Building Rule Conditions

For this rule condition, use the following sensitive transactions and the associated authorizations, attributes and values:
Transactions Authorizations Attributes Values
MASS Mass Change NA NA NA
ME21 Create Purchase Order M_BEST_WRK Plant in Purchase Order (CM) ACTVT Activity 01
M_BEST_EKO Purchasing Organization in Purchase Order (CM)
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)
ME22 Change Purchase order M_BEST_WRK Plant in Purchase Order (CM) ACTVT Activity 02
M_BEST_EKO Purchasing Organization in Purchase Order (CM)
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)
ME24 Maintain Purchase Order Supplement M_BEST_EKO Purchasing Organization in Purchase Order (CM) ACTVT Activity 02
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)
ME25 Create PO with Source Determination M_BEST_WRK Plant in Purchase Order (CM) ACTVT Activity 01
M_BEST_EKO Purchasing Organization in Purchase Order (CM)
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)
M_BANF_WRK Plant in Purchase Requisition (CM)
M_BANF_EKO Purchasing Organization in Purchase Requisition (CM)
M_BANF_EKG Purchasing Group in Purchase Requisition (CM)
M_BANF_BSA Document Type in Purchase Requisition (CM)
ME27 Create Stock Transport Order M_BEST_WRK Plant in Purchase Order (CM) ACTVT Activity 01
M_BEST_EKO Purchasing Organization in Purchase Order (CM)
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)
ME28 Release Purchase Order NA NA NA
ME45 Release RFQ M_EINK_FRG Release Code and Group (Purchasing) (CM) NA NA
ME59 Automatic Generation of PO's M_BEST_WRK Plant in Purchase Order (CM) ACTVT Activity 01,02
M_BEST_EKO Purchasing Organization in Purchase Order (CM)
M_BEST_EKG Purchasing Group in Purchase Order (CM)
M_BEST_BSA Document type in Purchase Order (CM)

To build the rule condition for a Sensitive Transaction rule:

  1. Select one of the following operators:
    • Any: If you select this operator, users or roles assigned one or more of the transactions along with the associated authorizations selected in this condition are displayed as violations.
    • All :If you select this operator, users or roles assigned all the transactions along with the associated authorizations selected in this condition are displayed as violations.

      For this example use Any .

  2. Click Add Transaction to open the Browse Transactions window. Any of the following tabs displayed in the Browse Transactions window may be used to add transactions:
    • Quick Add : The Quick Add tab enables users to add all the required transactions either by typing them in or copying then from an Excel spreadsheet.

      Infor Risk & Compliance validates these transactions before they are added to the rule condition. If one of the transactions is invalid, it is highlighted in red and none of the specified transactions are added to the rule condition. Users must delete the invalid transactions and add only the correct transactions.

