security 9 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security 9 PowerPoint Presentation
Download Presentation
Security 9

Loading in 2 Seconds...

play fullscreen
1 / 85

Security 9 - PowerPoint PPT Presentation


  • 178 Views
  • Uploaded on

Security 9. Joe Faltesek September 27, 2006. Items. User Can Have Many Roles More Securable Objects More Reporting With Segregation of Duties Better User Interface Related Tables in Rules Field Level on Screens Security by Types. User. Roles (jobs). Classes (tasks).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security 9' - quade


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security 9

Security 9

Joe Faltesek September 27, 2006

items
Items
  • User Can Have Many Roles
  • More Securable Objects
  • More Reporting With Segregation of Duties
  • Better User Interface
  • Related Tables in Rules
  • Field Level on Screens
  • Security by Types
user can have unlimited roles

User

Roles (jobs)

Classes (tasks)

Rules: can be conditional or unconditional

Securable Objects:

Systems (AP vs. PR)

Entities

Whole Reports

Whole DB Instances

Screens

Divisions

Report Rows

Whole DB Tables

Screen Fields

Departments

Report Columns

DB Columns

Screen Actions

Employee Groups

Report Sections

DB Rows

User Can Have Unlimited Roles
more securable objects

User

Roles (jobs)

Classes (tasks)

Rules: can be conditional or unconditional

Securable Objects:

Systems (AP vs. PR)

Entities

Whole Reports

Whole DB Instances

Screens

Divisions

Report Rows

Whole DB Tables

Screen Fields

Departments

Report Columns

DB Columns

Screen Actions

Employee Groups

Report Sections

DB Rows

More Securable Objects
much more reporting segregation of duties7
Much More Reporting: Segregation of Duties
  • Segregation of Duties
  • Profile List
  • Security Class
  • Auditing
  • User Security
  • Object Security
  • Role / User Assignment
  • Role / Security Class Assignment
  • Rule Report
  • Identities for Resource
  • Service Definition List
  • Resource Management Report
queries related tables
Queries & Related Tables
  • Extra measure of security
  • Applies to drills & queries
  • 9 can secure based on related tables
business goal
Business Goal

Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

technology details
Technology Details

In this demo we will use a relationship from pay history table to the employee table. Securing based on related tables is new for the 9 technology release.

summary
Summary
  • Extra measure of security
  • Applies to drills & queries
  • 9 can secure based on related tables

Business Goal:

Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

demo focus
Demo Focus
  • Securing by job role with separation of duties
  • Uses LDAP
  • Much more reporting
business goal27
Business Goal

Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable.

security entity relationships
Security Entity Relationships

Product Line /

Data Source

User

Roles (jobs)

Profile Contains:

Classes (tasks)

Rules

Securable Objects (tables, fields, forms…)

security entity relationships29
Security Entity Relationships

Product Line /

Data Source

User

Path We Will Follow

Roles (jobs)

Profile Contains:

Classes (tasks)

Rules

Securable Objects (tables, fields, forms…)

summary52
Summary
  • Demo Focus:
  • Securing by job role with separation of duties
  • Uses LDAP
  • Much more reporting

Business goal met in this demo:

Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable.

demo focus53
Demo Focus
  • Types allows for rapid class setup
  • Rapid may not be thorough enough
  • Field level security available for all Lawson applications
business goals
Business Goals

Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors.

*Be careful with this. Sometimes rapid is the enemy of thorough.

security entities we will focus on rules
Security Entities: we will focus on rules

Product Line /

Data Source

User

Roles (jobs)

Profile Contains:

Classes (tasks)

Rules

Securable Objects (tables, fields, forms…)

user role class rule
User -> Role -> Class -> Rule

Types allow rapid rule setup

summary75
Summary
  • Demo Focus:
  • Types allows for rapid class setup
  • Rapid may not be thorough enough
  • Field level security available for all Lawson applications

Business goals met in this demo:

Speed* up security rules setup. Secure the vendor status code field so only supervisors can activate and deactivate vendors.

*Be careful with this. Sometimes rapid is the enemy of thorough.

lsf 9 0 ldap
LSF 9.0: LDAP

Lightweight Directory Access Protocol (LDAP): A protocol that accesses a central repository of globally interesting information.

LDAP is a new requirement with LSF 9.0. LDAP must be used to store Lawson user information.

LDAP Binding (Industry Standard Term): Capability of connecting two LDAP repositories to reduce maintenance and administration.

Note: LDAP Binding is not provided as part of the standard LPS LSF installation.

lsf 9 common questions
LSF 9 – Common Questions
  • Am I required to use an LDAP Server with LSF 9?
    • Yes: RD30 is gone. SEA security information is in LDAP.
    • Supported LDAPs: MS ADAM and Tivoli Directory Server.
security 9 common questions
Security 9 – Common Questions
  • May I use the Lawson Interface Desktop (LID) with LSF 9?
    • Yes: LID uses LAUA security.
    • Portal uses LAUA or 9 security.
lawson release 9 migration information
Lawson Release 9 - Migration Information
  • Minimum Starting Points for Lawson Products
      • Environment v8.0.3 with most recent ESP (ESP7)
      • Applications
        • v8.0.2MSP8
        • v8.0.3MSP10
        • v8.1MSP5
  • Ending Point Comments for Lawson Products
      • Portal 9.0 / LID (backward compatible)
      • LSF 9.0
      • SSO enabled SEA’s
lsf 9 migration process
LSF 9 – Migration Process
  • LSF 9.0 is a Whole New Product/Solution
  • Process of Moving a Client From Environment 8.x to LSF 9 Involves:
    • Installing LSF 9.0
    • Extracting “Lawson Environment and System Data” From Environment 8.x Environment
    • Migrating/Uploading the System Data into LSF 9.0
lsf 9 migration information
LSF 9 - Migration Information
  • Migration programs will be provided to migrate user data from Technology 8.0.3 to 9.0
  • Items that get migrated
    • Users
    • LAUA Security classes
    • Jobs
    • Reports
    • ProcessFlows / BCI Procedures
lawson release 9 preparation
Lawson Release 9 - Preparation
  • Consider Lawson Portal transition plan in conjunction with Lawson Security
  • Plan for LDAP, if not already in your enterprise
  • Begin business analysis for Lawson Security
    • Start analyzing and understanding roles and tasks
    • Start designing security policies; roles and rules
    • Start modeling company structure
    • Start identifying the order in which departments will transition
frequently asked questions
Frequently Asked Questions
  • What is the migration path to 9.0 technologies? Can I migrate Environment 8.0.2 directly to LSF 9?
  • Minimum Starting Points for Lawson Products
    • Environment v8.0.3 with most recent ESP (ESP7)
    • Applications v8.0.2MSP8, v8.0.3MSP10, or v8.1MSP5 (with required CTPs)
  • Ending Point Comments for Lawson Products
    • Portal 9.0 / LID (backward compatible)
    • Env v9.0
    • SSO enabled SEA’s
frequently asked questions84
Frequently Asked Questions

Can we move from Environment 8.0.3 to LSF 9 on our own?   Are we required to use Lawson services?

  • You may move from Environment 8.0.3 SP#7 to LSF 9.0 on your own without a certified Lawson installer.   However, Lawson highly recommends using a certified installation resource to limit potential issues with support and delaying your migration strategies.  
impact of security 9

Impact Of Security 9

Joe Faltesek August 25, 2006