) to control data security globally for all forms and files from Roles assgined to the user.  It is like this: PrimaryDataControl Class: Element groups - PROCLEVEL (Lawson delivered) if(user.attributeContains('PrimaryLevel',PROCESS_LEVEL))    'ALL_ACCESS,' else    if(user.attributeContains('PrimaryLevel',subString(PROCESS_LEVEL,0,3)))    'ALL_ACCESS,' else    'NO_ACCESS,' (--> 'PrimaryLevel' is the attri...

To all, Has anyone run into this error I have a simple rule to match the employee number on the screen with the employee number in their Identity using getEmployeeId(), but Inquiry in the screen returns a security violation, and puts this into the lase_server log file: 2010-10-05 09:34:33 com.lawson.lawsec.default.FINEST com.lawson.lawsec.author.runtime.JSUser.getEmployeeId()() function return empty string Any thoughts or suggestions are much appreciated! Best regards, Dave (303) 773-353...

Is there a way to get by systemcode , the ids attached, their security class and the actions for every form in Lawson under the system code as a report. Has anyone been able to write or get a custom report and are willing to share

I am trying to use a Process Level Security class to globally secure data by process level.  The formula I have written verifies in the build screens but when I apply the security class against the user I am unable to select any records on the HR11 when in fact I should have about 250 records to choose from.  I using the RM attribute, ProcessLevelControl (lawson delivered, as multi-attribute).  Below is the formula, if((SystemCode=='HR'||'PR'||'BN'||'PA'||'LP')&&(COMPANY==user.getCompany())&&(P...

We are not going to the new LSF 9 security until next year.  If anyone can remember LAUA security, we are trying to prevent a payroll clerk entering timerecords on PR36 fromchanging their own timerecords.    Has anyone done this (in the past) and can you remember what you did

I have implemented Role Based Security (Check LS = Y) for our MSS/ES users combining the funtionality of both. However, when a user with both roles tries to go thru Benefits Open Enrollment they are receiving the 'Security Violation' message... I can't figure out. I have granted access to BN tables i thought would fix it... Any ideas which forms/tables need to be included to go thru the Open Enrollment

We have been able to secure LSF9 using the element groups using either process-level or sec-location but not both; roughly what we're looking to do is ((process-level = 'X' and sec-location = 'Y') OR (process-level = 'Z')). Is that even possible using element groups Thanks.

I want to write a rule in Security Administrator which compares the current system date to the HIRE DATE  from 'EMPLOYEE' table. I've tried various combinations of the rule functions but cannot get it. I know that the system date is stored in one format and the stored dates within the tables is in another format. Does anyone have any example of a rule they have used to write to compare the system date to a stored date (within any table)  T Thank you , Thomas

We can add new user in user group definition manually using usergrpdef command. Does anyone know how can we add user programmatically in user group definition either through command line or through process flow

I'm using this code to try to get the job class and it's not working.  Do I have the right syntax for the related field  Do I have to do 2 nested queries to achieve this if(trim(getDBField('EMPLOYEE','JOB-CODE.JOB-CLASS',form.REV_COMPANY,form.REV_EMPLOYEE))=='DIR')    'NO_ACCESS,' else    'ALL_ACCESS,'

We need to clean up(delete) a large number of users with a Requester Identity and am looking for a simple, one time method of removal.  I do not want to delete the user, just the Identity.  Any advice on this topic would be appreciated.

We used to have only one person taking care of Asset Management. Recently, we assign 2 people to process the AM and want to setup the data security, so that users can only access their own data.  I wonder if AM has similar process levels to limit users to access data  For example AM20, AM30, AM40, users can only add, transfer or dispose an asset in their own book (defined in the AM00).  Do I need to find out which field I need to secure in AM20, 30 and 40  How do you implement the AM security ...

Does anyone know how to restrict access to the Archive Audit button on the Audit  Logging page in Security Administrator We have a sub-admin role that we created and restricts them from everything but creating/modifying users, but they still have access to archive the auditing. I need to restrict them from having access to this function but I am unable to find any securable object to remove their access away from. The role has inquiry access to the Server page only and this still allows the...

Our users currently have a numbered RM account and a named RM account, we are ready to move to the numbered account only so we need to add their named RM info to their numbered account, items such as groups, roles, change to checkLS yes, email, portalrole, workflow user if they are an WF approver, and also created their requester identity, they already have an employee identity.  I have modified the ldusers.pl addiding the fields I need and the requester identity.  I am receiving lots of errors ...

We are looking at implementing a solution for our LDAP that will failover or have a load balancer in place to avoid a single point of failure with 1 LDAP server. Is anyone using a failover solution or load balancer How is it working for you and is there any issues that you ran into with setting this up

We created a CLASSDATASTRUCTURE to defice HR regions, then created the attribute 'Region' to assign to users.  Then we used 'PROCLEVEL' to define a conditional rule if(isStructNodeTitleAbove('ClassDataStructure',PROCESS_LEVEL,user.getAttribute('Region')))    'ALL_ACCESS,' else    'NO_ACCESS,' yet in testing, they are getting full access to all the regions not what is defined in their attribute.  ANy advise would be greatly appreciated

We have implemented Lawson HR/Payroll/TA and are using LS9 security. What is the easiest way to implement view only access to all the screens for audit purposes. I am trying to figure out a quick way to do this without have to create a security class for all the screens. Thanks, Usha

We have a strange issue occuring in production.  Our payroll users reported security violations when attempting to view alternative rates (HR14.1) from the HR11 screen.  The same users reported that some of the team members can run PR260 other team members with an identical security role recieve a security violation. Strange!  The lawson security object and user object report shows that the payroll team should have access to HR14 and PR260. It could be coincidence but I ran an ioscache refres...

Hi, all! We have a need to create sub-administrators to just have limited access to LSA.  Both the class that I took and the manuals mention creating sub-administrators, but neither of them go into ANY detail about doing so. I'm mostly interested to create sub administrators to assign groups and roles to already created users.  That is it!  Can anyone point me in the general correct direction Thanks in advance, -Greg

We are running in windows and using ADAM as our ldap and I need to copy all the users from my existing production environment of 9.0.0.8 to our new 9.0.1.7 environment. Does anyone know how this can be accomplished The new 9.0.1 environment is on 2008 server with ADLDS and the old 9.0.0.8 environment is on 2003 server with MSADAM. I have over 1100 users and we can not just recreate all of them in the new environment. Any help you can provide would be great.

In LAUA we use the Data Level Security (Company and Process Level) to specify Company ranges and Accounting Unit ranges for Financials security.  It works great.  Now, I need to duplicate this setup in LS.  According to Lawson, the only way to secure FB40.1 (Budget Journal Entry) to a specific Company and AcctUnit is to apply conditional statements to the form detail line fields. Element Groups only validate the first line and invalidate Next or Previous actions if the first line fails.  Ele...