Archive for category: Frontpage Article

Traditionally LBI is setup with Lawson Groups such as the LBIUser which by default, communicates to LBI which users should have access.

There is another way to assign rights in LBI aside from adding more groups to users. LBI has its own native “Report Security Group” system.

1. To access this system, login into LBI as your admin user and access Reporting Services Administration.
2. Under Report Management, select “New Report Security Group” to create a new security group
   
3. Enter the name of the group and description, click Save
   
4. Now set the permissions similar to how you set permissions per report.
   
5. Go to Users and add the users you want to have access to this group, you can even set report overrides per user if needed
   
6. Now on an individual report, you can add the entire security group you just created to it:
   

You’ll still need to have Lawson groups to grant access to individual dashboards and modules but this helps add a new layer of security in an organized way.

Here is a simple was to Resolve the notification: “An error has occurred in the script on this page” for expression builder in Lawson Security Administrator (LSA).

In LSA when trying to build a custom rule for a program you may get this error:

Trying to get passed it, it comes up again and doesn’t allow the user build rules for a file or token:

The resolution is pretty simple, go to your C:\Windows\SysWOW64 directory and run the following command:

regsvr32 msxml14.dll

You should get a pop-up confirming this. Login to LSA again and you should be good to go!

1. If you need to run a batch command in Lawson, first we need to open up Lawson interface desktop (LID).
2. Type the tokendef
3. For this example we’ll select Environment Form IDs and then select SECURITY category.
4. Place your cursor at the top of the Environment Form ID list and press F8 to insert a command
   
5. Type in the command you want here, ours is customcomm
6. In Lawson Security Administrator (LSA), go to ENV profile, open a security class you want to assign customcomm command to. Under Environment Security, you should see your new batch command, select and grant all access.
   
7. And we’re done!

Often you will have IPA processes that run Lawson batch jobs, or perform some task with the output from a batch job.  There may come a time when you need to programmatically convert the output of those jobs to another format, such as PDF or CSV.  The bldxffiles command is a Lawson system command that allows you to do just that.  You can use a System Command node in IPA to run the command against batch job output and convert the file.  (This even works in cloud, but one caveat to note is that mutli-tenant environments do now allow system command nodes in IPA).

 

The Command

Command syntax is:

bldxffiles –[ALCPRTX | U] [abcdpstv] <username> <jobname>

 

Program Option	Description
-A	Generate the ADO files (_ado.xml, .csv and _ado_schema.xml). These are used by the OLE DB server
-L	Generate partial CSV files starting from a point in the report. Use in conjunction with the -o option, which indicates the line number to start at. Can also be used in conjunction with the -S option to create a partial CSV file for a single print file. Example: bldxffiles -L sjohnson CU201JOB1 -o28 The generated CSV file will be CU201_partial.csv
-C	Create CSV file
-P	Create PDF file
-R	Create a print file with left-to-right orientation
-T	Include total groups in the CSV
-S	Build files only for the path and print file specified.
-k	Use the specified separator as the value separator in CSV files: ·         a = Tab ·         b = Space ·         c = Comma ·         s = Semicolon
-o	Specify the line number to start for a partial CSV file (used in conjunction with option L)
UserName	If you are not using the -F option, this is the name of the user who created the print files to be converted. If you are using the -F option, this is a placeholder only. You must specify some text for this, but it can be any character.
JobName	The name of the job whose print files are to be converted.
JobStep	The job step whose print files are to be converted.
FullFilePath	The path to the input file, if you are using the -S or -Foption.
FileName	The name of the input file, if you are using the -S or -F option.

 

Using it in IPA

To use the bldxffiles command in IPA, you first need a system command node pointing to the “main” configuration set (or whatever configuration set points to your LSF server).

In the properties of the System Command Node, put your bldxffiles command.  Typically you will want to use the “S” option so you can run the command against a filename, rather than being tied down to a specific user and job name (which could change readily).  The syntax for converting a prt file to CSV would be similar to:

bldxffiles -SC <NTID> “<filepath>” <filename>

 

The NTID is for Windows only.  On a Unix system, it would be a username.

NOTE: if you are not running the bldxffiles command in the user’s print directory (i.e. you are working on a print file that has been moved to another location), you will need to make sure that you have the print file’s corresponding detail file in the same directory where you are running the command.  For instance, if you have a print file named AP520.prt, there is a correspoinding AP520.dtl file in that same print directory.  That needs to follow the prt file or your command will return an error.

 

Example

Here is a command that will convert a check file to CSV format using the Lawson’s NTID.  In this case, the file has been moved from the print directory to a new directory, so the .dtl file was also copied over.  The .dtl file is also named checkf.dtl.

Microsoft is hardening their security with LDAP channeling and LDAP signing in an update coming soon. Any applications that rely on LDAP connections to Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) need to be converted to LDAPS. LDAPS is a secure connection protocol used between applications like Lawson and the Network Directory or Domain Controller. Below are the potential impacted Lawson applications mentioned by Infor in a recent KB Article.

Impacted Lawson applications:

• Lawson System Foundation (LSF) environments using AD LDS instances for Authentication Data Store (RM Configuration).
• Lawson System Foundation (LSF) environments using an LDAP Bind to Windows Active Directory for authentication.
• Landmark Environments using an LDAP Bind to Windows Active Directory for authentication.
• Infor Federated Services (IFS) synchronization connections to Active Directory.

Infor has recommended that on-premise clients configure the impacted applications and have provided KB Articles on how to perform these tasks.

Some important things to note:

• This change does affect you, even if you have implemented AD FS
  • If you are using Microsoft Add-ins for LSF and Lawson Process Administrator for Landmark, you will have a Thick Client installed that used LDAP Bind.
• If your networking team takes the Microsoft LDAPS update and enforces LDAPS connections before these changes have been configured, your Lawson applications will fail in the following ways:
  • The LASE process on LSF will fail to start.
  • Login to services that rely on LDAP bind will be unable to login (Landmark Rich Client, MSCM Handheld Devices, IPA Flows to LSF).
  • IFS will be unable to sync users from Active Directory.
• This change will NOT impact DSP applications
  • DSP application include Infor Business Intelligence (IBI or LBI), Lawson Smart Office (LSO), Mobile Supply Chain Management (MSCM), etc.
  • These applications use Infor Lawson for authentication. They are not bound to LDAP, nor do they have their own instance of AD LDS.
• You can update your configuration at any time
  • The changes recommended by Infor can be completed before LDAPS connections are enforced, and there will be no negative impact to your system.