Transcript Lawson - Corporate Template
Security 9
Joe Faltesek September 27, 2006
User Can Have Many Roles
More Securable Objects
More Reporting With Segregation of Duties
Better User Interface
Related Tables in Rules
Field Level on Screens
Security by Types Items
4/23/2020 Page 2
User Can Have Unlimited Roles User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Systems (AP vs. PR) Screens Screen Fields Screen Actions Securable Objects: Entities Whole Reports Whole DB Instances Divisions Report Rows Whole DB Tables Departments Report Columns DB Columns Employee Groups Report Sections DB Rows
4/23/2020 Page 3
More Securable Objects User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Systems (AP vs. PR) Screens Screen Fields Screen Actions Securable Objects: Entities Whole Reports Whole DB Instances Divisions Report Rows Whole DB Tables Departments Report Columns DB Columns Employee Groups Report Sections DB Rows
4/23/2020 Page 4
Much More Reporting: Segregation of Duties
4/23/2020 Page 5
Much More Reporting: Segregation of Duties
4/23/2020 Page 6
Much More Reporting: Segregation of Duties
Segregation of Duties
Profile List
Security Class
Auditing
User Security
Object Security
Role / User Assignment
Role / Security Class Assignment
Rule Report
Identities for Resource
Service Definition List
Resource Management Report
4/23/2020 Page 7
Extra measure of security
Applies to drills & queries
9 can secure based on related tables Queries & Related Tables
4/23/2020 Page 8
Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.
Business Goal
4/23/2020 Page 9
Technology Details
In this demo we will use a relationship from pay history table to the employee table. Securing based on related tables is new for the 9 technology release.
4/23/2020 Page 10
First with security turned off
4/23/2020 Page 11
First with security turned off
4/23/2020 Page 12
With security turned off all data is visible
4/23/2020 Page 13
Now with security turned on
4/23/2020 Page 14
User
4/23/2020 Page 15
User -> Role
4/23/2020 Page 16
User -> Role
4/23/2020 Page 17
User -> Role -> Class
4/23/2020 Page 18
User -> Role -> Class
4/23/2020 Page 19
User -> Role -> Class -> Rules
4/23/2020 Page 20
User -> Role -> Class -> Rules
4/23/2020 Page 21
User -> Role -> Class -> Rules
4/23/2020 Page 22
Now with security turned on
4/23/2020 Page 23
Now with security turned on
4/23/2020 Page 24
Extra measure of security
Applies to drills & queries
9 can secure based on related tables Business Goal:
Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.
Summary
4/23/2020 Page 25
Securing by job role with separation of duties
Uses LDAP
Much more reporting Demo Focus
4/23/2020 Page 26
Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable. Business Goal
4/23/2020 Page 27
Security Entity Relationships User Roles (jobs) Product Line / Data Source Classes (tasks) Rules Securable Objects (tables, fields, forms…)
4/23/2020 Page 28
Security Entity Relationships User Roles (jobs) Product Line / Data Source Classes (tasks) Rules Securable Objects (tables, fields, forms…)
4/23/2020 Page 29
User Maintenance
4/23/2020 Page 30
User Maintenance
4/23/2020 Page 31
User Maintenance
4/23/2020 Page 32
User -> Roles
4/23/2020 Page 33
User -> Roles
4/23/2020 Page 34
Role -> Classes
4/23/2020 Page 35
Class -> Rules
4/23/2020 Page 36
Class -> Rules
4/23/2020 Page 37
Rules -> Objects
4/23/2020 Page 38
Rules -> Objects
4/23/2020 Page 39
User Signs On
4/23/2020 Page 40
Goes to PO20 & Selects Company: OK
4/23/2020 Page 41
Inquires in PO20: OK
4/23/2020 Page 42
Changes PO20: OK
4/23/2020 Page 43
Goes to AP10 and Selects: OK
4/23/2020 Page 44
AP10 Inquiry: OK
4/23/2020 Page 45
Changing AP10: Disallowed
4/23/2020 Page 46
Going to AP20: Disallowed
4/23/2020 Page 47
Running Audit Report
4/23/2020 Page 48
Audit Report
4/23/2020 Page 49
Find Within the Report
4/23/2020 Page 50
More Detail Available
4/23/2020 Page 51
Summary
Demo Focus: Securing by job role with separation of duties Uses LDAP Much more reporting Business goal met in this demo: Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable. 4/23/2020 Page 52
Demo Focus
Types allows for rapid class setup
Rapid may not be thorough enough
Field level security available for all Lawson applications
4/23/2020 Page 53
Business Goals
Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors. *Be careful with this. Sometimes rapid is the enemy of thorough.
