Prev
Next
Forums Infor / Lawson Platforms S3 Security

Duplicating Data Level Security in LS for Co / AcctUnit

 2 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Jake Miller
Basic Member
Posts: 5
Basic Member
2/4/2011 3:04 PM
    In LAUA we use the Data Level Security (Company and Process Level) to specify Company ranges and Accounting Unit ranges for Financials security.  It works great.  Now, I need to duplicate this setup in LS. 

    According to Lawson, the only way to secure FB40.1 (Budget Journal Entry) to a specific Company and AcctUnit is to apply conditional statements to the form detail line fields. Element Groups only validate the first line and invalidate Next or Previous actions if the first line fails.  Elements can't be used to specify a specific pair of Co / AcctUnit.  And, ToCompany and AcctUnit are not available fields to use on the FB40.1 or DTO sections... only on the line itself.

    Ideally, we would use a multi-valued attribute on the RM to store the (Company / AcctUnit pairs to which a user has "All Access" security.  And, the Company / Acct Unit values would in fact be ranges (Co 100 -> 200 / AcctUnit 1000 -> 1200). The attribute needs to be multi-valued because there can be several range pairs to which a user has all access.  Example:
    100-200|1000-1200
    300-300|1000-1000
    400-500|1200-1200... etc. just like LAUA.

    Once the attribute is created and populated for a user, how does one sift through it (via LS) and make comparisons to two separate and independent fields?  For instance, if form Co = 150 and AcctUnit = 1100 (should be all access), how do I iterate through the multi-valued list and check to see if the company is between the first two numbers and the AcctUnit is between the second two numbers?  Or, is there an easier way to do this that I am overlooking?  Any help would be greatly appreciated!

    Thanks in advance,
    Jake
    Greg Moeller
    Veteran Member
    Posts: 1498
    Veteran Member
    2/4/2011 4:04 PM
      We are using something like the following to restrict which companies a user can see.
      The CompanyControl attribute comes with all new installs of LSA... A lot of rule-writing is involved here, so we haven't actually implemented anything in production yet.

      user.attributeContains('CompanyControl',COMPANY)

      I believe AccountingUnitControl and ProcessLevelControl attributes exits now, too. Or you could add your own custom attribute via the Schema Editor.
      Jake Miller
      Basic Member
      Posts: 5
      Basic Member
      2/4/2011 5:41 PM
        Thank you, but I've looked at that and it doesn't give me what I need. I need to lock down the Co / AcctUnit pairs. If I granted access to Co 100 | A/U 1000 and Co 200 | A/U 2000 (two specific pairs) via the companycontrol and accountingunitcontrol attributes the user would get Co 100 & 200 and A/U 1000 & 2000 (four specific pairs).

        A custom attriibute could, and does work to identify specific pairs that a user has access to via
        user.attributeContains('customattribute',concat(trim(form.FLT_TO_COMPANY),trim(form.FLT_ACCT_UNIT)))
        where customattribute is a concatination of accessible Co & A/U... i.e. 1001000 (C0 100 & A/U 1000)

        However with 352 specific pair possibilites (and some users with unlimited access or very high access) I need to do this by ranges. Such as where customattribute is a concatenation of the LAUA Data Security lines...
        Line 1 = 100-100|1000-1000 (one pair)
        Line 2 = 200-200|2000-2000 (one pair)

        This would still leave the possibility of 100-999|1000-9999 (unlimited access)

        Think of it this way...
        if (form.FLT_TO_COMPANY between 1st Co in customattribute and 2nd Co in customattribute
        && form.ACCT_UNIT between 1st A/U in customattribute and 2nd A/U in customattribute) then ...
        else... check next entry in multi-valued customattribute.

        How can I accomplish that?