Creating conditional rules

You can use predefined security rule conditions that are available in the application to configure security classes for modules that do not have a full set of rules. Use this procedure to create security classes from templates and update the security rules with the desired conditions for business classes that do not already have security rules.

  1. Use these steps to find all references to the business class to which you want to add a conditional rule:
    1. Sign in with the Administration Console role and select Security > Security Reports > Securable Object Policy
    2. Click Create Securable Object Report, specify this information, and then click OK to generate the report: Business Class in the Securable Object Type field, and
      Filter By
      Select Security Class to filter the report records of the business class by security class.
      Securable Object Type
      Select Business Class.
      Run For Single Securable Object Name
      Select this check box to run the report for a single business class.
      Securable Object Name
      Specify the name of the business class. This field appears if you select the Run For Single Securable Object Name check box.
      Caution: 
      Business class name is case sensitive. You must specify the business class name exactly as it appears in the system or it is not included in the report.

      For more information about the Securable Object Policy report, see Infor Landmark Technology User Setup and Security.

    3. If you generated the report for more than one business class, filter the records by the Sec Object Name column, specifying the name of the desired business class.
    4. Make a note of the security classes that reference the applicable business class. You can export the report results by clicking Export to CSV or Print To File.
  2. For each security class that references the applicable business class, use these steps to create a copy of the template security class that you want to update with a conditional rule:
    1. Select Security > Security Classes > Copy Security Class.
    2. On the Security Class Copy form, specify this information and click OK:
      From Security Class
      Select the template security class from which to make a copy. The template has _ST appended.
      To Security Class
      Specify a name for the new security class. Do not include the _ST suffix.
  3. Select Security > Security Classes > Security Class List and open the new security class.
  4. Update the security rule with the applicable condition to make the business class accessible only when a security group allows access.
    The unconditional security rule is displayed in the LPL section of the security class. For example:
    PurchaseOrderLine BusinessClass
    		is accessible
    			for all actions
    			unconditionally
    

    To add a condition, change the unconditionally statement to one of these options:

    Business Class Field Type Condition
    Corresponds to a security group type. For example, cash code.
    when (<SecurityGroupType>.SecurityGroupAllowsAccess)

    For example:

    when (CashCode.SecurityGroupAllowsAccess)

    These are the available security group types:

    • AccountingEntity
    • AccountingUnit
    • Project
    • ProjectContract
    • CashCode
    • CashManagementAccount
    • GeneralLedgerChartAccount
    • FinanceDimension<number>: use a two digit number for finance dimension. For example, FinanceDimension07.
    Company key
    when (Company.SecurityGroupAllowsAccess)

    You can configure conditional security rules for business classes that have any of these high-level keys:

    • PurchasingCompany
    • BillingCompany
    • FranchiseCompany
    • InventoryCompany
    • SourcingCompany
    Group key
    when (<GroupType>Group.BusinessGroupAllowsAccess)
    For example:
    when (ItemGroup.BusinessGroupAllowsAccess)

    You can configure conditional security rules for business classes that have any of these high-level keys:

    • ItemGroup
    • ProcurementGroup
    • ContractGroup
    • SupplierGroup
    • SourcingGroup
    • RecallGroup
    • BusinessGroup
    Customer group key
    when (CustomerGroup.CustomerGroupAllowsAccess)
    Using the previous example of PurchaseOrderLine and a conditional for company, this is an example of the modified security rule:
    PurchaseOrderLine BusinessClass
       is accessible
          for all actions
          when (Company.SecurityGroupAllowsAccess)
  5. When you have finished updating the security rule with the applicable condition, click Save.
The new conditional rule filters all lists if the actor belongs to an associated security group. If you only want to filter certain lists instead of all lists for a business class, use the same condition as an Instance Selection at the list level using Application Configuration.

See the Configuration Console User Guide Cloud Edition.