Batch Jobs

Sort:
You are not authorized to post a reply.
Author
Messages
KerriR
Advanced Member
Posts: 34
Advanced Member

    Does anyone have the exact setups that are needed to allow users to submit batch jobs?  We are using LS9 and some of our users are getting "security violation" errors when trying to inquire on their jobs (HR170, PR260, PA490 are some examples).  If they wait about 10 minutes, they can then inquire and run the job without any problem.  I find this very interesting because in my mind, security is either on or off, there's no in between.  So why would it NOT work one minute but work 10 minutes later? 

    riegerj
    Veteran Member
    Posts: 44
    Veteran Member
      We ran into a problem with a custom locale. When the users were assigned the custom locale you had to inquire on the job twice before the submit button was available. Are you using the default locale for these users?
      KerriR
      Advanced Member
      Posts: 34
      Advanced Member
        I'm pretty new to this so can you tell me where I check to see which locale is assigned to the users?
        riegerj
        Veteran Member
        Posts: 44
        Veteran Member
          Sure thing, if you go into Lawson Security Administrator, User Maintenance, find a user and go to the Edit Lawson Environment Information. You will see the locale listed there (this is the screen where you do user groups and printers and etc.)
          KerriR
          Advanced Member
          Posts: 34
          Advanced Member
            The locale for our users is blank.
            riegerj
            Veteran Member
            Posts: 44
            Veteran Member
              Ok, then it must be something else. You are using Lawson 9 security right? Do the users have the BatchRole assigned to them?
              KerriR
              Advanced Member
              Posts: 34
              Advanced Member
                Yes, we are using Lawson 9 security. The users do have BatchRole assigned to them. This would make so much more sense if it didn't work all of the time. Instead, it works intermittently which makes me think their security must be correct and it has to be something else. Do you know if there is some sort of caching of the security classes/roles that may take some time to load when the user logs in? I know I'm grasping at straws but I've been through every piece of documentation I can find and have checked and double checked the "batch" security rules and it appears everything is set up correctly. There must be some setting or something we're missing.
                riegerj
                Veteran Member
                Posts: 44
                Veteran Member
                  I don't know of anything except the initial IOS Cache Refresh or the Server Management Clear Cache which would only be used if security changes are taking a while to propagate. I am not sure what would cause the security to change intermittently. Is it only the first time the user accesses the form or can it be the 3rd or 4th time they access the form?
                  John Crudele
                  Veteran Member
                  Posts: 50
                  Veteran Member
                    Check the users Lawson Environment Info and verify the users are assigned to a User Group. Also check that the data Area/ID is populated.
                    KerriR
                    Advanced Member
                    Posts: 34
                    Advanced Member
                      It can happen at any time. I was hoping someone out there would have the exact rules that are needed to allow users to run batch jobs. That way I could compare them to what we have and make sure we didn't miss anything.
                      KerriR
                      Advanced Member
                      Posts: 34
                      Advanced Member
                        All of the users are assigned to a User Group and have the data area/ID filled in.
                        John Henley
                        Senior Member
                        Posts: 3348
                        Senior Member
                          If it works sometimes, then it's probably not an issue with the rules. Have you looked at the lase*.log files?
                          Thanks for using the LawsonGuru.com forums!
                          John
                          riegerj
                          Veteran Member
                          Posts: 44
                          Veteran Member
                            Do each of the users have unique environment/OS IDs? I think this can cause issues for batch users too.
                            KerriR
                            Advanced Member
                            Posts: 34
                            Advanced Member
                              riegerj - Checking for unique environment/OS IDs is something I've already checked and they are unique. Thanks for the suggestion.

                              John - Lawson has also suggested looking at the lase*.log files but we cannot reproduce the security violation error on demand so at this point I'm stuck.
                              KerriR
                              Advanced Member
                              Posts: 34
                              Advanced Member
                                Good News! One of our users just got the "security violation" error. Now, can someone tell me what I need to be looking for in the logs?
                                GregSl
                                Veteran Member
                                Posts: 38
                                Veteran Member
                                  You can check IOS log file as well as lase.logs depending on CHECKLS flag for the users concerned.

                                  To trap the error messages, use Auditing + logging, select ALL and select the users ( who got the security violation)
                                  Logs will tell you the reason for the security violation eg. access denied.

                                  Hoep this helps.
                                  KerriR
                                  Advanced Member
                                  Posts: 34
                                  Advanced Member
                                    I found this in a log but I don't know what was denied access. The nodeName is blank.

                                    2009-11-05 10:54:29 com.lawson.lawsec.default.FINE com.lawson.lawsec.author.runtime.LawsonSecurityRequestOptImpl.evaluateNonContentNodeSecurity()
                                    USER: jafoley
                                    nodeName=, FC=I, Default ruleResult=NO_ACCESS, FcResult=ACCESS DENIED

                                    GregSl
                                    Veteran Member
                                    Posts: 38
                                    Veteran Member
                                      Never seen that. I would suggest you select user jafoley for Auditing.

                                      I am not sure if stoplase/startlase, will clear the cache or bouncing the server might help.
                                      mark.cook
                                      Veteran Member
                                      Posts: 444
                                      Veteran Member
                                        We also had an issue with intermittant security issues on one security class. Ours will work fine for 4-6 weeks with no issues and then out of no where the issue appears again. We had been given a PT to install and have not seen it reappear for a while. If your on SP4 the PT is 183606 or if on SP6 183785. Check to see where you are on these PT's. They basically push out a new lawsec.jar file so you have to make sure enough testing is completed. A similar PT that effected lawsec.jar also required us to upgrade our RSS because we could not click check out without an error.
                                        KerriR
                                        Advanced Member
                                        Posts: 34
                                        Advanced Member
                                          We just applied the patch to our production box. I'll update this post in a few weeks if all goes well. Thanks for all of your help.
                                          KerriR
                                          Advanced Member
                                          Posts: 34
                                          Advanced Member
                                            The patch seemed to fix our issue. Thanks for everyone's help.
                                            randys
                                            New Member
                                            Posts: 2
                                            New Member

                                              Does anyone no what this means "Submitting job GL240HH to default job queue (User secured from submitting jobs)" 

                                              The user cannot submit any jobs.

                                               

                                              BarbR
                                              Veteran Member
                                              Posts: 306
                                              Veteran Member
                                                Yes, it means that the user does not have the security rights to submit batch jobs.
                                                BarbR
                                                Veteran Member
                                                Posts: 306
                                                Veteran Member
                                                  The user must be granted:
                                                  ENV profile - a number of the online securable types (executables)
                                                  GEN profile - online UN, several files (job, jobstep, queuedjob, userrpt) and element username
                                                  randys
                                                  New Member
                                                  Posts: 2
                                                  New Member
                                                    Thank you for the responses it lead us in the right direction. We found a missing role "process flow role" and a setting in security for workflows that was supposed to be set to a "1" and not "0".
                                                    You are not authorized to post a reply.