Security Violation for Activity Group

, ,

You may have tried to add a report or update a job recently in Lawson and received a “Security Violation for Activity Group <XXXXX>”

 

Your first solution may be to give the user full rights to the Activity Group form (AC00) and table, but you’ll find that this solution will heed the same results.

 

  1. Check the security class causing the error. It’s likely it was written as an ELM rule (element) based on the Company Element.
  2. If this is true, it’s checking the CompanyControl attribute on the user’s RM Admin setup.
  3. The AC system uses the Security Code as defined on the AC00 (Activity Group) setup and interprets that value as the Company for AC security. By default, the AC00 Security Code is 9999.
  4. Add Company 9999 on in the users attributes as a valid company in the CompanyControl settings.

 

Recap: Because the ELM rule checked the CompanyControl attribute values, this Security Code (Company) value of 9999 needs to be added to the CompanyControl values for the user.

Infor Cloudsuite How to Change Password

, ,

Follow these 6 simple steps to change your password on Infor Cloudsuite.

  1. Login to your Cloudsuite url: https://selfservice.cloudsuite.infor.com/CloudSuitePortal/login.html
  2. Go to Service Requests:
  3. On the top-right select Create a Service Request:
  4. Request type is SQL Manage User and click Next:
  5. Fill in Action: Change Password | User: userID | Password: New_Password
  6. Request takes up to a minute to process.

Infor Landmark Security Classes (ST) explained

, ,

This is a more in-depth look at the security classes assigned to Landmark Security Roles. To find a better overview of Landmark Security Roles, see our article on “Infor Landmark Security Roles (ST) explained

 

Delivered Class Access Details
BasicProductLineAccess_ST In conjunction with ProductLineAccess_ST, provides general product line access that all Landmark actors need.
InbasketUser_ST Access to user’s own Inbasket for reviewing and taking action on work items.
Lpa_ST Access to the Infor Process Automation system, including menus in Infor Rich Client. All IPA users need this.
LpaAdmin_ST Access to Infor Process Automation administration menu options in Infor Rich Client.
JobQueueAccess_ST Access to the Landmark job queue.
ProcessAutomationProxy_ST Access to business classes related to proxy assignments
ProcessDesigner_ST Access to the business classes that the Infor Process Designer tool needs.
ProcessSchedulingAllAccess_ST Provides read, write access to IPA triggering features.
ProcessServerAllAccess_ST Provides read, write access to all IPA features.
ProcessServerReadAccess_ST Provides read access to all IPA features
ProductLineAccess_ST In conjunction with BasicProductLineAccess_ST, provides general product line access that all Landmark actors need.
ScheduledActionsAccess_ST Provides the ability to schedule Landmark actions.
ConfigConsoleSecurityAdmin_ST Provides all access to the Landmark Configuration Console.

 

 

Infor Landmark Security Roles (ST) explained

, ,

From time to time you may get inquiries from a client’s audit team about Landmark Security Roles. This overview table helps explain their uses assuming no modifications were made to them by the organization or Infor. To see a more in-depth understanding of Landmark classes, see our article: “Infor Landmark Security Classes (ST) explained

 

Delivered role Intended for use by Contains these security classes
InbasketUser_ST Normal end-users who receive work items in the Inbasket BasicProductLineAccess_ST

ProductLineAccess_ST InbasketUser_ST

Lpa_ST ProcessSchedulingAllAccess_ ST
JobQueueServer_ST Users who must perform actions on the Landmark job queue. BasicProductLineAccess_ST

ProductLineAccess_ST JobQueueAccess_ST
ProcessDesigner_ST Process developers BasicProductLineAccess_ST ProductLineAccess_ST

Lpa_ST

ProcessDesigner_ST ProcessSchedulingAllAccess_ ST
ProcessServerAllAccess_ST IPA system administrators BasicProductLineAccess_ST ProductLineAccess_ST

Lpa_ST

LpaAdmin_ST ProcessServerAllAccess_ST ProcessSchedulingAllAccess_ ST ScheduledActionsAccess_ST
ProcessServerReadAccess_ST IPA assistant administrators, power users, developers (depending on policies at

your site)

 ProductLineAccess_ST

ProcessServerReadAccess_ST
Not delivered through a role. Assign the class to any role for users who need to assign proxies. Users who need to assign Tasks to other users to cover for them. ProcessAutomationProxy_ST
ConfigConsoleSecurityAdmin_ST Users who need full access to the Configuration Console. ConfigAdminAccess_ST

SecurityConfigAccess_ST

ConfigConsoleSecurityAdmin_ ST

 

Lawson Add-ins is Not Working, Here’s What to Check For

, ,

If your Lawson Add-ins is not working, check the following:

  1. Check the versioning of Excel, if you’re using 2010 or 2016, the MOA installer will vary.
    • For MOA installer versions, you can research this on docs.infor.com and or search the downloads section within Infor concierge website.
  2. If add-ins is not working after installing, go to Excel options and check for “Disabled Application Add-ins”
  3. If Add-ins is disabled here, under Managed, select Disabled Items >> Go
  4. Access COM Add-ins and make sure Lawson MOA is enabled:

 

That’s it! Steps 2 through 4 are examples of Lawson Add-ins in Excel 2010.

Lawson appears to be down or not working properly, what do I do?

