Securing batch jobs and reports by user name

In earlier versions of Infor Lawson System Foundation, user groups, distribution groups and distribution list groups provided the ability to ensure that users saw only appropriate jobs and reports, either only their own or only those created by members of the groups they belonged to.

This topic contains examples of rules that provide this type of security using RM groups. You will need to create a similar rule / class at your site and assign it users through their roles.

Because of operating system differences, separate examples are provided for Unix / IBM i and for Windows. Be sure to follow the examples that apply to your installation.

Prerequisite knowledge

Before you write rules similar to those described here, you must be familiar with the Lawson Security Administrator, including the Expression Builder tool for writing custom rules. (Step-by-step instructions for using Expression Builder are elsewhere in this document.)

You (or someone at your site) must also know how to assign the classes (rules) you create here and then assign them to users through their roles.

Example rule for Unix and IBM i

In this example:

  • A user who is a member of HRGROUP can access all jobs and reports of HRGROUP members.

  • HRGROUP is a Group that you have created (or will create)

  • "getHostServiceID" and "isMemberOf" are functions available with Expression Builder

UserName==user.getHostServiceID()||isMemberOf('HRGROUP',UserName)&&user.isMemberOf('HRGROUP')
'ALL_ACCESS,'
else
'NO_ACCESS,'

Example rule for Windows

In this example:

  • A user who is a member of HRGROUP can access all jobs and reports of HRGROUP members.

  • HRGROUP is a Group that you have created (or will create)

  • "getHostServiceID" and "isMemberOf" are functions available with Expression Builder

  • HRGROUP is a Group that you have created (or will create)

  • "getHostServiceID" and "isMemberOf" are functions available with Expression Builder

UserName==user.getHostServiceID()||isMemberOf('HRGROUP',getRMIdForEnvOSId(UserName))
    &&user.isMemberOf('HRGROUP')
'ALL_ACCESS,'
else
'NO_ACCESS,'