Creating Rules
A rule describes a specific access right to the system. Some examples:
-
Access to the Employee form (HR11) is granted with no restrictions.
-
Access to HR11 is granted for viewing but not updating.
-
Access to HR11 is granted for viewing and updating.
-
Access to HR11 is granted for viewing and updating but no ability to access drill fields.
When to do it
Rules must exist before you can assign them to security classes (and before you can assign classes to roles).
How to do it: general procedure
To create effective rules you must either have a deep knowledge of the objects (for example, an application suite) for which the rules apply or you must work with a business manager or other staff person who has such knowledge.
Creating effective rules that execute efficiently is one of the most important tasks security administrators perform. It is also the most challenging and the most time-consuming.
By default, users have access to nothing, that is, no application programs, forms, fields, tables, drill fields, job queues, and so on. Access to all these things must be explicitly granted through rules. Be sure to allocate a significant percentage of overall setup time to writing rules.
Lawson delivers roles that are pre-populated with rules and classes that provide examples of typical Lawson jobs, such as AP Clerk and AP Manager. The pre-built roles are intended to be used as examples. Your Lawson consultants will also help you think through access requirements for application suites.
The basic steps are:
-
From the Security Administrator, select an application profile and then click through the screens that bring you to the objects that you want to write a rule for. The rules you write will grant or deny access.
-
When a rule has been created, click the Add rule to class button to link the rule to a class.