Prev
Next
Forums Infor / Lawson Platforms S3 Security

Securing based on Process Level

 8 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Shari
Veteran Member
Posts: 78
Veteran Member
8/7/2007 7:03 PM
    We have a new position that needs inquiry access to HR11 but only for those employees within the same process level. For example:

    John Doe is in PLevel 001 - should only be able to see employees in his PLevel=001
    Jane Doe is in PLevel 002 - should only be able to see employees in her PLevel=002

    Has anyone found a fairly simple way to accomplish this?

    Thanks!

    -Shari
    John Henley
    Posts: 3353
    8/7/2007 7:28 PM
      Shari, that can be done via LAUA data security...
      Thanks for using the LawsonGuru.com forums!
      John
      Shari
      Veteran Member
      Posts: 78
      Veteran Member
      8/7/2007 7:32 PM
        Ok, I should have mentioned - we are using Lawson Security for all of our end users. The only users that use LAUA are Lawson Administrators (myself and one other person). Is there a relatively simple way to do this using Lawson Security (I've written conditional rules on other security issue...)?
        John Henley
        Posts: 3353
        8/7/2007 11:33 PM
          You would need to write rules using the PROCLEVEL emp group. There are some examples of this (unfortunately there for AP not HR) in the 'Implementing Lawson Security' documentation...
          Thanks for using the LawsonGuru.com forums!
          John
          Shari
          Veteran Member
          Posts: 78
          Veteran Member
          8/9/2007 12:35 PM
            Thanks, John. I took a look at the documentation and I can see that I need to hard-code a process level. I'm trying to think if there is any way I can make this dynamic...

            Here is our situation...We have about 18 process levels (representing 18 different retirement communities). There are one or two employees that would need this security role to them per community. Ideally, I would like to write a rule that dynamically gives an employee has access to their own process level assigned on their HR11 record. Is that possible?

            From reading the documentation - sounds like I would either need to create 18 different security classes and roles...or I'm thinking, would a custom attribute in their LS record work?

            -Shari
            MattM
            Veteran Member
            Posts: 82
            Veteran Member
            7/1/2008 2:48 PM

              You could use a custom attribute or write a rule on the element group that looks at the users process level in their employee record.

              Shari
              Veteran Member
              Posts: 78
              Veteran Member
              7/1/2008 2:54 PM

                We ended up created a custom attribute using the RM Schema editor.  Because we use LDAP (ADAM) I couldn't even think of a way to look up someone's employee record based because LS sits outside of Lawson.  How would that even be done?  Just curious....Thanks.

                -Shari

                MattM
                Veteran Member
                Posts: 82
                Veteran Member
                7/1/2008 3:01 PM
                  The process level for a user contained within their HR11 record is stored in the EMPLOYEE table and could be found using a getdbfield function if I understand what were trying to do.
                  klive
                  Veteran Member
                  Posts: 40
                  Veteran Member
                  7/1/2008 5:48 PM
                    you could go to the form, in this case hr11.1 and write a rule there that looked in the employee table at the proc_level and then compared it to what was on the form...or you could write a rule that said if user is then only grant access to the suggested Proc_level...we actually created the unique attribute and used the group element rule to accomplish the task...