Prev
Next
Forums Infor / Lawson Platforms S3 Security

ESS Payment Modelling

 8 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
ALB
Veteran Member
Posts: 130
Veteran Member
8/27/2013 3:50 PM
    We have been having security violations with Payment Modelling in ESS.  The rule is:

    if(isElementGrpAccessible('COMPEMP', '', 'PR', form.EMP_COMPANY, form.EMP_EMPLOYEE))
       'ALL_ACCESS,'
    else
       'NO_ACCESS,'

    We have tried using lztrim and trim.  So far, we have not had any success.  We had to build an Element Group COMPEMP with company and employee.

    I would appreciate any ideas.

    Thanks!
    BarbR
    Veteran Member
    Posts: 306
    Veteran Member
    8/27/2013 4:07 PM
      Do you have a Grant All on PR89 and this rule on PR89.1?
      ALB
      Veteran Member
      Posts: 130
      Veteran Member
      8/27/2013 4:51 PM
        I have grant all access on the application PDL, PR, and PR89.  I have conditional access on PR89.1 as originally posted so that an employee can only model his/her own information.  There is also file access.  We are not getting to the transaction.
        Al
        Basic Member
        Posts: 17
        Basic Member
        8/27/2013 5:17 PM
          This works for us on PR89.1:

          if(user.getCompany()==form.EMP_COMPANY&&user.getEmployeeId()==form.EMP_EMPLOYEE)
          'ALL_ACCESS,'
          else
          'NO_ACCESS,'

          Al
          BarbR
          Veteran Member
          Posts: 306
          Veteran Member
          8/27/2013 5:27 PM
            AngelaC, your rule is identical to mine, and our Payment Modeling works fine.
            ALB
            Veteran Member
            Posts: 130
            Veteran Member
            8/27/2013 5:53 PM
              I was trying to figure out if there is an issue with the element group.  It looks like there is not much to it.  I just has company and employee.  Which profiles do you have COMPEMP defined? 
              Greg Moeller
              Veteran Member
              Posts: 1498
              Veteran Member
              8/27/2013 6:05 PM
                I think COMPEMP needs to be defined in the same profile that the rule to PR89.1 is in.
                Karen Beyer Goode
                Basic Member
                Posts: 4
                Basic Member
                8/27/2013 6:19 PM
                  do you have a rule written on your element group?

                  This is the rule on our COMPEMP element group and its assigned to the same profile where access to ESS resides.


                  if(user.getCompany()==lztrim(COMPANY)&&user.getEmployeeId()==lztrim(EMPLOYEE))
                     'ALL_ACCESS,'
                  else
                     'NO_ACCESS,'
                  ALB
                  Veteran Member
                  Posts: 130
                  Veteran Member
                  8/27/2013 7:13 PM
                    We have the rule on our group element. 

                    After seeing the responses, I suspected it had to do with our identity.  It appears to be due to putting leading zeros into the company on the identity for functionality for job reqs.