Lawson M3 Function Security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

Lawson M3 Function Security PowerPoint PPT Presentation


  • 913 Views
  • Uploaded on
  • Presentation posted in: General

Lawson M3 Function Security. Lawson Learning [email protected] M3 Function Security by Authority. Agenda. SES003 Methodology Role-based Security Methodology Summarised Comparison. M3 Function Security by Authority. Function Security Options.

Download Presentation

Lawson M3 Function Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Lawson m3 function security

Lawson M3 Function Security

Lawson Learning

[email protected]


Agenda

M3 Function Security by Authority

Agenda

  • SES003 Methodology

  • Role-based Security Methodology

  • Summarised Comparison


Function security options

M3 Function Security by Authority

Function Security Options

From V13.1 of Lawson M3, two methods are provided through which security is managed on the function level:

  • 0 Authorities (SES003)

  • 1 Permissions (SES400) – Role-based Security

    The method to be used is determined by a new property in Movex.properties: app.pgm.CAUTCHK.mode


Lawson m3 function security

M3 Function Security by Authority

Function Security Using SES003

Function

Authority

User

Full update capability

CRS610

Display only

CRS610

Disallowed

CRS610


Using groups with ses003

M3 Function Security by Authority

Using Groups with SES003

Function groups

User groups

A user cannot be in more than one group

A function cannot be in more than one group

A group cannot be in another group

Exceptions allowed

  • Individual can be named in SES003 even if in a group, with a contradictory setting


Rules for groups

M3 Function Security by Authority

Rules for Groups

Group “ACCOUNTS”

Correct

Incorrect

Incorrect

User is member of two groups

Group within a group


Lawson m3 function security

Buying

Buyer

Purch Admin

PurchMgr

Finance

Fin Funcs

IT Admin

Sys Admin

M3 Function Security by Authority

SES003 Security Mechanism – 4-Tier Model

USER

USER GROUP

FUNCTION GROUP

FUNCTION

PPS170

PPS180

SES003

PPS200

PPS235

PPS280

APS100

ARS100

GLS047

MNS150

MNS204

MNS205


Lawson m3 function security

M3 Function Security by Authority

Function SES003, “Function. Connect authority”

  • SES003 entries can specify disallow as well as allow


Lawson m3 function security

Buying

Buyer

Purch Admin

PurchMgr

Finance

Fin Funcs

IT Admin

Sys Admin

M3 Function Security by Authority

SES003 Security Mechanism – 4-Tier Model

USER

USER GROUP

FUNCTION GROUP

FUNCTION

PPS170

PPS180

PPS200

PPS235

PPS280

APS100

ARS100

DISALLOW

GLS047

DISALLOW

MNS150

MNS204

MNS205


Basic options

Basic Options

Basic Options appear in many -but not all - Lawson M3 programs


Basic options can be secured in ses400

Basic Options can be secured in SES400

Option 1 - Create

Option 2 - Change

Option 3 - Copy

Option 4 - Delete

Option 5 - Display


Lawson m3 function security

M3 Function Security by Authority

Using SES003 to Secure Standard Options


Lawson m3 function security

M3 Function Security by Authority

Using SES003 to Secure Function Keys

Function keys 1-24 can be controlled in SES003


Lawson m3 function security

secure

secure

secure

M3 Function Security by Authority

SES003 Mechanism – Conceptual View

Function Definitions

MMS001

MMS002

MMS003

MMS004

MMS006

MMS010

MMS015

MMS020

MMS025

Company

100

Central division

(division blank)

SES003 entries

Company

200

Central division

(division blank)

Company

300

Central division

(division blank)

secure

secure

Division

A

Division

B

Division

A

Division

B

Division

A

Division

B

Optionally lock some functions

Make allowing or disallowing entries in SES003

Optionally leave some companies unsecured


Lawson m3 function security

M3 Role-based Security


Function security options1

M3 Function Security by Authority

Function Security Options

From V13.1 of Lawson M3, two methods are provided through which security is managed on the function level:

  • 0 Authorities (SES003)

  • 1 Permissions (SES400) – Role-based Security

    The method to be used is determined by a new property in Movex.properties: app.pgm.CAUTCHK.mode


Function access the need for security

MMS006

MMS026

MMS025

MMS020

MMS015

MMS010

MMS006

MMS004

MMS003

MMS002

MMS001

M3 Role-based Security

Function Access – The Need for Security

  • Function definition attribute Authority Required

    • determines whether the function is accessible

    • unchecked -Implicit Permission

      • the function is “unlocked” – open for access to users

By default all functions are accessible to all users

  • no permissions set-up is required to enable access

------------------ Function definitions ------------------

  • checked - Explicit Permission

    • the function is “locked” - closed to users unless they have permission

All M3 function definitions are maintained by MNS110

  • Checking the Authority Required box is the only way to deny access to a function


