To all,
Has anyone run into this error?
I have a simple rule to match the employee number on the screen with the employee number in their Identity using getEmployeeId(), but Inquiry in the screen returns a security violation, and puts this into the lase_server log file:
2010-10-05 09:34:33 com.lawson.lawsec.default.FINEST com.lawson.lawsec.author.runtime.JSUser.getEmployeeId()() function return empty string
Any thoughts or suggestions are much appreciated!
Best regards, Dave (303) 773-3535
Absolutely.
I'm working with HR13. The original rule matched both the company and employee, but I've been cutting it down to bare bones to try and figure out what's happening. I'm testing with employee 11456, who has a perfectly configured employee identity. I found that with only the getEmployeeId in the rule, I get "token or bookmark not found", so I added more to the rule to be able to get to the blank HR13 screen. I tried the rule below to get something that worked - this works perfectly by itself:
form.EMD_EMPLOYEE > 11450
It allowed me to see "myself" as employee 11456 and everyone with bigger empnums, but below 11450 got security violations - perfect. When I add getEmployeeId in any manner, though, it fails:
form.EMD_EMPLOYEE > 11450 && user.getEmployeeId() > 11450
This gets a security violation when inquiring, next, previous, or whatever on HR13. And the log file shows "function return empty string" (sic). I'm thinking it's not a rule problem, but something else related to the employee identity configuration - and possibly the original installation. I've tried this on several different employees with the same result every time.
We found it.
I tried your suggestion, but still no difference - so we kept digging deeper. Turns out that the PRODLINE_EMPLOYEE Identity was wrong! The ProdLine is part of the the name of the identity, but there was one character difference between the old, retired ProdLine and the new and correct one. I was using the old PRODLINE_EMPLOYEE identity - which was the only one there - but which wasn't correct. It required some ssoconfig work to put the Identity for the new Prodline in place.
Now the original rules work as they should. The key thing I now know: if the log shows "getEmployeeId()() function return empty string" or something similar, look CLOSELY at everything about the EMPLOYEE Identity!
Matt and John - thanks for the quick responses!