I have to restrict access to a group of users to PR51 by their Process Level. I wrote a rule using PAYMSTR table since I cannot do any thing on the onine object PR51 as the form.Process Level is not available. The rule is, if the table.Process_level =='HR' and userid !=table.employee, No Access The file rule is not affective. Can anyone who had a similar situation, please share how the rules were applied  or suggestions Greatly appreciate your kind assistance.

In my LSF9 environment, I have about 2,500 users that have no security class assigned.  We are still using the LAUA security model. These users are all self-service users and need nothing more than a security class assigned.  What I need to accomplish is two things: (1) Assign a defined security class (named 'SELF_SERV') to these 2,500 users.  Can I do this with some sort of GEN export, update the exported file, and then import it  I tried doing an export of the GEN user table but all I got ou...

We Migrated to LSF9 (AIX platform) last year, using WAS 6.1, TDS , and also did a LDAP Bind to AD for authentication (works great, BUT ...) We have 2 Domain Contollers: i.e. DC1, DC2. For some reason when we did the Bind (using DNS), Authentication only works if DC2 is available. Switching the roles did not help. Performed Network packet traces , and noticed there is some conversation to DC2  (BIND, SEARCH  CN=Configuration ...). The rest of the Authentication process looks normal: going to t...

We are converting our users over to LS9 security. The canned security reports are not providing all of the information our auditors are requesting for Sarbox compliance. WIndows/SQL2005/LDAP BIND What other reporting tools is can be used for reporting on security Regards JC

Is there a way to generate a LAUA report for Record Level Security similar to the Data Security report  We are setting up/changing some of our record level security and so far, the only way to find security classes that have record level security is to look into each one individually.  Just want to make sure I haven't missed a report somewhere. We are UNIX LSF 9.0 using LAUA and Portal.

We are on LSF9, version 9.0.0.6 using MS-ADAM for our LDAP. We are also using LDAPBind to validate users against our corporate domain. We are still using LAUA security. I understand the concept of creating Resource Managment records for users and then creating the necessary identities for the environment, self-service, SSOP, etc. The problem we are running into is that some users are showing up in LAUA with all upper-case user names whereas the majority of our users show up in lower-case. Why th...

Hi All, We are doing a 8.03 to 9.0.1 both environment and application upgrade.. We are not using Lawson Security, we are still continuing with LAUA...we are using Tivoli Directory Server v6.1for LDAP We need to setup a tivoli user, who needs to have access to the whole tree (including base root) of the ldap directory.The reason we say a 'tivoli user' is, he won't be accessing ldap through Lawson, instead he is going to access LDAP through 3rd party java application.. However this user sho...

We have come across an issue using personal actions and the replacement field on entering a new job req where a manager is only see their direct reports. They do not see any employee is their direct reports is ay a manager also. For example the CEO sees her direct reports but not the employee who fall under her direct reports. I have tried using isInChainofCmdOFEmpInHR and isInChainofCmd(RMID) with no luck. Has anyone come across this using LSF9.0 security. Thanks, Paul

Our IT department has a report they run which is thousands of pages for our end users to sign off on with regard to security and what individuals have access to. I have two questions:   1. How are other companies getting sign off from the internal audit department on their security access and if they have it down to a few pages, did they go through and take off security they didnt need Our issue is we as the person signing off does not know what some of these screens means and if we take it a...

I am unable to see most of fields on HR11.1.  Either on LAUA or New Lawson security. I can drill around employees data but can NOT see most of fields on the screen.  Is there any place to secure the HR11.1 I also looked for HR12.1 but it doesn't change anything even I set to level 1 and location is all asterisk(*).

I created a structure in RM and then view the Full structure but it pops up the error message when I click the full structure in RM: Run-time error '399': Component 'PrnFlow5.ocx' or one of its dependencies not correctly registered; a file is missing or invalid Any help will be much appreciated. Thanks!

Hi All, i posted this topic on the S3 Sys admin forum, but did not get reply, i hope that on Secu forum i will have more chance. ----- During the Lawson Core technology LSF9 installation, there is a step for 'Configuring Resource Management' where a valid DN is required. We have created a valid DN by copying an existing DN, which was imported from an existing LDAP instance ( for test purpose). We would like to CREATE a valid and empty DN for the new installation of LSF9. It will look like ...

