Types of programmatic security
This section provides a brief overview of the kinds of programmatic security that are available in Lawson applications. The intent is to give an overview to help you understand the examples that follow.
Company and Process Level security
Company and Process Level security is a mechanism for ensuring that users see only data they should see.
In an application, containers (for example, Companies) are created and within those, secondary containers (for example, Process Levels) are created. Users are then assigned to a company and, typically, to a process level within a company. (It is possible to have only one company with multiple process levels.)
Company and Process Level security can be tied to a form. For example, form AP20.1 is coded as a Company and Process Level application which means that Company and Process Level routines will automatically be used with it.
Of the applications that use Company and Process Level security, not all of them use the terms Company and Process Level for the structure. For example, the Human Resources (HR) application does call its structures "Company" and "Process Level," but it also uses additional structures in some cases. The Purchase Order (PO) application uses the terms "Company" and "Location." The Project and Activity Accounting (AC) application uses the terms "Activity Group Security Code" and "Activity." (Application installation documents tell you the appropriate terms for the type of security that is used.) Regardless of what the application calls the type of security, Lawson Security handles it the same way for application forms.
Sections that follow explain how you can determine if Company and Process Level security is used on a form and, if it is, how to write rules that make use of it.
Other types of programmatic security
Lawson applications use other methods that might or might not be based on Company and Process Level to validate user rights to access a program. More information about these kinds of security is in the Appendix to this document.
What is important for a reader of this document to know at this time is that you must determine if a type of application security is in use for an object you want to secure, and, if it is, how to write a rule that leverages the application security.