View Full Version: Trying To Find Gen Table...

LawsonTalk > System Admin > Trying To Find Gen Table...



Title: Trying To Find Gen Table...


georgegraham - March 26, 2007 01:31 PM (GMT)
We are trying to do a security audit and dump out the security definitions from the GEN tables to write some reports on. When you go to LAUA and drill down in security class to the system code form definitions that are included/excluded we can see the forms that are listed as inaccessible.

Does anyone know which table(s) in GEN contain this info? I have not been able to find what looks like a way that Lawson does this?

We are on ENV 8.0.3.....

Keith_G_Thompson - March 28, 2007 10:21 PM (GMT)
Check the "USER*" tables in $LADBDIR/GEN. There are a few and the various ones will contain security information by security class. NOW for the part you're not going to like -

While lawson security reports show you what is available and what is not accessible, it is stored in the database in "reverse" logic. So, it puts in only what is NOT available. So, when you dump USERSCR to see what screens are accessible, you will actually only get a list of what IS available. You'll have to do a comparison against the contents of other GEN tables, like PROGRAM, SCREEN and EXECUTABLE.

I have worked on these types of custom security reports before and let me say this - there is a reason why someone hasn't come up with something better! :) They've always been very difficult and not quite what we needed in each case.

One idea that someone did come up with was to run some of the laua reports and then process the output text file into a database to be reported on. That seemed to be a little more reliable than trying to reverse-back-in your way to what various security classes actually have access to.

schroncd - March 29, 2007 04:24 AM (GMT)
This script, called whocan, will show you WHO CAN access any named screen. If you build a list of all the screens on the system and feed them to it you will get a complete report of who has access on each of those screens. It uses the LAUA FormID Report as the source for it's information.

g'luck!!

#!/usr/bin/perl
# whocan - who can access a screen code
#
# usage: whocan screenname reportfile
#
# Screenname should be something like HR11.1 or HR11\\. (case in-sensitive)
#
# Reportfile is the output from a formid security report from laua
#
#
BEGIN {
$screen = shift @ARGV or die "usage: whocan AB12[.3] report_file";
$secclass="";
print " SYSTEM PROGRAM UNSECURED SECURED\n";
print "SECCLASS PRODUCT LINE CODE CODE FORM ID SECURED FCs FCs\n";
print "---------- ------------------------------------------------------------------------------\n";
}
if (/SECURITY CLASS:\s+(\S+)$/) {
$secclass=$1;
next;
}
if ($secclass) {
printf("%-11s%s", $secclass, $_) if /$screen/i;
}
#-------------------End------------------------------




Hosted for free by InvisionFree