How to restrict certain users’ ability to delete queued jobs in Lawson job scheduler
Follow the steps below to learn how to restrict certain users’ ability to delete queued jobs in Lawson job scheduler.
- Create a new role named ‘BatchRestrictedRole’ using the Lawson RM Administrator tool.
- Next, in the Lawson Security Administrator (LSA), generate a new Security Class for the GEN profile and name it ‘BatchRestricted.’
- Within LSA, associate the ‘BatchRestricted’ Security Class with the ‘BatchRestrictedRole.’
- Now, let’s establish the rules for the Batch Restricted security class:
- Online: CAT UN
- Grant All Access
- Data sources: GEN
- Grant All Access
- Files: JOB, JOBSTEP
- Grant All Access
- Elements: UserName
- Grant All Access
- Files: QUEUEDJOB
- Unconditional Access for Action Add (A) and Action Inquiry (I)
- More Security context:
- Online: CAT UN
-
-
- Action Add (A) enables ability to add batch jobs
- Action Inquiry (I) enables ability to view and run queued jobs
- Action Delete (D) enables ability to kill running jobs
- Action Update (M) enables ability to remove completed jobs
-
- Assign the newly created ‘BatchRestrictedRole’ to users. Ensure that these users do not possess any existing roles that grant full access to QUEUEDJOB. You can verify this by running a user security report for the GEN profile and searching for QUEUEDJOB.
- Please take note that, depending on your specific security requirements, you may opt to impose further restrictions on other objects within the security class.
- Keep in mind that while users will still see the option to delete a job, they will receive messages such as ‘User does not have access to queued job’ or ‘User Does Not Have Security Access To Delete This Job Log’ when attempting to delete jobs.
Leave a Reply
Want to join the discussion?Feel free to contribute!