LSF 901 Security, Securing Company

Hi,
Has anyone done Company security (on mulit Compnay settings)?

Please share how you secure a Company view for a multi-company setting.
We have quite a number of Companies in our setup, I got a request to limit some users access to one Company. I created a class and Secure the Company by Element COMPANY, assign the class to role, assign the role to the user. I then added the Company ID to the Users RM CompanyControl attribute. It worked on a form where only the company ID is required as input (ex GL10) but didnt work on other forms where more than the Company ID is required for input (Ex. GL90).
Any help would be appreciated.
Thanks

Find more posts tagged with

Infor Lawson Technology Group - Discussion

Comments

moellerg

Hello!

We have the need here too. I've got something done, but not completely tested. I created a class, am doing security by the Element COMPANY.. but I've written the following rule in.

if(user.attributeContains('CompanyControl',lztrim(COMPANY)))
'ALL_ACCESS,'
else
'NO_ACCESS,'

This way, we modify the users LSA record and modify the 'CompanyControl' attribute.... giving them access to what company or companies that they need.

There is one sticking point... if you use activites, the "security code" in AC00 is checked against the company control attribute. All of our activity groups were mapped to a code (999) for instance and we got security violations all over the place until we added 999 to our company control for the users who needed to access activities.

Also, there are some possible concerns for ESS, but I haven't been able to nail those down yet. I'd appreciate any feedback as you move forward.

unknown

Good morning,

We actually require two levels of Company - full update, or just Inquiry access.
We had to add a new Attribute on the RM to accommodate the Inquiry Level.
We then had to create a Company Control to check whether it is full or Inq only on the Company Control Security Class.

unknown

If you require further information give me a call - 203 230 3988.

unknown

Here's what we use against the COMPANY Element
if(((SystemCode='AP'||'PO'||'CB'||'RQ'||'IF'||'WO'||'WH'||'IC'||'MA'||'AM'||'AC'||'TX'||'TE'||'AR'||'GL')&&user.attributeContains('CompanyControl',lztrim(COMPANY))))
'ALL_ACCESS,'
else
if(((SystemCode='AP'||'PO'||'CB'||'RQ'||'IF'||'WO'||'WH'||'IC'||'MA'||'AM'||'AC'||'TX'||'TE'||'AR'||'GL')&&user.attributeContains('CompanyLimited',lztrim(COMPANY))))
'I,'
else
'NO_ACCESS,'

cbatiao

Thank you very much for the response Peter & Greg.

I will give it another try, would update this discussion later -
Peter, I might call you

unknown

This has been in PROD for years.
The only exception to this, is that we created a totally separate Security Class for RQ, as we were having issues with Searching the Item Descriptions which was impacting response dramatically, and we/Lawson identified this was specific for Company (wait for it!) - 0000.

cbatiao

Hi, unfortunately the Rule on the Element doesnt work using the elementAtribute, it worked in GL10, but not in GL90:
if((user.attributeContains('CompanyControl',lztrim(COMPANY))))
'ALL_ACCESS,'
else
'NO_ACCESS,'

I have a general class with full permission on the TABLE Securable type , could this be the issue?

2011-10-27_CH-Stammtisch_2.pdf

unknown

Yes probably.
Always the highest level of access will always win through.
I presume that the full permission is only for GL90 and not for GL10 - correct?

0712131256598360.doc

cbatiao

Strangely the GL10 & GL90 are in the same Role, I tested for one user only

unknown

Does the User have any other Roles that could create a conflict.
The only real way to test is to do it with only the Role you have updated.
I created a User in both TEST and PROD just for this purpose, as some of our Users have 'a lot' of Roles which could impact what I am having to test.

cbatiao

you are correct, I am leaning towards that too. THanks

cbatiao

Hi, just thought of updating this session for closure.
This is now resolved, by applying these changes.
1. Add the company codes on the users (RM) CompanyControl attribute
2. Create a Class, with Element Rule and ElementGroup Rule (this is the key reason - I didnt have the Element Group Rule applied before).
the Rule for both is:
if (isElementAccessible('CompanyControl',lztrim(COMPANY))
'ALL_ACCESS,'
else
'NO_ACCESS,'
3. Create a new Role, add only this class to the new Role
4. Assign the Role to the user

Regards,

0904080939293831.xls

abissa

It works on online forms. However, it does not work on batch jobs like gl291 and rw100. Any suggestion?

Copyright © 2025 Infor. All rights reserved.