Implementing Lawson Security 9.0 - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Implementing Lawson Security 9.0

Description:

Additional Documentation Various documents are available as follows: ... Security Classes should be reusable and adjust based on User information. – PowerPoint PPT presentation

Number of Views:298
Avg rating:3.0/5.0
Slides: 23
Provided by: 4872
Category:

less

Transcript and Presenter's Notes

Title: Implementing Lawson Security 9.0


1
Implementing Lawson Security 9.0
  • Overview

Brian Hunter Lawson Professional
Servise Brian.Hunter_at_lawson.com
2
LSF 9.0 User Basics
  • A Resource Management Record is required in LDAP
    for all users accessing the Lawson System.
    (Single Sign-on requires only one record.)
  • The Resource Management Record attaches to
    Services controlling access to other
    subsystems, Agents or 3rd Party Products.
  • SSOP Identity Authenticates user to Lawson
    Portal (An LDAP Bind can allow the password
    challenge for the SSOP ID to another source.)

3
LSF 9.0 User Basics
  • OS Identity organizes the users information
    within the Operating System. A unique OS Account
    is required if the user is executing batch jobs.
  • Agent Identities pass Lawson required
    information to the Self-Service Centers.
  • Roles, Groups and Structures are established in
    RM.
  • Resources are assigned Roles, Structure
    participation and Group membership.

4
(No Transcript)
5
Lawson Security 9.0 Basics
  • Lawson Security is a Role Based Authorization
    System
  • LID cannot be used with Lawson Security
    Authorizing.
  • Lawson Security consists of Profiles
    representing all areas requiring Authorizations.
    (RM, ADM, LOGAN, APPS, ENV, GEN)
  • Lawson Security Classes contain Authorization
    Rules. (Grant, Unconditional for Action,
    Conditional If/Then or Time/Date)

6
Lawson Security 9.0 Basics
  • Lawson Security Classes are associated to Roles.
    Security Classes are not directly tied to a User.
  • A User has no access unless specifically granted
    the Authorization through Role assignments.
  • Must implicitly grant every Securable Object a
    Role needs. (On-line Form, Batch Program, File,
    Environment, Data Source.)
  • Single Sign-on only works if the user is
    Authorized by Lawson Security.

7
Lawson Security Set-up
  • A Role is established in Resource Management.
  • A Security Class is established in Lawson
    Security 9.0. The Security Class contains access
    Rules for forms and files.
  • One or More Security Classes are assigned to a
    Role creating the appropriate Authorizations.
  • Users are assigned Roles.

8
Lawson Client Types
  • A Existing Lawson Client migrating to LSF 9.0
    and Lawson Security
  • LAUA Security Classes Established
  • Web Records, LAUA Profiles Established
  • PORTALROLES Established
  • B New Lawson Client starting with LSF 9.0 and
    Lawson Security
  • Users Identified
  • Conceptual Authorizations requiring Lawson
    Definitions

9
Transitioning A Client
  • LSF 9.0 allows for LAUA Security for
    Authorization
  • Benefit
  • Security variable removed in upgrading
  • Transition User or Sets of Users to LS reducing
    risks
  • Cost
  • Continued Security limitations

10
Implementing Lawson Security 9.0
  • Project Analysis (Applications, Self-Service
    Centers, General)
  • Security Plan
  • Resource Management Lawson Security Training
  • Security Analysis (Detailed Requirements for all
    Applications and Areas)
  • Lawson Security Modeling
  • Proof of Concept Security Model
  • Lawson Security Build Test
  • Establish Users under Lawson Security Model

11
Critical for Lawson Security 9.0
  • Proper Security Analysis!
  • Gather ALL Application, Compliance, Audit
    requirements desired controls.
  • Special focus on Data restrictions.
  • An A client can use LAUA authorizations as a
    starting point of analysis however LS takes
    security functionality to a new level. To receive
    the benefit of Lawson Security, old product
    constraints or methods must be released. LS is
    Role based.

12
Lawson Security 9.0 Methodology
  • Lawson Security (LS) is an Object Oriented
    Security Design.
  • Create buckets of Authorizations.
  • Authorizations can be connected differently to
    create the Unique Role Requirements without
    rebuilding Security Classes.
  • Security Classes represent a single Task or set
    of indivisible Tasks. (Journal Entry, Employee
    Maintenance, Item Maintenance)
  • An A client should just SAY NO to building LS
    Security Classes that mirror LAUA. There might
    not be a bigger mistake. This will eliminate the
    flexibility of LS and remove the efficiency of
    Maintenance.

13
Lawson Security 9.0 Methodology
  • Security Rules should be driven from User
    Information not hard-coded data.
  • Example Determine Users Data Span of Control
    from their Resource Record information, their
    HR Record Information, an Attribute
    associated, their Group participation or place in
    a Structure.

14
Lawson Security 9.0 Modeling
  • There isnt just one way to build an
    organizations Lawson Security Design. There may
    be several ways to accomplish the same goal of
    Granting/ Controlling Access. There may be a
    best solution based on the maintenance or
    performance even though theres no right/wrong
    solution.
  • Release all past constraints from Lawson or Other
    Systems.
  • Create many Lawson Security Models. Narrow down
    the possibilities based on efficiency and
    maintenance.
  • Shoot for capturing 95 of Users authorizations
    with Standard Roles and Security Classes.
  • Avoid 1 to 1 Relationships between the Role and
    Security Class. Security Classes are task
    Authorizations connected to a Role.

15
Bad Model
  • Contains Security Class Rules with hard-coded
    Data for controlling access. (Process Levels,
    Accounting Units, User Ids) Examine the qualifier
    and find a dynamic way of determining access.
  • Multiple Security Classes covering the same Task
    or Securable Objects. Lawson Security allows for
    multiple conditional rule expressions. Security
    Classes should be reusable and adjust based on
    User information.
  • If Past Security is being implemented. It may
    appear to reduce the Lawson Security effort but
    will eliminate the benefits.

16
(No Transcript)
17
(No Transcript)
18
A Mapping Example
19
Security Classes
Securable Objects
Roles
Users
A
Employee SS
Employee SS
Form HR11.1
Employee SS GL Clerk
B
Journal Entry JE Release
Form GL40.1 Form GL45.1
Employee Edit PA Entry Dependent Edit
Form HR11.1 Form PA52.1 Form HR13.1
Employee SS HR Manager
C
20
Facts
  • Lawson Security assists organizations in areas of
    Compliance and Audit.
  • Lawson Security Planning and Analysis is crucial.
  • Lawson Security requires effort upfront in
    exchange for reduced maintenance.
  • Lawson Security should be active throughout the
    Implementation. Lead Time is required.

21
Additional Documentation
  • Various documents are available as follows
  • http//support.lawson.com
  • Lawson Administration Resources Security Guide

22
Questions?
Write a Comment
User Comments (0)
About PowerShow.com