Lawson - Corporate Template

download report

Transcript Lawson - Corporate Template

Security 9

Joe Faltesek September 27, 2006

User Can Have Many Roles

More Securable Objects

More Reporting With Segregation of Duties

Better User Interface

Related Tables in Rules

Field Level on Screens

Security by Types Items

4/23/2020 Page 2

User Can Have Unlimited Roles User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Systems (AP vs. PR) Screens Screen Fields Screen Actions Securable Objects: Entities Whole Reports Whole DB Instances Divisions Report Rows Whole DB Tables Departments Report Columns DB Columns Employee Groups Report Sections DB Rows

4/23/2020 Page 3

More Securable Objects User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Systems (AP vs. PR) Screens Screen Fields Screen Actions Securable Objects: Entities Whole Reports Whole DB Instances Divisions Report Rows Whole DB Tables Departments Report Columns DB Columns Employee Groups Report Sections DB Rows

4/23/2020 Page 4

Much More Reporting: Segregation of Duties

4/23/2020 Page 5

Much More Reporting: Segregation of Duties

4/23/2020 Page 6

Much More Reporting: Segregation of Duties

Segregation of Duties

Profile List

Security Class

Auditing

User Security

Object Security

Role / User Assignment

Role / Security Class Assignment

Rule Report

Identities for Resource

Service Definition List

Resource Management Report

4/23/2020 Page 7

Extra measure of security

Applies to drills & queries

9 can secure based on related tables Queries & Related Tables

4/23/2020 Page 8

Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

Business Goal

4/23/2020 Page 9

Technology Details

In this demo we will use a relationship from pay history table to the employee table. Securing based on related tables is new for the 9 technology release.

4/23/2020 Page 10

First with security turned off

4/23/2020 Page 11

First with security turned off

4/23/2020 Page 12

With security turned off all data is visible

4/23/2020 Page 13

Now with security turned on

4/23/2020 Page 14

User

4/23/2020 Page 15

User -> Role

4/23/2020 Page 16

User -> Role

4/23/2020 Page 17

User -> Role -> Class

4/23/2020 Page 18

User -> Role -> Class

4/23/2020 Page 19

User -> Role -> Class -> Rules

4/23/2020 Page 20

User -> Role -> Class -> Rules

4/23/2020 Page 21

User -> Role -> Class -> Rules

4/23/2020 Page 22

Now with security turned on

4/23/2020 Page 23

Now with security turned on

4/23/2020 Page 24

Extra measure of security

Applies to drills & queries

9 can secure based on related tables Business Goal:

Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

Summary

4/23/2020 Page 25

Securing by job role with separation of duties

Uses LDAP

Much more reporting Demo Focus

4/23/2020 Page 26

Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable. Business Goal

4/23/2020 Page 27

Security Entity Relationships User Roles (jobs) Product Line / Data Source Classes (tasks) Rules Securable Objects (tables, fields, forms…)

4/23/2020 Page 28

Security Entity Relationships User Roles (jobs) Product Line / Data Source Classes (tasks) Rules Securable Objects (tables, fields, forms…)

4/23/2020 Page 29

User Maintenance

4/23/2020 Page 30

User Maintenance

4/23/2020 Page 31

User Maintenance

4/23/2020 Page 32

User -> Roles

4/23/2020 Page 33

User -> Roles

4/23/2020 Page 34

Role -> Classes

4/23/2020 Page 35

Class -> Rules

4/23/2020 Page 36

Class -> Rules

4/23/2020 Page 37

Rules -> Objects

4/23/2020 Page 38

Rules -> Objects

4/23/2020 Page 39

User Signs On

4/23/2020 Page 40

Goes to PO20 & Selects Company: OK

4/23/2020 Page 41

Inquires in PO20: OK

4/23/2020 Page 42

Changes PO20: OK

4/23/2020 Page 43

Goes to AP10 and Selects: OK

4/23/2020 Page 44

AP10 Inquiry: OK

4/23/2020 Page 45

Changing AP10: Disallowed

4/23/2020 Page 46

Going to AP20: Disallowed

4/23/2020 Page 47

Running Audit Report

4/23/2020 Page 48

Audit Report

4/23/2020 Page 49

Find Within the Report

4/23/2020 Page 50

More Detail Available

4/23/2020 Page 51

Summary

 Demo Focus:  Securing by job role with separation of duties  Uses LDAP  Much more reporting Business goal met in this demo: Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable. 4/23/2020 Page 52

Demo Focus

Types allows for rapid class setup

Rapid may not be thorough enough

Field level security available for all Lawson applications

4/23/2020 Page 53

Business Goals

Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors. *Be careful with this. Sometimes rapid is the enemy of thorough.