Roles

Buyer

PurchMgr

M3 Role-based Security

Roles

  • Roles

    • define a set of authorizations in M3 Business Engine

    • connect users to roles

    • each connection of user and role can have validity dates

      • for temporary cover during absence/vacation

  • a user can be connected to several roles at the same time


M3 role based security mechanism 3 tier model

Buyer

PurchMgr

Finance

IT Admin

M3 Role-based Security

M3 Role-based Security Mechanism – 3-Tier Model

ROLE

USER

FUNCTION

SES400

PPS170

PPS180

PPS200

PPS235

PPS280

APS100

ARS100

GLS047

MNS150

MNS204

MNS205


Basic options1

Basic Options

Basic Options appear in many -but not all - Lawson M3 programs


Basic options can be secured in ses4001

Basic Options can be secured in SES400

Option 1 - Create

Option 2 - Change

Option 3 - Copy

Option 4 - Delete

Option 5 - Display


Ses400 permissions setup example

M3 Role-based Security

SES400 Permissions Setup - example

Specify the function/role combination, and a company/division

Specify the basic & related options, and function keys permitted


The rules of permissions setup

M3 Role-based Security

The Rules of Permissions Setup

Set-up enables control of permissions for

  • all Basic Options (option 1 – 9)

  • all Related Options (option 10 - 99)

  • all function keys (F1 – F24)

    If a user is connected toseveral roles with different permissions for a certain function, the least restrictive permission applies

  • user receives all authorities added together

    Each company/division has its own permissions settings

  • no dependency between companies/divisions


The rules of permissions setup1

M3 Role-based Security

The Rules of Permissions Setup

SES400 settings are passed to autostart job SES900 to process

  • SES400 settings are by function and role level

  • system expands roles to create individual user permissions

  • system expands functions that contain security-inheriting programs (see Program Inheritance)

    Permissions are automatically updated by the system, when necessary

  • deleting users

  • copying roles

  • maintaining roles membership

  • when role validity dates are passed

    Permissions can be viewed using SES401

  • you see what the system sees during a security check


Permissions display ses401

Inquiry types:

M3 Role-based Security

Permissions. Display (SES401)

  • In the permissions display you can view the results of the setup


Permissions display ses401 panel e

M3 Role-based Security

Permissions. Display (SES401) - Panel E

  • In the permissions display E panel you can view the detail for each program/user

Displays all ‘possible’ options or function keys in an M3 BE program.

(Options and function keys that do not exist in the actual program are, of course, obsolete in this panel)


Copying roles in mns405

M3 Role-based Security

Copying Roles in MNS405

  • When copying a role, options exist to copy

    • connected users

    • connected permissions


Forcing automatic creation of permissions

Peter

MMS006

Marie

MMS026

MMS025

MMS020

MMS015

PPS200

MMS006

MMS004

MMS003

PPS170

MMS006

MMS001

MMS001

GLS040

IT Admin

M3 Role-based Security

Forcing Automatic Creation of Permissions

Permissions

UserProgram

Marie PPS170

Peter PPS170 Marie OIS326 Peter OIS326

Marie PPS171 Peter PPS171

Marie PPS172 Peter PPS172

Marie PPS173 Peter PPS173

PPS008

CRS340

PPS173

PPS172

Marie PPS200

Peter PPS200

Marie CRS340

Peter CRS340

Marie PPS008 Peter PPS008

PPS171

OIS326

Marie MMS025 Peter MMS025

Marie MMS026

Peter MMS026


Lawson m3 function security

secure

secure

secure

M3 Function Security by Authority

Role-based Security Mechanism – Conceptual View

Function Definitions

MMS001

MMS002

MMS003

MMS004

MMS006

MMS010

MMS015

MMS020

MMS025

Company

100

Central division

(division blank)

SES400 entries

Company

200

Central division

(division blank)

Company

300

Central division

(division blank)

secure

secure

secure

secure

secure

secure

Division

A

Division

A

Division

A

Division

B

Division

B

Division

B

Lock all functions

Create permissions in SES400

All companies need permissions set up


Lawson m3 function security

secure

secure

secure

secure

M3 Function Security by Authority

Company/division Comparison

SES003 Method

Role-based Method

Company

100

central division

(division blank)

Company

200

central division

(division blank)

SES400 entries

SES003 entries

Division

A

Division

C

Division

A

Division

C

Each company has its own policy

Each division must have its own policy

Divisions follow company policy if no entries of their own.

E.g. Division C is secured.

Divisions without SES400 entries are unsecured.

E.g. Division C is unsecured.


Lawson m3 function security

M3 Function Security by Authority

Comparison between SES003 and Role-based Mechanisms

*

*

*

*

*

*

*

*

*

*


Lawson m3 function security

Buyer

PurchMgr

Finance

IT Support

IT Admin

M3 Role-based Security

ROLE

USER

FUNCTION

SES400

PPS170

MNS410

LL0101

PPS180

PPS200

PPS235

LL0102

PPS280

APS100

LL0103

ARS100

LL0104

GLS047

MNS150

MNS150

MNS204

MNS204

LL0105

M3SRVADM

View only

MNS205

MNS205

Plus all MNS and SES functions


  • Login