PROCESS_LEVEL conditions in LSA

I am trying to get a condition to work within one of my security classes on a few PR batch programs. I am using PR270 for testing and the condition looks like this:

if((((trim(getDBField('EMPLOYEE','PROCESS-LEVEL',form.COMPANY,form.FR_EMPLOYEE,form.TO_EMPLOYEE))=='XXXX'))||(form.PROCESS_LEVEL=='XXXX')))
   'ALL_ACCESS,'
else
   if((((trim(getDBField('EMPLOYEE','PROCESS-LEVEL',form.COMPANY,form.FR_EMPLOYEE,form.TO_EMPLOYEE))=='YYYY'))||(form.PROCESS_LEVEL=='YYYY')))
   'ALL_ACCESS,'
else
   'NO_ACCESS,'

(Obviously, I have replaced the PROCESS-LEVEL values with XXXX and YYYY.)

When I try saving the job with PROCESS-LEVEL values of XXXX or YYYY, it works fine. When I change it to one that is not XXXX or YYYY, I get a security violation. This is what I want.

However, if I use any EMPLOYEE renage (FR_EMPLOYEE - TO_EMPLOYEE), it allows me to do so. I want it to give a security violation if it is an employee that is assigned to these particular process levels.

Thanks!

Find more posts tagged with

Infor Lawson Technology Group - Discussion

Comments

unknown

I think you need to make the process level a required field. In the case of reports, the security evaluates on the data in the report parameters and not the data in the output of the report.

unknown

Thank you, Mary Beth.

Is there a way to make process-level a required field within the condition?

unknown

I am pretty sure that making PL a required field can be done with LSA - I just don't know the details of how to do this. Maybe someone else can jump in with an example?

2606_2944_BI 204_Introducing Dashboards Layout.mp4

da4913_trw_polen_mixpallete.pdf

don-kintzle

I believe we have done this on PR295, you would need to write a condition on the PROCESS-LEVEL field like below:

if(user.attributeContains('ProcessLevelControl',form.PROCESS_LEVEL))

'ALL_ACCESS,'

else

'ALL_INQUIRES,'

Then that works in conjunction with our DataControl Security class where we restrict by Element Group/Process Control. The above condition forces them to enter a process level the user has access to; else only inquire only access. It's been awhile since I have done some of this but I remember some of the programs didn't use the DataControls/Element groups. If PR270 is one of those then, you may need to use Schema editor to force the field to be required.

if((SystemCode=='HR'||SystemCode=='PA'||SystemCode=='PR'||SystemCode=='LP'||SystemCode=='BN')&&(lztrim(COMPANY)==9010)&&(user.attributeContains('ProcessLevelControl',trim(PROCESS_LEVEL))))

'ALL_ACCESS,'

elseif(SystemCode=='IF'||SystemCode=='GL'||SystemCode=='AP'||SystemCode=='RQ'||SystemCode=='PO')

'ALL_ACCESS,'

else

'NO_ACCESS,'

Copyright © 2025 Infor. All rights reserved.