I have an issue that I need assistance in resolving.    Two new LSF9 users have had a problem with getting filtered entries when they run GL reports. We have been notified this happens when users try to run GL290, GL190, GL291, etc., as well as GL90.   I have the two users on the same profile as a user who has had no difficulties at all.  If I turn off the LSF9 security (and revert to LAUA), they can run the reports just fine....all the data appears.  If security is turned back on, they see...

problem was resolved. Please ignore this question. Thanks!

I need to limit a security class to only one 'C'hange function on the AP25.1 form. I only want them to have 'R'elease. Any idea how I would limit the line function to 'R' when ever form function is 'C' Thanks, Al

Good day, all. I have been browsing and searching mylawson.com and here for two days looking for a simple answer to question for my auditors.  We are on LSF9, using LS security, and our auditors hate the reporting functionality that comes with LS Administrator.  They would like a smart note or bursted report to come out every day with changes made to users' roles and classes.  Our security implementation is in its toddler stages, so there are still quite a few kinks and SOD issues that I am re...

When we try using LP31...'next' button brings up next employee number - but it displays the wrong name. When you hit inquire is refreshes to the correst display name When we do not filter through process level and leave wide open - then data and display name fills in correectly. We are on LAUA...env 9.0.0.6 how can i get the display name to match up with employee id - without having to hit refresh everytime

Hello all. When LPS did our Lawson installation they used different passwords for the 'lawson' user. The OS user's password is different than the SSOP (portal) password.  I want to change the SSOP password with ssoconfig -c and I understand that process.  I will not be changing the OS password. My concern comes with when I install environment/application patches. I know that the 'lawson' user ID is used during patch installations.  It also appears that the install.cfg file within LAWDIR/s...

Once in a while, security administrator won't connect. We are running windows/webpshere/SQL/9.0.1.3 enviroment/9.0.1MSP1 application Attempt to stop the websphere appserver fails and a server reboot needed to enable connection for security adminsitrator. Meanwhile, all the lawson programs work fine. Any idea

We are in the process of defining our LSF9 security structure and I have waht I hope is a simple question. When defining security classes for an online object, what is the difference between granting access to a program versus granting access to a token, and why would I use one versus the other In other words, why would I grant access to program AC10 versus granting access to token AC10.1  Do I need to grant access to the AC10 program in order to also grant access to token AC10.1  Is gr...

We are going to implement lawson security. Can anyone share your experience about locating user's process levels Do you customize an attribute to store user's process levels, or use structures to define the hierarchical porcess levels, or any methods to locate user's process levels  Any input would be much appreciated. Thanks!

We are in the process of implementing LS9 and have run into an issue where when we change CheckLS to Yes the user can no longer log into Lawson.  This error displays...'The Portal cannot load becuase the Profile service returned an error: An unknown error occurred.  Please contact your system admin.' Has anyone else seen this error and if so, what was the resolution Thanks!

We are on environment 9.0.0.6 and Apps 8.1.0.6.  I am trying to create a security class to provide access to the 'Personal Profile' link in Employee Self-Service. According to the technical documentation for Employee/Manager Self-Service, I need to provide access to the PAEMPLOYEE table of my product line database. However, I found I also needed to grant access to the EMPLOYEE table as well (documentation error I suspect). So I created a security class that provides full unconditional ac...

Hi We have increased the number of standard lawson users at our company drastically the last year. Before it was easy to keep track of the users by a simple paper form that we let the users supervisor sign.  Then we put the users in security classes and put the paper in a binder sorted alfabethically. I feel the need for a more sophisticated solution. Maybe a database in access with scanned papers, or an eletronic form in lawson that uses process flow for approval of what people are allo...

Hello,  I am new to lawsonguru.  We have our users on LSF9 and Lawson Security.  We are implementing LBI and want to know if anyone has any ideas on how to make security maintenance in LBI less labor intensive.  I would like to use groups instead of individual user ids in LBI reports and LBI rights administration.  Any input will be most appreciated!! Joanna Bledsoe Lawson AC, AM, AP, FB, GL, MA, RW