Posts

How to dump RQ02 approval strings out of a Lawson database

Lawson RQ02 approval strings work hand in hand with Landmark and are setup in different ways per organization. Some use general hierarchal titles and some use individual usernames. Regardless of how you implement it, you want to be able to create a report so you can update them as individuals join/leave/move around the organization

To generate a database dump of all approval strings and their levels using my method, you’ll need read access rights to the LSL database and must be using SQL.

  1. Login to your TEST or PROD database application.
  2. Create a new query window and paste the below SQL code in, one is a screenshot to show syntax highlights and the other is the raw code for your convenience.

  3. Run the query, copy and paste with headers into Excel to filter down the data or edit the query.

I’ve renamed various column names to reflect the different levels and dollar amounts more clearly. Feel free to change the query to your liking. This is only the RQ02 strings, to get the filters for users’ setup in Landmark, check out my article titled: “Generating a simple approval level report from the Landmark database”.

How to Restrict a Specific Form Table Field in Lawson Portal

For this tutorial, we will be restricting a table in CU01.1

  1. Login into Lawson Security Administrator
  2. Load up your default security profile typically titled PROD10 or TEST10
  3. Add a new security class

    Ours will be called TestSecClass
  4. Grant token access to CU01.1
  5. Once this is added, we want to restrict a specific table on CU01.1 to find the table name, go to CU01.1 and press CTRL + SHIFT + O when selecting the field
  6. Back in LSA, set CUC-CURRENCY-CODE to Deny Any Access
  7. Add this new class to a role of your choice. Add the role to a user and test CU01.1. To learn more about how Lawson security handles access, check out my other article titled: “Lawson Security – The Theory of Least Privilege Access Explained”

A Brief Overview into the Lawson Requisition and Approval Process

Lawson allows for requester users to submit requisition orders for their organization. To make sure the orders are valid, Lawson also supports approvers to verify and approve/reject the orders.

The core of this is done by setting up Requisition Locations (RQ01) and Requisition Strings (RQ02) and having a workflow process everything in between.

Requisition Strings can be used in many different ways, but in our example it is to have individual approvers approve for a particular location. This can also be general titles like Manager, VP, etc. or however your organization wants to set it up.

As you can see below, these are strings for Company 100, Requesting Location RQ210 with Approvers starting at Level4 and stopping at Level6. The lower limit on the left is the amount that the users approve orders for and depending on the IPA flow logic, could notify or skip them.

When users track requsitions in say RQ10 for example, they can drill around and see history log via the strings themselves:

This is only half the setup for this particular organization.

 

Approvers have to be setup on the Landmark side via Rich Client or Process Server Administrator web application. This is done via “Filters” and these have to be named accordingly to what your IPA Requisition flow will coincide with.

Below is an example of how we would mirror the RQ02 strings in Rich Client (custom report).

The Level 4, 5, and 6 are the “auth id” that our custom flow matches up on. It then grabs the user from Landmark and send notifications based on where the requisition is in the flow.

Some organizations simply don’t use RQ02 strings as they may find it easier to process everything on the Landmark side.  Landmark does have a set of its own reporting tools and filters (See my other article titled “Generating a simple approval level report from the Landmark database“ for a custom database report I created).

The benefits of RQ02 strings in my experience is that the frontend functional users could setup the strings for the developers to mirror in the back end (or by an automated process if done right).

 

Hope this was helpful in giving you a brief overview of requisitions and approvers.

Generating a simple approval level report from the Landmark database

Lawson natively supports requisitions and a hierarchy requisition approval system within organizations. Some use both the approval strings found in RQ02 and setup filters within Lawson Rich Client (An application in Lawson Landmark). More info on this can be found in another one of our articles titled: “A Brief Overview into the Lawson Requisition and Approval Process”

 

To generate a database dump of all approvers and their levels using my method, you’ll need read access rights to the LSL, IPA, and GEN databases and must be using SQL.

 

    1. Login to your TEST or PROD database application.
    2. Create a new query window and paste the below SQL code in, one is a screenshot to show syntax highlights and the other is the raw code for your convenience.


      Run the query and your results should show as so:
    3. Copy and paste with headers into Excel to filter down the data or edit the query.

I’ve included an Active Status to show which locations are active or inactive. This can be changed in RQ01 per company and location.

Feel free to optimize the query to your likings if you see any inefficiencies. Remember, this is only for approval levels on the landmark side, not the RQ02 strings themselves.

Lawson Security – The Theory of Greatest Privilege Access Explained

When Lawson left LAUA security, it redesigned its hierarchical security as so:

  • Roles
    • Classes
      • Tokens (or rules)

These all followed the theory of the greatest privilege access since v9

 

What does this mean?

