PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 2/3/2022 3:06 PM by  John Henley
Security Tables
 13 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Carla Branda
Sr. Systems Analyst
Private
Basic Member
(20 points)
Basic Member
Posts:8


Send Message:

--
1/19/2022 7:24 PM

    We are on prem with Infor Lawson and LTM. Are there tables (look up type tables) that list security Roles and Groups? I need to refer to them during a process flow. I have searched to no avail. Thanks for the assist.

    Greg Moeller
    Private
    Private
    Veteran Member
    (4115 points)
    Veteran Member
    Posts:1467


    Send Message:

    --
    1/19/2022 7:50 PM
    There are tables (to an extent).... If you can figure out how to get the Lawson AD structure set up as a data source.
    You'd have to go through the AD structure for Lawson. Not your corporate AD, but just the one for Lawson that contains the information.
    Greg Moeller
    Private
    Private
    Veteran Member
    (4115 points)
    Veteran Member
    Posts:1467


    Send Message:

    --
    1/19/2022 7:53 PM

    I've got a shell script that uses ldapsearch commands to create a static html file... since the data doesn't change all that often, we can just refresh the html file once a day or even less often...

     

    Attached should give you an idea at least...  creates an html file of all of the groups and their members.

    Attachments
    Kwane McNeal
    President
    Private
    Veteran Member
    (1431 points)
    Veteran Member
    Posts:477


    Send Message:

    --
    1/19/2022 8:15 PM
    Carla,
    Roles and Groups from which part of the product, LSF or LTM? If you’re referring to LSF, then Greg is correct. If you’re referring to LTM, then some of it is in the LTM productline, and some in the Landmark GEN productline.
    Greg Moeller
    Private
    Private
    Veteran Member
    (4115 points)
    Veteran Member
    Posts:1467


    Send Message:

    --
    1/19/2022 8:21 PM
    Oh, yeah... sorry. Way to keep me honest, Kwane.
    Carla Branda
    Sr. Systems Analyst
    Private
    Basic Member
    (20 points)
    Basic Member
    Posts:8


    Send Message:

    --
    1/19/2022 8:50 PM

    Thank you both

    Both: S3 roles and groups, and LTM roles

    I need to review each user's roles and groups to determine if they need a change in a few permissions based upon other criteria like job code, pay grade, etc. We do not have Infor OS implemented. 

    As I write this, I am relaizing the lookup tables would not help, So, this dicussino helped me clear my mind around that part.

    Thank you anyway!

    Greg Moeller
    Private
    Private
    Veteran Member
    (4115 points)
    Veteran Member
    Posts:1467


    Send Message:

    --
    1/19/2022 9:03 PM
    Whether or not InforOS is implemented won't matter to my script.
    John Henley
    Private
    Private
    Senior Member
    (9887 points)
    Senior Member
    Posts:3313


    Send Message:

    --
    1/31/2022 4:25 PM
    Hi Carla. You did say you wanted to do this in a flow, and you're on-prem. So, you do probably have the option of configuring the Lawson S3 LDAP in IPA configuration, which requires a server, port, credentials, and LDAP root. You then use the LDAP query node in your flow to retrieve the roles and groups, etc. Very bare metal, but it will work for what you want. Depending on your configuration, you'll likely need to work with your network folks to get a port opened to your desktop for testing--or use an RDP connection into a server that has IPD installed--and has network connectivity to the ldap server/port. (Once you have your flow working, you can have this rescinded, and make sure that similar path is available from the IPA server to LSF server -- which is usually not an issue).
    Thanks for using the LawsonGuru.com forums!
    John
    Randy
    Systems Administrator
    Rochester Regional Health
    Veteran Member
    (119 points)
    Veteran Member
    Posts:43


    Send Message:

    --
    2/1/2022 5:37 PM
    As S3 and LTM are synched , the user (Actor) roles will end up in LTM tables. I have an Excel refreshable spreadsheet that uses a SQL query to retrieve all Actors and roles and displays in a Pivot. I can send the SQL along if anyone interested.
    Carla Branda
    Sr. Systems Analyst
    Private
    Basic Member
    (20 points)
    Basic Member
    Posts:8


    Send Message:

    --
    2/1/2022 6:48 PM

    yes, correct, from both products: S3 and LTM

    Carla Branda
    Sr. Systems Analyst
    Private
    Basic Member
    (20 points)
    Basic Member
    Posts:8


    Send Message:

    --
    2/1/2022 7:01 PM

    Yes, I found the LDAP tables. This will reruire a loop to gather each role and group for each user correct?

    Carla Branda
    Sr. Systems Analyst
    Private
    Basic Member
    (20 points)
    Basic Member
    Posts:8


    Send Message:

    --
    2/1/2022 7:03 PM

    Hello

    Yes please. I am interested, thank you.

    Randy
    Systems Administrator
    Rochester Regional Health
    Veteran Member
    (119 points)
    Veteran Member
    Posts:43


    Send Message:

    --
    2/1/2022 9:43 PM

    Carla - Not sure if you wanted this/or if this is what you need. WHen the excel sheet data is refreshed, All LTM actor/security roles will populate the Data/Pivot sheets.

    Attached files.

    SQL file s/b self explanitory. Run it in SSMS/Query tool to verify.

    Excel FIle will need some changes and hopefully will just refresh. Goto Data/COnnections and select the properties on stored connection "LWS-DB-1". In the Definition tab change all the particulars to your LTM/S3 DB server. You need to change the SERVER=, UID=,PWD= and DATABSE= to match your envirenment. UID/PWD must be SQL Server login credentials. Yes, Excel stores PWD info, but no getting around that. If you make the changes and refresh, verything should repopulate with your data. You will be asked to save password with connection, just say yes.

    DRIVER=SQL Server;SERVER=LWS-DB-1;UID=lbireport;PWD=sqlpwd;APP=Microsoft Office 2010;;DATABASE=LWSProd

    Attachments
    John Henley
    Private
    Private
    Senior Member
    (9887 points)
    Senior Member
    Posts:3313


    Send Message:

    --
    2/3/2022 3:06 PM

    Carla, earlier in your post you said you were trying to query/update within a flow. So I would caution you against using too much custom scripts/SQL, etc. and just stick to the tools that are available to you within IPA. This is important particularly if you ever intend to go to hosted CloudSuite, since you only can use supported tools. In particular, if you are looking for *defined* roles and groups, then you need to look at the LDAP data using LdapQuery node. If you are looking for the roles and groups *assigned* to users, then use ResourceQuery.

    Thanks for using the LawsonGuru.com forums!
    John
    You are not authorized to post a reply.