infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
LSF 901 Security, Securing Company
cbatiao
Hi,
Has anyone done Company security (on mulit Compnay settings)?
Please share how you secure a Company view for a multi-company setting.
We have quite a number of Companies in our setup, I got a request to limit some users access to one Company. I created a class and Secure the Company by Element COMPANY, assign the class to role, assign the role to the user. I then added the Company ID to the Users RM CompanyControl attribute. It worked on a form where only the company ID is required as input (ex GL10) but didnt work on other forms where more than the Company ID is required for input (Ex. GL90).
Any help would be appreciated.
Thanks
Find more posts tagged with
Comments
moellerg
Hello!
We have the need here too. I've got something done, but not completely tested. I created a class, am doing security by the Element COMPANY.. but I've written the following rule in.
if(user.attributeContains('CompanyControl',lztrim(COMPANY)))
'ALL_ACCESS,'
else
'NO_ACCESS,'
This way, we modify the users LSA record and modify the 'CompanyControl' attribute.... giving them access to what company or companies that they need.
There is one sticking point... if you use activites, the "security code" in AC00 is checked against the company control attribute. All of our activity groups were mapped to a code (999) for instance and we got security violations all over the place until we added 999 to our company control for the users who needed to access activities.
Also, there are some possible concerns for ESS, but I haven't been able to nail those down yet. I'd appreciate any feedback as you move forward.
Legacy Contributor
Good morning,
We actually require two levels of Company - full update, or just Inquiry access.
We had to add a new Attribute on the RM to accommodate the Inquiry Level.
We then had to create a Company Control to check whether it is full or Inq only on the Company Control Security Class.
Legacy Contributor
If you require further information give me a call - 203 230 3988.
Legacy Contributor
Here's what we use against the COMPANY Element
if(((SystemCode='AP'||'PO'||'CB'||'RQ'||'IF'||'WO'||'WH'||'IC'||'MA'||'AM'||'AC'||'TX'||'TE'||'AR'||'GL')&&user.attributeContains('CompanyControl',lztrim(COMPANY))))
'ALL_ACCESS,'
else
if(((SystemCode='AP'||'PO'||'CB'||'RQ'||'IF'||'WO'||'WH'||'IC'||'MA'||'AM'||'AC'||'TX'||'TE'||'AR'||'GL')&&user.attributeContains('CompanyLimited',lztrim(COMPANY))))
'I,'
else
'NO_ACCESS,'
cbatiao
Thank you very much for the response Peter & Greg.
I will give it another try, would update this discussion later -
Peter, I might call you
Legacy Contributor
This has been in PROD for years.
The only exception to this, is that we created a totally separate Security Class for RQ, as we were having issues with Searching the Item Descriptions which was impacting response dramatically, and we/Lawson identified this was specific for Company (wait for it!) - 0000.
cbatiao
Hi, unfortunately the Rule on the Element doesnt work using the elementAtribute, it worked in GL10, but not in GL90:
if((user.attributeContains('CompanyControl',lztrim(COMPANY))))
'ALL_ACCESS,'
else
'NO_ACCESS,'
I have a general class with full permission on the TABLE Securable type , could this be the issue?
2011-10-27_CH-Stammtisch_2.pdf
Legacy Contributor
Yes probably.
Always the highest level of access will always win through.
I presume that the full permission is only for GL90 and not for GL10 - correct?
0712131256598360.doc
cbatiao
Strangely the GL10 & GL90 are in the same Role, I tested for one user only
Legacy Contributor
Does the User have any other Roles that could create a conflict.
The only real way to test is to do it with only the Role you have updated.
I created a User in both TEST and PROD just for this purpose, as some of our Users have 'a lot' of Roles which could impact what I am having to test.
cbatiao
you are correct, I am leaning towards that too. THanks
cbatiao
Hi, just thought of updating this session for closure.
This is now resolved, by applying these changes.
1. Add the company codes on the users (RM) CompanyControl attribute
2. Create a Class, with Element Rule and ElementGroup Rule (this is the key reason - I didnt have the Element Group Rule applied before).
the Rule for both is:
if (isElementAccessible('CompanyControl',lztrim(COMPANY))
'ALL_ACCESS,'
else
'NO_ACCESS,'
3. Create a new Role, add only this class to the new Role
4. Assign the Role to the user
Regards,
0904080939293831.xls
abissa
It works on online forms. However, it does not work on batch jobs like gl291 and rw100. Any suggestion?
Important Links
Community Hubs
Discussion Forums
Groups
Community News
Popular Tags
ION Connect
ION Workflow
ION API Gateway
Syteline Development
CPQ Discussion Ask a Colleague
Infor Data Fabric
Infor Document Management (IDM)
LN Development
API Usage
FAQs, How-To, and Best Practices