    • Select Objects : The Select Objects tab enables users to browse for and add the required transactions. From the Select Transactions drop-down list select all the transactions listed in the above table. Alternatively, click the Browse button to browse for and select all the transactions and then click Add . The selected transactions are added to the panel.
      Note: 
      • Select the check box Add all related authorizations and authorization attributes for each Transaction to add all the authorizations associated with all the transactions selected for this rule. When you do this, the Add all related values for each attribute check box is also enabled. Select the check box to add all the values associated to the selected attributes.
      • For this rule these check boxes have not been selected as all the associated authorizations, attributes and values are not added.
    • Copy Condition : The Copy Condition tab enables users to copy the required condition from an existing rule.
      1. From the Select rule drop down list select the required rule . The rule condition for the selected rule appears in the panel below.
      2. Select the check boxes next to the required transactions.
      3. Click ADD. The transactions are added to the panel
      Note:  For this rule, select all the transactions listed in the above table from the selected rule.
  3. To add the authorizations using the Add Authorizations link:
    1. On the rule builder panel, expand the transaction. The Add Authorizations link is displayed.
    2. Click Add Authorizations to open the Browse Authorizations window and add authorizations using either the Quick Add or the Select Objects tab :
      • Quick Add : The Quick Add tab enables users to add all required authorizations either by typing them in or copying then from an Excel spreadsheet. For this rule, type in all authorizations listed above or copy them from an Excel spreadsheet.
      • Select Objects : The Select Objects tab enables users to browse for and add associated authorizations to the transactions. From the Select Authorizations drop-down list select all the associated authorizations listed in the above table. Alternatively, click the Browse button to browse for and select the authorizations and then click Add. The selected authorizations are added to the panel.
      Note: 
      • Select the check box Add all related attributes for each authorization to add all the attributes associated with all the associated authorizations selected for this rule. When you do this, the Add all related values for each attribute check box is also enabled. Select the check box to add all the values associated to the selected attributes.
      • For this rule these check boxes have not been selected as all the associated attributes and values are not added.
  4. To add the attributes using the Add Attribute link:
    1. On the rule builder panel, expand the authorization. The Add Attributes link is displayed.
    2. Click Add Attribute to open the Browse Attribute window. Either of the following tabs displayed on the Browse Attributes window may be used to add attributes:
      • Quick Add : The Quick Add tab enables users to add the required attributes either by typing them in or copying then from an Excel spreadsheet. For this rule, type in the attribute listed in the above table or copy it from an Excel spreadsheet.
      • Select Objects : The Select Objects tab enables users to browse for and add associated attributes to the authorizations. From the Select Attributes drop-down list select all the associated attributes listed in the above table. Alternatively, click the Browse button to browse for and select all the associated attributes and then click Add . The selected attributes are added to the panel.
      Note: 
      • Select the check box Add all related values for each attribute to add all the associated values for this rule
      • For this rule these check boxes have not been selected as all the associated authorizations, attributes and values are not added. This rule condition uses only the ACTVT Activity attribute.
  5. To add the values, expand the attribute. The operator drop-down is displayed. From the drop-down list, select one of the following operators:
    • Any : If you select this operator, users or roles assigned one or more of the selected values associated with the selected attributes in this rule are displayed as violations.
    • All : If you select this operator, users or roles assigned all the selected values associated with the selected attributes in this rule are displayed as violations.
      Note: For this example use Any.
  6. Click Add Value to open the Browse Values window. Either of the following tabs displayed on the Browse Values window may be used to add attributes
    • Quick Add : The Quick Add tab enables users to add the required values either by typing them in or copying then from an Excel spreadsheet.

      For this rule, type in all values listed above or copy them from an Excel spreadsheet.

      Note:  Infor Risk & Compliance does not validate the values added.
    • Select Objects : The Select Objects tab enables users to browse for and add values to the attributes. From the Select Values drop-down list select all the associated values listed in the above table. Alternatively, click the Browse button to browse for and select all the associated values and then click Add. The selected values are added to the panel.
  7. The Browse Values window also displays the Parameters tab. Use the Parameters tab to add parameters to values:
    1. Type in part of the parameter name in the autosuggest text box. All parameters for the selected values and matching the search criteria are displayed.
    2. Select the required parameters. Alternatively, click the Browse button to browse for and select the required parameters.
    3. Click Add. The selected parameters are added to the panel.
  8. Click Save below the panel to save the rule condition.
    Note: While creating a new rule you can add objects using the following links only once after which the links disappears from the Infor Risk & Compliance user interface:
    • Add Transaction
    • Add Authorization
    • Add Attribute
    • Add Value

    These links are not displayed while editing a rule. For example, users can add a transaction using the Add Transaction link only once, after which the link is not displayed on the Infor Risk & Compliance user interface. To add further transactions, click the previously added transaction on the panel. The Browse Transactions page opens. Users can now add further transactions.

    While adding objects using the Quick Add tab Infor Risk & Compliance currently supports commas, newline character and tab as data separators. If you prefer any other data separator, it can be configured through he RuleBuilderConfig.xml file. For more details, refer to the Infor Risk & Compliance Platform - Configuration Settings document. (Newline is a special character or sequence of characters signifying the end of a line of text.)
    • The Browse Transactions, Browse Authorizations, Browse Attributes, and Browse Values pages display data from multiple connections. The user can search for the required objects using the multiple search filters on these browse pages.
    • To re-name a condition group on the rule builder panel, double click on the group and provide the preferred name.