Hi, all! We are on 9.0 and using LS security. We have a single sign on for our Lawson users using Active Directory bound with ldap. For those users who have access to forms directly (we call them dual users such as payroll clerks, purchasing requestors etc…) and who have self service roles we secure them through rules which seem to be holding pretty well. Such as confined to their own process levels etc... Lawson provides out of the box ESS and MSS standard roles. With a little tweaking these work really well for our "dual users". Has anyone had any experience in securing the drill on the MSS role under the "Direct Reports" bookmark? The reason we are asking is because it comes up as an HTML page rather than an associated form or table. We have secured the drill on the HR11 but that seems to be not connected to MSS. So we need the table that the drill resides on to secure it properly Any thoughts?
Hi, all!
We are on 9.0 and using LS security. We have a single sign on for our Lawson users using Active Directory bound with ldap. For those users who have access to forms directly (we call them dual users such as payroll clerks, purchasing requestors etc…) and who have self service roles we secure them through rules which seem to be holding pretty well. Such as confined to their own process levels etc...
Lawson provides out of the box ESS and MSS standard roles. With a little tweaking these work really well for our "dual users". Has anyone had any experience in securing the drill on the MSS role under the "Direct Reports" bookmark?
The reason we are asking is because it comes up as an HTML page rather than an associated form or table. We have secured the drill on the HR11 but that seems to be not connected to MSS. So we need the table that the drill resides on to secure it properly
Any thoughts?
See these postings for some other discussions of this and similar topics:
https://www.lawsonguru.co...w/topic/Default.aspx https://www.lawsonguru.co...w/topic/Default.aspx https://www.lawsonguru.co...w/topic/Default.aspx
You will need to write generic rules against the EMPLOYEE, PAEMPLOYEE,etc. tables that restrict access to the employee (or an employee's direct reports). In the case of a manager, you will probably need to write element-specific rules that allow viewing of certain fields, but restrict others (like birth date, SSN, etc.). In other words, a manager should have access to their direct reports *work* information, but not their *personal* information...
When she mentioned ESS and MSS roles, those are actually Lawson provided security classes and I thought that having seperate security classes in seperate roles would have distinguised between the Employee and Manager...with that being said is it still necessary to have Element Group rules to get the desired result?