Simplify the move to Lawson Security 9
Introducing
SECURITY MIGRATION
Agen
da» Background
» LAUA Security Methodology
» LS9 Security Methodology
» Migration Process
» Our Solution
» Deliverables
» Tips & Tricks
Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done
soon!
Founded by Dan and Brad Kinsey, K&K has provided soft ware sales, implementati ons, support and development for over 29 years.
Lawson reseller and implementati on partner since 1996
Lawson Certi fi ed Systems Integrator Partner
Lawson Complementary Soft ware Partner
Lawson’s “Go to” Reseller/Implementer for Public Sector
2 ti me Partner of the Year
Focusing on the development of Lawson complementary soft ware products
Our Background
A little about us.
LAUA Security Methodology
LAUA security is a structured Silo model built by creating Security Classes that restrict access to specific System Codes, Forms,
Function Codes and Tables. A major restriction of this model is that it fails to provide any ability to share security settings between
Security Classes. And since users can only be attached to a single Security Class, a slightly different job requirement requires an
entirely new Security Class.
Let me provide a brief explanation
of how LAUA security works.
LAUA Silo Structure
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Clerk
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Assist
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Super
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Admin
I call this the Silo effect. Nothing about your security is shared
from one class to another making the
model difficult to manage.
LAUA Silo Structure
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Clerk
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Assist
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Super
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Admin
When you set up a new class full access is
provide by default. You can then restrict
access to systems, table, forms and
functions.
LAUA Silo Structure
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Clerk
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Assist
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Super
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC Admin
A slightly different role requires you to set up
a new class. In this example black
represents full access, red is no access, and blue is inquiry only.
LS9 Security Methodology
Lawson has changed the security model to follow a role based structure. In this model Security Classes are created to group a
series of forms together to accomplish a specific task. (i.e. IC Setup). These Security Classes (tasks) are then assigned to Roles
within the organization (i.e. Inventory Manager). Security Classes can be shared between multiple roles and users can be
assigned to more than one role in the organization.
Lawson adopted a new methodology
with Security 9
LS9 Structure
IC Admin
IC Super IC Clerk
IC Assist
Inventory02
IC10.2IC11.1
IC10.1
IC11.2 IC11.3
IC11.6
IC12.2 IC15.1
IC12.1
IC20.1
IC20.2
IC20.4IC21.1IC11.
4 IC11.5
IC242 IC241 IC240
IC262 IC260
IC280
IC246
Inventory01
IC20.1IC20.2
IC11.6
IC20.4 IC21.1
Inventory05
IC11.2IC11.3
IC11.1
IC11.4 IC11.5
Inventory04
No User access is provided by default
Security Classes (Tasks) grant specific Form, Function Code and Table access
Conditional Logic can be added at any levelObjects are shared between Roles and Users
Multiple Roles can be assigned to a User
This example reflects the same security access as the LAUA graphic only now
organized by Role and Task. Some major
differences are listed below.
IC01.1 IC01.2 IC06.1 IC07.1
IC08.1IC200IC201 IC202
Inventory03
Accuracy ResourcesCost Time
Complementing Lawson Solutions
So what are our customers’ biggest
concerns?
» Define your organization’s Roles (AP Manager, AP Clerk)
» Define a list of operational tasks (AP Invoice Entry, Check Processing)
» Assign form names to each Task (over 6000 forms)
» Assign table names to each Task» Determine access Rules for each form (ACDINP+-)
» Build your Task (Security Classes)» Build your Roles» Determine which forms each user needs to access for proper class assignments» Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users» Implement form Rules» Build conditional logic» Perform positive and negative Testing
BUILDING LS9At a high level these
are the steps you need complete when setting up Security 9. Click to see what our utility
can do for you automatically!
» Define your organization’s Roles (AP Manager, AP Clerk)» Define a list of operational tasks (AP Invoice Entry, Check Processing)
» Assign form names to each Task (over 6000 forms)
» Assign table names to each Task» Determine access Rules for each form (ACDINP+-)» Build your Task (Security Classes)» Build your Roles» Determine which forms each user needs to access for proper class assignments» Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users» Implement form Rules» Build conditional logic» Perform positive and negative Testing
BUILDING LS9Your Roles, Security
Classes and User assignments are
created automatically ! You’re well on you way
to building a new model!
Identifying and Validating the forms a User needs to access
Organizing over 6,000 forms and tables into Security Classes
Properly restricting function code access for each form
Building conditional Logic
Creating and assigning Roles to users
Verifying User security
So what’s the challenge? Well, how about these
thoughts….
Our 3 Step Approach
2Build & Load
1Analyze & Tune
3Customize,
Validate & Deploy
Let’s explore our 3 step
approach….
» Use our Listener to find the forms that are being accessed
» Analyze LAUA using our SOD violation report
» Identity common access points between Security Classes to eliminate redundant classes
STEP 1 - TUNE
1Analyze & Tune
Our process is based on analyzing and tuning LAUA before we build LS9. Let me explain how these 3 steps
help us with that challenge.
