infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
PRINT MANAGER access - allow other users to access certain users print managers
Legacy Contributor
In LSA security has anyone been able to set up security to allow certain users to access other certain users print managers, as well as , their print manager jobs? If so would you mind sharing how you did it?
Find more posts tagged with
Comments
Legacy Contributor
User groups (in LID, usergrpdef).
Then assign the appropriate group to the RMID (Lawson Environment Information, User Group).
Legacy Contributor
Hi Barb, I have tried that, but it seems that unless your RMID and your OS ID (Managed Identity) match this does not work. Do yours match?
Legacy Contributor
We only allow portal access to back-office users. Their RMID usually matches their AIX ID, however not always. The RMID must match the Active Directory account since we are bound to the LDAP. The AIX id has a 10-character limitation due to the restriction on the RMID entry, so for some users the RMID and OS ID do not match. We have not had trouble with those. We assign the user group ALL to everyone - I don't know if that makes a difference (and that might not meet your requirements). Our self-service-only users who use the "managed identity" are not allowed portal back-office or job submission access and would not be on the Print Manager form.
Legacy Contributor
We are also bound to AD but our RMIDs do not match the AD user account, the SSOP identity does have to match the AD user ID.
We allow some users to look at other print queues based on rules written on BATCHxx security classes in the GEN profile. For example, the rule below on the Username element and the JOB, JOBSTEP and QUEUEDEDJOB files allows users to view and maintain their own batch jobs as well as batch jobs for user HRBATCH:
if(UserName==user.getHostServiceId()||UserName=='hrbatch' )
'I,A,M,'
else
'NO_ACCESS,'
I haven't looked at this in some time so it might not be quite as simple as that.
Legacy Contributor
hrbatch is that a user that you set up or a usergroup?
Legacy Contributor
hrbatch would probably be a Security Class (as a Child of Batch) in ENV
jacob-jellison
I created custom groups and assign those groups to users. Then wrote rules on the 'UserName' element in the GEN profile. See attached screenshot showing example:
If User belongs to 'JQ-PRSystemAnalyst' group and UserName is Member of 'JQ-PRManager' group then allow User "All Access" to UserName GEN data.
Legacy Contributor
HRBATCH is a user that is used to run batch reports that are shared by all HR users. This rule on the user name in the BatchSupervisor security class in the GEN profile allows a user to view reports in other users print managers, assuming that the user has access to the batch program:
if(UserName==user.getHostServiceId())
'I,A,M,'
else
'I,'
Legacy Contributor
awolff01 could you please email me that screen shot, can't read it and cannot enlarge and make it readable. Cheryl.nowacki@mwhc.com
Important Links
Community Hubs
Discussion Forums
Groups
Community News
Popular Tags
ION Connect
ION Workflow
ION API Gateway
Syteline Development
CPQ Discussion Ask a Colleague
Infor Data Fabric
Infor Document Management (IDM)
LN Development
API Usage
FAQs, How-To, and Best Practices
