We are trying to do a security audit and dump out the security definitions from the GEN tables to write some reports on. When you go to LAUA and drill down in security class to the system code form definitions that are included/excluded we can see the forms that are listed as inaccessible.

Does anyone know which table(s) in GEN contain this info? I have not been able to find what looks like a way that Lawson does this?

We are on ENV 8.0.3.....

I figured this out - it was late last nght when I was looking at this. I was looking at USEREXE as an inclusion list, not an excluded list....amazing what a little sleep can do, huh?

georgegraham:

Maybe you've already discovered this, but you have to also look at what system codes they don't have access to. You've seen that Lawson is only storing the token they do NOT have access to in USEREXE. But that only includes those tokens that are in the system codes that have not been restricted via an entry in USERCAT. So if you see that a security class does not have an entry in USEREXE for HR11 you might think they have access to it. But if there is an entry for that security class in USERCAT for the HR system code then you know they do not have HR11 access because their access to the entire HR system code is restricted.

So then what function codes do they have? Whatever FCs are not in USERSCR for the tokens that are not in USEREXE for the system codes that are not in USERCAT. Of course you have to take the product line into account too.


USERSCR - Function codes (Add, Change, Delete, etc.) they don't have access to
USEREXE - Tokens (programs) they don't have access to
USERCAT - System codes they don't have access to

Good luck with those reports.
-GW