Security-Limit ability to add invoice on AP20.1 for specific Payment code only

I am trying to figure out how to write a security rule to limit the ability to add an invoice for specific payment code only on AP20.1.

This is the 1st time we have tried to restrict access base on a value in a field and I am not sure how to do. Usually we restrict access to Inquire, add, change, delete, etc.

Any information on creating this type of rule will be greatly appreciated!
Thanks!

Ford GTL.pdf

Find more posts tagged with

Infor Lawson Technology Group - Discussion

Comments

unknown

You would need to write a conditional rule on AP20.1 (or which ever form) that would look something like the following:

if(form.API_PAY_GROUP == 'HMC')
'ALL_ACCESS,'
else
'ALL_INQUIRES,'

Just sub out whatever field your trying to restrict on (I used form.API_PAY_GROUP) and put in your value ('HMC' in my example) that you want to allow access to. Adjust your permissions accordingly.

unknown

Jeremy,

Thanks for the reply. I have written the conditional rule below, but user is receiving a Security Violation Error when trying to add invoice for the 'ZRO' Payment Code. Any suggestions on why? They have access to AP, AP20, AP20.1 (for ZRO), and all access to AP20.1-20.9.

if(form.API_BANK_INST_CODE=='ZRO')
'ALL_ACCESS,'
else
'NO_ACCESS,'

Thanks!

jreese

They may need access to CB00.4 and maybe other CB00 access to use that payment code. CB00.4 is where the ZRO payment code is created.

unknown

No, access to CB00 isn't necessary because the element is on the AP20 form. Without seeing all the specifics, it's hard to say why that rule wouldn't work. I'm you did the security cache refresh, log out and back in before you attempted to test? Even after doing all that, I have seen a delay until the cache is truly refreshed. Next step would be to enable DEBUG logging for the user you are trying to test with and take a look at the messages in the lase_server_x_x.log files. That's usually pretty helpful and I've been able to figure out any security troubles using that information.

robert-canham

Hi, I think the issue might be that Lawson is particular about field size on alpha fields. So for your ZRO cash code, you want to use 'ZRO ' in the rule. Hopefully that will pick it up.

Also, based on your rule above, users won't be able to view invoices that don't have the ZRO cash code on it. If this is what you intend, you might want to filter the APINVOICE table similarly otherwise they won't be able to use the Next/Previous functionality.

unknown

Thanks for the prior responses.

We are still having trouble as the rule seems to prevent access instead of allowing user to add payment code 'ZRO', 3 positions for API_BANK_INST_CODE. We are a hosted customer, and now since I created the rule they are trying to troubleshoot. They even tested info I gave them and said is should work. Any other suggestions in the meantime?

comkb_proactive_201003.pdf

Copyright © 2025 Infor. All rights reserved.