Company Level Security Restriction

CompanyControl is just an multi-value attribute you can use to "compare" against forms/tables/elements/element groups to grant access or not. So I am afraid you still need to go in secClass to add/modify the rules.

typically for table:
if(user.attributeContains('CompanyControl',lztrim(table.COMPANY)))
'I,'
else
'NO_ACCESS,'

Thanks, Jimmy... I was afraid you were going to say that! We have 540+ security classes and 5500+ rules. This is going to take us a while, then.

I was hoping that there was a simpler (global) solution to company level security for both the screens and the tables.

Greg

What created a structure is resource manager
Then made it an attribute on the users profile and assigned the users company to the attribute

Then we created a security class with a rule on the company element

if(isStructNodeTitleAbove('PlatformStructure',COMPANY,user.getAttribute('Platform')))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'

We assigned the security class to a role then assigned the role to everybody

So, John, when you assign this role to everyone, does that fix the other existing roles that may have access wide open to company.. permission for every company?

Since with LS, "most restrictive wins", having a "global" rule like that should achieve your goal. You just have to make sure it is include in a role that is assigned to every user.

John: I thought it was "most permissive wins" ?

Man, I blew that one, didn't I? You are correct: the first rule encountered that grants access ends the rules processing.

Greg

We set-up a role called "company role" and assign it to whoever needs to have their access limited by company. If you have full access to all companies we do not assign the role.

Regards
JC

So, John. What do you have in the "company role"?

Greg

1) we created our company structure in resource manager
2) Created an attribute on the user profile and entered in the company information
3) created a security class called CompanySecClass with a conditional rule on the company element
if(isStructNodeTitleAbove('PlatformStructure',COMPANY,user.getAttribute('Platform')))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'
4) Created a security profile calle CompanyRole and assigned the above security class to it
5) Add the CompanyROle security profile to the individual users profile

Regards
JC

JC, Thanks! This helps, but since I've never done anything like this (except in class 4 years ago) I'd appreciate more help. Would it be possible for you to send me a screen shot of your structure? That way I may be able to wrap my brain around this quicker. If you cannot, I understand.

Greg

I am finishing up our LSO install and training. i will send you screenshots on Thursday

That would be great, John. Thanks!

John: A screenshot would be appreciated.