Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Security
Securing AR reports by Credit Analyst
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
chaoticist
Past 24 Hours:
2
Prev. 24 Hours:
0
Overall:
5185
People Online:
Visitors:
169
Members:
0
Total:
169
Online Now:
New Topics
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Infor ION
ION vs IPA
2/29/2024 1:24 AM
We had a person new to Lawson and Infor go to Info
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Security
Securing AR reports by Credit Analyst
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
Wade-T
Veteran Member
Posts: 54
4/16/2013 11:42 AM
I have a listing of Analyst codes and names on AR06 and would like to keep the AR pieces seperated by these names. I see, for instance, that the AR251 has a selector on the Customer tab for Credit Analyst, and that LSF has a form.ANLYST_NAME object but I am not sure how to write the rule so a user can only see their grouping. Would I assign the rule one time, or on each screenthat contains the Credit Analyst field?
Georgette
Veteran Member
Posts: 52
4/16/2013 3:22 PM
Hi Wade,
What you are referencing above is Data Control based on User Attribute.
Values are assigned to the attributes in each employee's profile in the Security Administrator application. The rules are then written on each form (select user folder) to compare the values in the Lawson tables to the values assigned to the employee's profile attribute.
For example, suppose the CompanyControl attribute is assigned the values 1220 and 4321 to represent companies the employee is allowed to access.
The rule would be written on the form as user.attributeContains('CompanyControl'.form.____).
We don't use AR, but I am assuming you may want to populate the ANALYST_NAME attribute with whatever the value is in the appropriate Lawson tables (analyst code, or whatever). The other thing is make sure the credit analyst field is actually being populated on each form.
Hope this helps.
Georgette
Veteran Member
Posts: 52
4/16/2013 4:43 PM
Sorry, another quick comment. I just noticed your title mentions reports. The above will not secure the report data, it will only determine who can run the reports.
A way around this is to publish the AR reports in LBI and use the bursting tool to distribute the reports to the various analysts. Make sure drill around is also secured which is another layer.
Wade-T
Veteran Member
Posts: 54
4/16/2013 4:56 PM
Thanks for the info. We do not have LBI at this time, just a very basic HR/Financials install using the Portal. The one user we are trying to lock down is also tied to one process level. I attempted to secure him to only that process level witht he following, but it didn't seem to work.
if(SystemCode=='AR'&&((COMPANY==1999&&PROCESS_LEVEL>=650000&&PROCESS_LEVEL<=650999)))
'ALL_ACCESS,'
elseif(SystemCode!='AR')
'ALL_ACCESS,'
else
'NO_ACCESS,'
Georgette
Veteran Member
Posts: 52
4/16/2013 5:50 PM
Additional attributes to People Object in RM are available in versions 9.0.0.6, 9.0.1.3 and higher. Such as CompanyControl, AccountingUnitControl, etc. Or you can create your own using the schema editor.
I am assuming you assigned the user these values in the appropriate attributes on his/her profile on the Security Administrator. CompanyControl should be assigned 1999 and UserProcessLevell has the range of values you mentioned.
I am not familiar with the AR tables so I don't know which forms you need to secure the Company and Process Levels with. You can use two different security classes, one to secure the AR files and the other to secure the forms.
First secure the tables (files) with an ARFileAccess security class that grants all access to all AR tables. This security class will be assigned to the credit analyst role.
Then to secure the AR forms create another security class (or create an ARFileAccessLimited security class that grants all access to AR system code and then limits the forms),
Go to each form and place the rules (select the user folder) --
If(user.getAttribute(‘CompanyControl’) == form.______
&&
user.isAttributeInRange(‘UserProcessLevel’) == form.______)
then Grant All Access
else no Access
Hope this helps!
Georgette
Veteran Member
Posts: 52
4/16/2013 5:58 PM
for example for PA42.1, the form name would be
==form.PJR_PROCESS_LEVEL
Georgette
Veteran Member
Posts: 52
4/16/2013 6:02 PM
i realize it is a pain to go to every single form, but you have to secure the form AND the drill around. No easy way around it.
Greg Moeller
Veteran Member
Posts: 1498
4/16/2013 6:12 PM
Unless you are just concerned about company control, then there's a (relatively) simple solution to it.
Create a rule against Object Type of Element.
user.attributeContains('CompanyControl',lztrim(COMPANY)))
'ALL_ACCESS,'
else
'NO_ACCESS,'
I see Process-Level in the Element list as well... perhaps it could be expanded to secure by process level as well? Unsure.
Greg Moeller
Veteran Member
Posts: 1498
4/16/2013 6:17 PM
Assign this security class to a role and every form/table seems to follow it.
We don't have this implemented yet in production, but in test, it seems to work just fine.
Georgette
Veteran Member
Posts: 52
4/17/2013 11:23 AM
Hi Wade,
I was looking at your code again and have a suggestion. I learned best practice is to create different security classes for each system code. Such as ARFileAccess for all of the AR tables, HRFileAccess, GLFileAccess, etc. Each of these security classes are assigned to the role. Give access to all tables that fall in each system code. For the one credit analyst, create an ARFileLimited security class and apply either the ANALYST_NAME or PROCESS_LEVEL user rule to each form that needs the data limited.
Again, the values need to be in the employee's profile attribute to use as a compare to either the form value or the file value.
You are not authorized to post a reply.