Background:
In general, most of our users are restricted to their site that's assigned in HR11/Employee file.
We use 2 ids, 1 for ESS and another for application users. The application users are generated by an algorithm and stored in a table.
Issue:
How is everyone else enforcing what was "Data Level" security in 8.0.3 for application users?
Possible Solutions:
(A.)
I could create a custom RM attribute that holds a user's site/process level and have a Process Flow (PF Integrator) maintain this attribute so that as a user transfers to another site the attribute is updated. Rules would simply reference this custom attribute ie
if(form.PROCESS_LEVEL==strToNum(getAttribute("userSite") )
Pros:
-Shouldn't be too much load on the lase server since it's in ldap
-Automated, if a user's site changes the PF will change the attribute
Cons:
-Set up
(B.)
I make the table that holds the application ids (which maintains site to userid) a part of Lawson and do write rules with db calls to it ie
if(form.PROCESS_LEVEL==strToNum(getDBField(blah,blah, blah,blah)))
-No PF is needed since the table updates the user to site relationship by itself
-Automated
Con:
-Performance.
(C.) What else?