How to restrict certain users’ ability to delete queued jobs in Lawson job scheduler

, ,

Follow the steps below to learn how to restrict certain users’ ability to delete queued jobs in Lawson job scheduler.

  1. Create a new role named ‘BatchRestrictedRole’ using the Lawson RM Administrator tool.
  2. Next, in the Lawson Security Administrator (LSA), generate a new Security Class for the GEN profile and name it ‘BatchRestricted.’
  3. Within LSA, associate the ‘BatchRestricted’ Security Class with the ‘BatchRestrictedRole.’
  1. Now, let’s establish the rules for the Batch Restricted security class:
    1. Online: CAT UN
      • Grant All Access
    2. Data sources: GEN
      • Grant All Access
    3. Files: JOB, JOBSTEP
      • Grant All Access
    4. Elements: UserName
      • Grant All Access
    5. Files: QUEUEDJOB
      • Unconditional Access for Action Add (A) and Action Inquiry (I)
    6. More Security context:
      • Action Add (A) enables ability to add batch jobs
      • Action Inquiry (I) enables ability to view and run queued jobs
      • Action Delete (D) enables ability to kill running jobs
      • Action Update (M) enables ability to remove completed jobs
  1. Assign the newly created ‘BatchRestrictedRole’ to users. Ensure that these users do not possess any existing roles that grant full access to QUEUEDJOB. You can verify this by running a user security report for the GEN profile and searching for QUEUEDJOB.
  1. Please take note that, depending on your specific security requirements, you may opt to impose further restrictions on other objects within the security class.
  1. Keep in mind that while users will still see the option to delete a job, they will receive messages such as ‘User does not have access to queued job’ or ‘User Does Not Have Security Access To Delete This Job Log’ when attempting to delete jobs.

LBI CRAS Error – The system cannot find the path specified

, ,

If you are getting the following CRAS error message “The system cannot find the path specified” on every single LBI report that you try to run, then it is likely that the issue is with the CRAS configuration. To validate the configuration, first open the CRAS configuration manager. Next, double-click on each of the CRAS servers. You will need to validate that the “Report Directory” under the “Parameters” tab is set to an asterisk (*).  If the parameter needs to be updated, you must first stop the CRAS server you are working with, make the change, and then restart it. (Refer to the screenshots below for reference).

Increase Landmark session timeout value

, ,

From the Landmark server admin command prompt, run the command and answer the questions:

 

secadm -m

  • Maintain Single Sign On Configuration (Option 14)
  • Configure Lawson Single Sign On (Option 2)
  • Select SSL or TCPIP (Option 1 or 2)
  • Enter the service to use to sign on (ex. SSOPV2)
  • Enter a time out value in minutes for sign on sessions (default is 60)
  • Enter a time out value in minutes for orphaned sessions (default is 360)
  • Type e to Exit

Note: You must perform a system restart for the changes you made here to take effect.

To verify the current WebUI session timeout value:

From a web browser, navigate to:

https://LandmarkWebServer:port/ssoconfig/SSOCfgInfoServlet

Look for the PROPERTY name=”sessionto” value

NOTE: Landmark and Ming.le / Lawson Portal session timeout should have the same value (default is 60 minutes)

 

How to delete unwanted Lawson AP Batches

, ,

So, you have some Lawson AP batches (AP25.1) that you can’t release or delete? We can fix that.

 

Resolution:

There’s a simple solution for this instance. You can easily delete these batches in AP25.2.

 

First, you will need to enter the company and batch number and then click Inquire:

 

After you successfully inquire, select the delete button (If it doesn’t appear it may be in a drop down on the top bar).

 

You will also need the proper change access to perform this so if you’re receiving a security violation or don’t see the delete button, you don’t have the proper access.

 

Good luck!

LBI error “unable to connect to the server: usspw154”

, ,

If you receive the Crystal Reports error message “Unable to connect to the server” when attempting to run a report in LBI, it is likely that your server information is not configured correctly in the ClientSDKOptions.xml file. There is a quick solution for this.

To validate the server configuration, navigate to: <LBI Install dir>\ReportingServices\Reporting Services.ear\erswar-10.6.0.0.war\WEB-INF\classes\clientSDKOptions.xml and <LBI Install dir>\ReportingServices\Reporting Services.ear\erswar-10.6.0.0.war\WEB-INF\lib

If the server details do not match the host server, update it with the correct ports.  If you have CRAS horizontally scaled, be sure to include server details for each port.

And you’re done! you should not see the error on LBI anymore.

ADFS Timeout

, ,

To check and/or change the Web SSO lifetime within AD FS, follow these simple steps below.

On the server with AD FS (Active Directory Federation Services) access the AD FS Management Console.

  • First, select ADFS on the left
  • Next, select the “Edit Federation Service Properties” on the right-hand side
  • Locate the Web SSO lifetime is at the bottom of the dialog box presented
  • If needed, change the value; the number displayed is in minutes
  • No restart is needed to enable the change

See screen shot below for a visual guide.

 

Login to User for Infor Landmark Updates

, ,

When running cumulative updates in your Landmark environment, it is important to be logged into the server with the correct account.  If you aren’t on the right account, then the updates will fail with little to no explanation for why.

To determine which user needs to log into the server to run update scripts, open Windows Services and look for the Infor ION Grid service.  The account that is running the Grid service is the account that should be logged in.  It is often the local Lawson account, but could also be a domain account. See the screenshot below for reference.