4/23/2020 Page 54

Security Entities: we will focus on rules

User Roles (jobs) Product Line / Data Source Classes (tasks)

Rules

Securable Objects (tables, fields, forms…)

4/23/2020 Page 55

User

4/23/2020 Page 56

User

4/23/2020 Page 57

User

4/23/2020 Page 58

User -> Role

4/23/2020 Page 59

User -> Role

4/23/2020 Page 60

User -> Role -> Class

4/23/2020 Page 61

User -> Role -> Class -> Rule

Types allow rapid rule setup

4/23/2020 Page 62

User -> Role -> Class -> Rule

Field level security

4/23/2020 Page 63

User -> Role -> Class -> Rule -> Object

4/23/2020 Page 64

Logging on power user

4/23/2020 Page 65

Logging on power user

4/23/2020 Page 66

Power user can inquire on AP10

4/23/2020 Page 67

Including the status code

4/23/2020 Page 68

And change the status code

4/23/2020 Page 69

Logging on a restricted user

4/23/2020 Page 70

Logging on a restricted user

4/23/2020 Page 71

Can inquire on AP10

4/23/2020 Page 72

But can't access status code

4/23/2020 Page 73

And can’t change status code

4/23/2020 Page 74

Summary

Demo Focus:

Types allows for rapid class setup

Rapid may not be thorough enough

Field level security available for all Lawson applications

Business goals met in this demo: Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors. *Be careful with this. Sometimes rapid is the enemy of thorough.

4/23/2020 Page 75

LSF 9.0: LDAP Lightweight Directory Access Protocol (LDAP):

A protocol that accesses a central repository of globally interesting information.

LDAP is a new requirement with LSF 9.0. LDAP must be used to store Lawson user information.

LDAP Binding

(Industry Standard Term)

:

Capability of connecting two LDAP repositories to reduce maintenance and administration.

Note: LDAP Binding is not provided as part of the standard LPS LSF installation.

4/23/2020 Page 76

LSF 9 – Common Questions

Am I required to use an LDAP Server with LSF 9?

– Yes: RD30 is gone. SEA security information is in LDAP.

– Supported LDAPs: MS ADAM and Tivoli Directory Server.

4/23/2020 Page 77

Security 9 – Common Questions

 May I use the Lawson Interface Desktop (LID) with LSF 9?

– Yes: LID uses LAUA security. – Portal uses LAUA or 9 security. 4/23/2020 Page 78

Lawson Release 9 - Migration Information

Minimum

Starting Points for Lawson Products  Environment v8.0.3 with most recent ESP (ESP7)  Applications  v8.0.2MSP8

 v8.0.3MSP10  v8.1MSP5

Ending

Point Comments for Lawson Products  Portal 9.0 / LID (backward compatible)  LSF 9.0

 SSO enabled SEA’s 4/23/2020 Page 79

LSF 9 – Migration Process

 LSF 9.0 is a Whole New Product/Solution  Process of Moving a Client From Environment 8.x to LSF 9 Involves: • Installing LSF 9.0

• Extracting “Lawson Environment and System Data” From Environment 8.x Environment • Migrating/Uploading the System Data into LSF 9.0

4/23/2020 Page 80

LSF 9 - Migration Information

 Migration programs will be provided to migrate user data from Technology 8.0.3 to 9.0

 Items that get migrated – Users – LAUA Security classes – Jobs – Reports – ProcessFlows / BCI Procedures 4/23/2020 Page 81

Lawson Release 9 - Preparation

 Consider Lawson Portal transition plan in conjunction with Lawson Security  Plan for LDAP, if not already in your enterprise  Begin business analysis for Lawson Security – Start analyzing and understanding roles and tasks – Start designing security policies; roles and rules – Start modeling company structure – Start identifying the order in which departments will transition 4/23/2020 Page 82

Frequently Asked Questions What is the migration path to 9.0 technologies? Can I migrate Environment 8.0.2 directly to LSF 9?

Minimum

Starting Points for Lawson Products • Environment v8.0.3 with most recent ESP (ESP7) • Applications v8.0.2MSP8, v8.0.3MSP10, or v8.1MSP5 (with required CTPs)

Ending

Point Comments for Lawson Products • Portal 9.0 / LID (backward compatible) • Env v9.0

• SSO enabled SEA’s 4/23/2020 Page 83

Frequently Asked Questions Can we move from Environment 8.0.3 to LSF 9 on our own? Are we required to use Lawson services?

 You may move from Environment 8.0.3 SP#7 to LSF 9.0 on your own without a certified Lawson installer. However, Lawson highly recommends using a certified installation resource to limit potential issues with support and delaying your migration strategies. 4/23/2020 Page 84

Impact Of Security 9

Joe Faltesek August 25, 2006