Prev
Next
Forums Infor / Lawson Platforms S3 Security

Lawson Security admin and rule writing

 3 Replies
 1 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Ronnie
New Member
Posts: 4
New Member
11/19/2019 3:25 PM

    Can someone point me to the direction where I can find out what the expression builder in Lawson Security Admin is meaning when it says "form.process_level"  or "form.author_name"  etc. 

    Where are these forms it is speaking of?  Like for process_level, there are numerous forms inside of Lawson that contain process level.

     

    We are needing to create a security role for an internal audit team where they will have access to see info / run reports on all of our process levels (clinics), except for our corporate process level. 

     

    I am a little confused on how to work this one out.

     

    I know for others who can only see certain locations, we are using the process level control attribute in the security administrator Edit RM information on a person, but we have over  500+ locations for this to work we would have to manually add all locations except the corp to those users. That would take forever.

     

    Surely there is a rule I can write somehow to do the opposite?

     

    Thoughts?

    Jay2
    Veteran Member
    Posts: 84
    Veteran Member
    11/19/2019 4:59 PM
      The first question: those signify fields on the form you are currently writing a rule for.

      You should be able to write:
      If
      Form.Process_Level!=
      All Access
      Jay2
      Veteran Member
      Posts: 84
      Veteran Member
      11/19/2019 5:01 PM
        It cut my value out

        If it does not equal the Corp process level then all access
        Roy
        Basic Member
        Posts: 8
        Basic Member
        1/2/2020 3:57 PM

          Are you keeping your data level access security classes separate from the form based access security classes?

          In our case we have form based security classes that give access to the forms, e.g. AP20, GL90, etc. and data level access classes that look at attributes.  The first rule in the data level access class look for the word "ALL" in the attribute, which gives access to all companies/process levels, then it compares against the actual value of the attribute, these rules are in the element group (we have custom element groups, but still have PROCLEVEL as well because we never completely weaned off of PROCLEVEL, as you know PROCLEVEL supersedes any other rule, so if PROCLEVEL is false, it doesn't matter what other rules there are):

          if(attributeContains(user.getRDId(),'DLPROC','ALL'&&(SystemCode=='AM'||SystemCode=='AP'||SystemCode=='CB'||SystemCode=='GL'||SystemCode=='IC'||SystemCode=='IF'||SystemCode=='MA'||SystemCode=='PO'||SystemCode=='RQ'||SystemCode=='TX'||SystemCode=='WH'||SystemCode=='LM'||SystemCode=='AR'||SystemCode=='BL')
             'ALL_ACCESS,'
          else
             if(attributeContains(user.getRDId(),'DLPROC',COMPANY)&&(SystemCode=='AM'||SystemCode=='AP'||SystemCode=='CB'||SystemCode=='GL'||SystemCode=='IC'||SystemCode=='IF'||SystemCode=='MA'||SystemCode=='PO'||SystemCode=='RQ'||SystemCode=='TX'||SystemCode=='WH'||SystemCode=='LM'||SystemCode=='AR'||SystemCode=='BL')
             'ALL_ACCESS,'
          else
             'NO_ACCESS,'