In the simplest form, it means that if there is an ALL_ACCESS and a DENY_ACCESS rule within the same class or role, the ALL_ACCESS wins and grants access to the rule.

 

Real world example:

Problem: Say you wanted to grant a user access to view an AP form but noticed that the form itself shows a vendor’s number under the TAX ID field.

 

If the vendor does not have a vendor number, typically they use their social security number and this is added to the TAX ID field which is a field on the APVENMAST table.

 

If we set DENY_ACCESS on the TAX ID field within APVENMAST as shown below:

When the user loads the AP form up again, that field will appear blank or greyed out.

 

Let’s say this user eventually takes on newer tasks and gets a new role assigned to them to submit requisition orders and this newly assigned access inadvertently grants ALL_ACCESS to the APVENMAST table.

This new access now overrides the DENY_ACCESS set on the TAX ID field and the user can now once again see the TAX ID field and reveal sensitive information such as a vendor’s social security number.

 

I hope this helps when designing your security for employees.

How to Analyze a Cloud-based Log Quickly in Lawson

In a Lawson Cloud environment, its difficult to get logs off the server since now you’re likely restricted to FTP access and the latest logs are currently being written to by the server itself, thus throwing a deny exception when trying to download the latest logs from FTP.

I previously made another article on this explaining a work around for this but that takes a few extra steps and time. This is a quicker command line method if you need to test something immediately.

 

  1. First login to Lawson Interface Desktop
  2. Go to the directory in which the logs exist
  3. Type this command: tail -500 <name of log file being written to> | lashow
  4. Example: tail -500 ios.log | lashow

As you see above, this uses the tail command combined with -500 parameter which returns the last 500 lines written to the log. You can change -500 to whatever amount of lines you want to return (the more the longer it takes to load)

The optional piped LASHOW command is to open this in a separate scrollable and searchable window within LID.

This becomes especially useful when testing live forms or code in Lawson.

 

Good luck!

How to find a Lawson user ID from an HR11 Employee ID

Some Lawson Security systems are setup with a form of the user ID being a combination of the last name with middle initials / first name initials.

Something like DoeJ for John Doe. Often users get their names updated due to a marriage or divorce and their user ID never gets updated along with their last name.

  1. To find the user by employee number, we need to first go to HR11 and find the user by their new last name to uncover their Employee ID.
  2. For this example, let’s say we search John Doe and it returns an employee ID of 264
  3. Now open Lawson Security Administrator and go to User Management >> Manage Identities
  4. Once in Manage Identities under “Services”, select the employee identity service, ours is named TEST10_EMPLOYEE:
  5. Select employee = <employee ID> and click Add Criteria
  6. Once the criteria is added, Execute Query
  7. You’ll be put to the results tab and if that user exists in Lawson security, it will show as so:

That’s all there is to it!

 

Downloading Logs for review in a Lawson Cloud Environment

In Lawson v10, Admin users would have direct access to system logs but in the cloud, you’re access is limited to FTP access.

Problem: Reviewing IOS and LADB logs live is more difficult through FTP since you’re unable to download or view a file that is currently being written to. To get around this you simply use the copy line command or cp.

 

To understand this process, follow the steps below:

Step 1: Open LID and connect to the Lawson environment you want to access logs from.

 

Step 2: Go to %LAWDIR%\system directory

 

Step 3: Create a new folder in %LAWDIR%\system directory, command is: mkdir temp_logs (this will create a folder called temp_logs)

 

Step 4: In %LAWDIR%\system type this command (change based on your log names):

cp *ios_lsapp*.log temp_logs

 

Step 5: Go to %LAWDIR%\system\temp_logs and run the ls command to view your copied log files or simply download them from the FTP.

 

Here is a screenshot of my results:

Preparing for Lawson Year-End Regulatory Patching

It’s that time of year again! Infor has released the regulatory patching for Lawson. Patching affects 1099 reporting, benefits/ACA, and payroll. We have compiled some tips to help make your year-end patching experience as smooth as possible.

 

 

Nogalis Webinar: Preparing for Lawson Year-End Regulatory Patching (December 19th, 9 AM PST)

It’s that time of year again! Infor has released the regulatory patching for Lawson. Patching affects 1099 reporting, benefits/ACA, and payroll. We have compiled some tips to help make your year-end patching experience as smooth as possible.

We use anymeeting for our webinars. The application sometimes asks you to install a plugin. In order to be ready on time. Please give yourself an additional 10 minutes before the webinar begins.

When: Thursday December 19, 2019

9:00 AM to 10:00 AM PST

This webinar is free to attend. Register Now