4/23/2020 Page 54
Security Entities: we will focus on rules
User Roles (jobs) Product Line / Data Source Classes (tasks)
Rules
Securable Objects (tables, fields, forms…)
4/23/2020 Page 55
User
4/23/2020 Page 56
User
4/23/2020 Page 57
User
4/23/2020 Page 58
User -> Role
4/23/2020 Page 59
User -> Role
4/23/2020 Page 60
User -> Role -> Class
4/23/2020 Page 61
User -> Role -> Class -> Rule
Types allow rapid rule setup
4/23/2020 Page 62
User -> Role -> Class -> Rule
Field level security
4/23/2020 Page 63
User -> Role -> Class -> Rule -> Object
4/23/2020 Page 64
Logging on power user
4/23/2020 Page 65
Logging on power user
4/23/2020 Page 66
Power user can inquire on AP10
4/23/2020 Page 67
Including the status code
4/23/2020 Page 68
And change the status code
4/23/2020 Page 69
Logging on a restricted user
4/23/2020 Page 70
Logging on a restricted user
4/23/2020 Page 71
Can inquire on AP10
4/23/2020 Page 72
But can't access status code
4/23/2020 Page 73
And can’t change status code
4/23/2020 Page 74
Summary
Demo Focus:
Types allows for rapid class setup
Rapid may not be thorough enough
Field level security available for all Lawson applications
Business goals met in this demo: Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors. *Be careful with this. Sometimes rapid is the enemy of thorough.
4/23/2020 Page 75
LSF 9.0: LDAP Lightweight Directory Access Protocol (LDAP):
A protocol that accesses a central repository of globally interesting information.
LDAP is a new requirement with LSF 9.0. LDAP must be used to store Lawson user information.
LDAP Binding
(Industry Standard Term)
:
Capability of connecting two LDAP repositories to reduce maintenance and administration.
Note: LDAP Binding is not provided as part of the standard LPS LSF installation.
4/23/2020 Page 76
LSF 9 – Common Questions
Am I required to use an LDAP Server with LSF 9?
– Yes: RD30 is gone. SEA security information is in LDAP.
– Supported LDAPs: MS ADAM and Tivoli Directory Server.
4/23/2020 Page 77
Security 9 – Common Questions
May I use the Lawson Interface Desktop (LID) with LSF 9?
– Yes: LID uses LAUA security. – Portal uses LAUA or 9 security. 4/23/2020 Page 78
Lawson Release 9 - Migration Information
Minimum
Starting Points for Lawson Products Environment v8.0.3 with most recent ESP (ESP7) Applications v8.0.2MSP8
v8.0.3MSP10 v8.1MSP5
Ending
Point Comments for Lawson Products Portal 9.0 / LID (backward compatible) LSF 9.0
SSO enabled SEA’s 4/23/2020 Page 79
LSF 9 – Migration Process
LSF 9.0 is a Whole New Product/Solution Process of Moving a Client From Environment 8.x to LSF 9 Involves: • Installing LSF 9.0
• Extracting “Lawson Environment and System Data” From Environment 8.x Environment • Migrating/Uploading the System Data into LSF 9.0
4/23/2020 Page 80
LSF 9 - Migration Information
Migration programs will be provided to migrate user data from Technology 8.0.3 to 9.0
Items that get migrated – Users – LAUA Security classes – Jobs – Reports – ProcessFlows / BCI Procedures 4/23/2020 Page 81
Lawson Release 9 - Preparation
Consider Lawson Portal transition plan in conjunction with Lawson Security Plan for LDAP, if not already in your enterprise Begin business analysis for Lawson Security – Start analyzing and understanding roles and tasks – Start designing security policies; roles and rules – Start modeling company structure – Start identifying the order in which departments will transition 4/23/2020 Page 82
Frequently Asked Questions What is the migration path to 9.0 technologies? Can I migrate Environment 8.0.2 directly to LSF 9?
Minimum
Starting Points for Lawson Products • Environment v8.0.3 with most recent ESP (ESP7) • Applications v8.0.2MSP8, v8.0.3MSP10, or v8.1MSP5 (with required CTPs)
Ending
Point Comments for Lawson Products • Portal 9.0 / LID (backward compatible) • Env v9.0
• SSO enabled SEA’s 4/23/2020 Page 83
Frequently Asked Questions Can we move from Environment 8.0.3 to LSF 9 on our own? Are we required to use Lawson services?
You may move from Environment 8.0.3 SP#7 to LSF 9.0 on your own without a certified Lawson installer. However, Lawson highly recommends using a certified installation resource to limit potential issues with support and delaying your migration strategies. 4/23/2020 Page 84
Impact Of Security 9
Joe Faltesek August 25, 2006