Types of securable objects

The table that follows describes the main types of securable objects to be used when writing rules using a functional profile for normal users.

Type Description
Online

This includes the system codes and programs that online forms belong to as well as online forms and the objects they contain. To write rules for a form and the objects it contains, you must also explicitly select and grant access to the category (system code) and program that contain the form. If you grant or deny access to a system code for a form, you also are granting or denying access to all of the files in the same system code.

If you grant access to a form, that access includes access to all of the objects on the form unless you write separate rules that explicitly deny or limit access to the objects on the form.

Online forms contain the following securable objects:

  • Fields

    This includes the input fields, output or display-only fields, and hidden fields for a specific form. Contrast this to database file field security, which applies to a file field whenever it appears in a Drill Around or Select list.

  • Command buttons

    You can grant or deny access to command buttons (buttons or links that allow you to move to a subform). However, access to a button does not mean that a user has access to the subform that the button or link leads to. You must also grant access to that subform.

  • Local transfer links

    You can write rules for local transfer links but Lawson Security does not yet recognize those rules.

  • Form tabs

    You can write rules for any of the tabs on a form, including those for a detail area and including tabs that appear on tabs.

  • Detail areas

    You can grant or deny access to the detail area of a form as distinguished from the header area.

Element

Elements (that is, the global definition of a field)

Security rules for an element affect a user's access to any field based on that element, when the user is accessing the field through the Drill Around feature or in a Select list.

If you grant access to a form and the files it uses, access at the element level is assumed. You can then use element security to restrict access to specified elements.

File

Database files and their fields

To write rules for a file and its fields, you must also explicitly select and grant access to the category (system code) the file belongs to. If you have granted access to a system code (such as you might have done to give access to a form), that access includes access to all files for the system code. If you grant or deny access to a system code for a file, you also are granting or denying access to the same system code as far as online forms are concerned.

If you grant access to a file, that access includes access to all of the fields in the file unless you write separate rules that explicitly deny or limit access to the fields in the file.

Security rules for a file or field affect a user's access to that file or field, when the user is accessing the field through the Drill Around feature or in a Select list.

Data Source

Data areas and data IDs

You must explicitly grant access to a data area or data ID in order for users to have access to any data, either on forms, the Drill Around feature, or Select lists.

Resource Management Securable Object

You can grant access, deny access, specify unconditional, and write conditional rule to all securable objects.

Note: By default, securable identities and service are disabled. To enable this feature, add the server.authorization.secureServicesAndIdentities.enabled=true to lsservice.properties entry.