, ,

Here are 5 things you can check for when seeing what is wrong with Lawson:

  1. Contact the different departments within the organization to confirm this is a wide spread issue. Coordinated with them to report back issues they are seeing.
  2. If users can’t access Lawson portal, check to see if websphere is running.
    1. If you have access to the LSF server, go into services and check if the IBM Websphere ServerApp service is running. Stopping and starting the ServerApp is typically safe as well if you’re trying to prevent users from logging in.
    2. If websphere is running, check for IOS log errors found in %LAWDIR%\system
  3. If you’re able to access Lawson portal but users report intermittent issue, check the LADB and LATM log.
    1. On the LSF server, go to %LAWDIR%\system directory and open the ladb.log and latm.log and search for “Database error (94)” or “Connection Failure” errors. Make sure the time stamps lineup.
  4. Check the Lawson job scheduler or reach out to your database team to check for any scripts running on the server.
    1. Its rarer but an update job or sql script could cause intermittent connection issues within Lawson if its hogging all the database or LSF server resources.
    2. Its also important to verify there is nothing important running if you’re thinking of rebooting the either servers.
  5. After doing the above checks and coordinating with the organization, if Lawson is still exhibiting issues and you’re seeing errors, it’s always best to reboot both the Lawson database server along with the LSF server.
    1. A simple way to do this would be to open up a command prompt or powershell in administration mode and type: shutdown -r -t 0

WH110/WH130 – Cannot process loc; allocation feedback running

, ,

So, you have a job failing, possibly a multi-step job and you’ve either ran into the “Cannot process loc” error or something like “Bad File Status 4 7 On File <Filename>”

 

This isn’t allowing the job to run and or pick lists to be printed.

 

  • First make sure you verify with your IT team that this job is not going to run soon again and that none of the other programs are running.
  • Now to resolve this issue, you will need to use a quick paint screen to change the OE-RUN-STS field in the ICLOCATION file from 2 to 0.

The OE-RUN-STATUS values are:

0 – No processing in progress

1- Allocation Feedback Running (WH110)

2- Pick List Print Running (WH130, WH131)

3 – Picking Feedback Running (WH132 – Feedback step 1)

4 – Packing Feedback Running (WH132 – Feedback step 2)

5 – Shipping Feedback Running (WH132 – Feedback step 3)

6 – Ic Reorder Running (IC140, IC141, IC142)  The IT Team can use command such as tmmon to verify.

  • If the job is scheduled to run again automatically, allow it to do so and it should complete and the pick lists should be printed. Make sure other jobs are not scheduled to run around the same time you’re changing the OE-RUN-STATUS.
  • Lastly, if you’re running frequently for the same parameters, change the pgmdef, Execute parameter to Non-Concurrently to ensure the job prior has completed before the next one attempts to run.

Good luck!

IP Designer Series – Lawson Form Transaction

, ,

The Lawson Form Transaction node is used to create AGS calls to make updates to Lawson Forms.  If you already have an AGS call built, you can simply put it in the property window of the node.  You can also build an AGS call from scratch by clicking the “Build” button and going through the Wizard.  The connection should already be using your Infor Lawson configuration set, but you can set that explicitly if desired.  For this node to work, it is important that you have the Infor Lawson tab configured in your “main” configuration set in Landmark/IPA.  You can get more information on how to do that here.

In the Build wizard, select your product line, the module, and the token where you are making updates.  The Method(s) available to that token will be all the methods available to the token in Lawson portal.

Move over the field(s) that you want to update.  Make sure you include the fields that are required on the form.  If you are making a change, make sure you include the key fields and their values for the item you are changing.  The Value can be a hard-coded value, or a variable available to the node.

Click finish when you have filled in all your desired fields.  The AGS call will now appear in the property window.

 

IP Designer Series – Resource Query

, ,

The Resource Query node can be used to query Lawson user (RM) data in Lawson Security.  This node can be especially useful for automated user functions, such as onboarding and offboarding.

To start a query, click “Build” on the properties screen.

Select the RM Object and the Service that you want to use and click “Get Attributes”.  Choose the Attributes that you want to retrieve from each user’s record.  Then click “Next” to select the search criteria.

You can choose users based on their Resource (RM) data or Services, or both.

Once you click finish, the query should be built in the properties window.

 

Configure External Lawson to Authenticate Against LDAP Bind

, ,

There are a couple of authentication options when it comes to your external Lawson website.  If you want to authenticate using AD FS, you will have to put an AD FS server on the DMZ and make it externally facing.  If that is not an option at your organization, another option is to authenticate using the LDAP Bind.  Even when you implement AD FS for Lawson authentication, some pieces of the application (such as Add-ins) still require LDAP Bind.  So, you can set up your external website to take advantage of that service instead of AD FS.

The first step is to create an SSO domain if you don’t already have one.

Next, you will need to create a new HTTP endpoint with the values:

FQDN – the fully-qualified domain name of your externally facing web server

HTTP Port – the HTTP port your Lawson site uses (can be -1 if you want to disable HTTP)

HTTPS Port – the HTTPS port your Lawson site uses

SSO Domain – the LDAP Bind domain from the step above

Next, assign your new endpoint to your LDAP Bind service.  If you are still using LS as STS (as opposed to AD FS) for authentication to Lawson, this service is probably “SSOP”.  Otherwise, it is the service that was set up for LDAP Bind in applications like MS Add-ins or Lawson Security Administrator.

Next, you need to create an endpoint Group.  Give it a meaningful name that will let you know this is the group for external Lawson.

Now, assign your new endpoint to the endpoint group you just created.

Recycle services (or reboot your server), and do your smoke test.  Check the SSOServlet URL to make sure you are presented with the Infor Lawson login screen: