Prev
Next
Forums Infor / Lawson Platforms S3 Security

Process Level Security and ESS - HR Tables Secured

 10 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
GregSl
Veteran Member
Posts: 38
Veteran Member
5/7/2008 7:55 PM

    I have a security class on LAUA (eg. HRUser) , which  restrict users from accessing the EMP(Employee Table)  based on the Process Level.

    On the Employee Self Service> My Pay option ,  the HRUser security Class users, does not  see any Pay/Tax data.The reason being the PAYMASTER and other related  tables'  access is secured by Company/Process Level.

    The affected Users are on the same Process Level that is secured. I am thinking of a rule, that would allow the respective users to view their pay information while maintaing the same secured Process Level based on their EID. This has to prevent access to HR11 to their own info too.

    Any ideas would be greatly appreciated.

    klive
    Veteran Member
    Posts: 40
    Veteran Member
    5/8/2008 12:13 PM
      Have you looked at creating a unique attribute and running securing off of that attribute? I have often wonder about ESS and othere roles that give more access...
      GregSl
      Veteran Member
      Posts: 38
      Veteran Member
      5/8/2008 4:15 PM
        Yes. A Priviledged profile works fine only for ESS. If I have to combine that with a Lawson User, process level security comes up.
        John Henley
        Posts: 3353
        5/8/2008 5:47 PM
          Greg, assuming the PROCESS-LEVEL in PAYMASTR matches the one you set up in LAUA for data level security, users assigned to the HRUSER class should be able to see their own records. When you set up the data level security, did you do so for all system codes or just HR? what about the PR system code? Since the PAYMASTR table is part of the PR system code, adding that data security rule to HR shouldn't affect it.
          Thanks for using the LawsonGuru.com forums!
          John
          GregSl
          Veteran Member
          Posts: 38
          Veteran Member
          5/8/2008 7:04 PM
            You are absolutely correct. It was the Process Level in the System Code PR, that was causing the issue.

            I granted access to Process Level and everything is fine from ESS to HR11.

            Thank you very much, Sir.
            John Henley
            Posts: 3353
            5/8/2008 7:29 PM
              That's great--sometimes I even get it right on the first try...
              Thanks for using the LawsonGuru.com forums!
              John
              GregSl
              Veteran Member
              Posts: 38
              Veteran Member
              5/8/2008 7:41 PM
                I completely forgot to check the Process Level of the other System Codes :- (

                Sorry, I need one more clarification.

                In LS9, I used the Element Groups Rule for the same issue. Secure by Company and Process level, as follows:

                if(COMPANY==99&&((PROCESS_LEVEL=='EXEC'||PROCESS_LEVEL=='SUPP')&&(SystemCode='HR')))
                'NO_ACCESS,'
                else
                'ALL_ACCESS,'

                No Display in ESS> MyPay. Have I got to grant access at File Level ? I am trying to make best use of Element Groups.

                Thank you !
                GregSl
                Veteran Member
                Posts: 38
                Veteran Member
                5/20/2008 9:20 PM
                  I want to restrict access to EMPLOYEE table only to the user. This is only to support ESS as the user needs access to all other Process Levels.


                  if((table.COMPANY==user.getCompany()&&table.PROCESS_LEVEL=='CORP'&&table.EMPLOYEE!=user.getEmployeeId()))
                  'NO_ACCESS,'
                  else
                  'I,'

                  There is something missing as the user gets access to other Employees with in the same process level.

                  Thanks for our help.


                  Wade-T
                  Veteran Member
                  Posts: 54
                  Veteran Member
                  9/9/2008 4:54 PM

                    Hello,

                    Did you get a fix for your last post?  I have some people who need to use the search box, but i want them to only be able to see their own information on the dropdowns.

                    John Henley
                    Posts: 3353
                    9/9/2008 5:13 PM

                      The way your rule is written it is only checking if the table's PROCESS_LEVEL == 'CORP'

                      You would need to have another condition to check for non-CORP process levels.

                      Are employees who you are referring to in the CORP or non-CORP?

                      Thanks for using the LawsonGuru.com forums!
                      John
                      GregSl
                      Veteran Member
                      Posts: 38
                      Veteran Member
                      9/9/2008 5:30 PM
                        My conditions were as follows:

                        HR11 : (user.getCompany()==form.EMP_COMPANY&&user.getEmployeeId()==form.EMP_EMPLOYEE)&&form.EMP_PROCESS_LEVEL=='CORP')

                        EMPLOYEE : table.COMPANY==user.getCompany()&&table.EMPLOYEE==user.getEmployeeId() &&table.PROCESS_LEVEL=='CORP'

                        You have to secure both the table and token (HR11) in this situation.

                        Hope this helps !