LISTEN
IC Clerk
IC Assist
IC Super
IC Admin
Lawson ApplicationsListener Application
LawsonDatabase
ListenerDatabase
Analyze & Tune
Our Listener application will collect information on who, when and how every form has been used.
Over a period of a few weeks we track all form activity for
each user.
Use the Listener Pivot tables to analyze actual usage by Security Class/Form, User/Form, User/System Code, or System Code/Security Class
Analyze & Tune
LISTENWe then analyze this data in many different fashions using pivot tables.
The Tokens Not Used report compares your actual usage to your security setti ngs. For tokens not being used simply drag and drop the word ‘DENY’ in any cell to change LAUA security.
Analyze & Tune
TOKENS NOT USEDThe listener results are
then compared to your LAUA security settings. You can
change LAUA straight from Excel.
ANALYZE - SOD
Analyze &
Tune
Segregati on of Duti es ensures an appropriate level of checks and balances upon the acti viti es of individuals.
The next step involves using our segregation of duties module to
look for potential problems in LAUA.
ANALYZE - SOD
Analyze &
Tune
Our 192 policies use over 2000 rules to
make sure you have implemented the proper checks and
balances.
ANALYZE - SOD
Analyze &
Tune
You can now use this report to change LAUA
and prevent future violations in LS9.
The LAUA Class Comparison Graph helps identi fy the security classes that may be similar.
ANALYZE - REPORT
Analyze &
Tune
Next we want to check for redundant
classes. This comparison graph
highlights where we might have similar
LAUA classes.
Using the LAUA Security Report allows you to evaluate specifi c security class setti ngs and diff erences. This report includes security setti ngs for forms, tables, conditi onal logic, data security and user profi les.
ANALYZE
Analyze &
Tune
Our LAUA reporting allows you to review
exactly how your security is defined.
ANALYZE
Analyze &
Tune
Security classes are lined up side by side
allowing you to easily see any differences.
ANALYZE & TUNE
Analyze &
Tune
So now that we have tuned LAUA based on
actual usage, segregation of duty
violations and redundant classes let’s move on the
Step 2.
Conversion Utility » Create Security Classes
» Create Roles
» Assign Security Classes to Roles
» Assign Roles to the appropriate Users
» Create LS9 profile using Lawson’s load uti lities
STEP 2 - BUILD
2Build & Load
Our utility will do these steps
for you automatically!
LS9 Structure
IC11.6
IC20.1IC20.2
IC20.4IC21.1
IC11.1 IC11.2 IC11.3
IC11.5IC11.4
IC11.1 IC11.2 IC11.3
IC11.5IC11.4
IC10.1 IC10.2
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC12.2 IC15.1
IC12.1
IC10.1 IC10.2
IC240 IC241
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC12.2 IC15.1
IC12.1 IC246 IC260
IC242
IC262
IC11.6
IC280IC20.1IC20.2
IC20.4IC21.1
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC01.1 IC01.2
IC06.1 IC07.1 IC08.1IC200IC201 IC202
IC240 IC241
IC246 IC260
IC242
IC262IC280
IC240 IC241
IC246 IC260
IC242
IC262IC280
IC240 IC241
IC246 IC260
IC242
IC262IC280
IC10.1 IC10.2 IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC11.6
IC20.1IC20.2
IC20.4IC21.1
IC10.1 IC10.2 IC11.1 IC11.2 IC11.3
IC11.5
IC12.2 IC15.1
IC11.4
IC12.1 IC11.6
IC20.1IC20.2
IC20.4IC21.1
IC Clerk
IC Assist
IC Super
IC Admin
IC242 IC241 IC240
IC262 IC260
IC280
IC246
Inventory01 Inventory02
IC10.2IC11.1
IC10.1
IC11.2 IC11.3
IC11.6
IC12.2 IC15.1
IC12.1
IC20.1
IC20.2
IC20.4IC21.1IC11.
4 IC11.5
IC01.1 IC01.2 IC06.1 IC07.1
IC08.1IC200IC201 IC202
Inventory03
IC11.2IC11.3
IC11.1
IC11.4 IC11.5
Inventory04
IC20.1IC20.2
IC11.6
IC20.4 IC21.1
Inventory05
The utility identifies common access between Security Classes and creates an LS9 task.
Let’s go back to the original LAUA diagram. By identifying common access for each system code across all security classes we can create
unique task. Click to see how.
LS9 Structure
IC Admin
IC Super IC Clerk
IC Assist
Inventory02
IC10.2IC11.1
IC10.1
IC11.2 IC11.3
IC11.6
IC12.2 IC15.1
IC12.1
IC20.1
IC20.2
IC20.4IC21.1IC11.
4 IC11.5
IC01.1 IC01.2 IC06.1 IC07.1
IC08.1IC200IC201 IC202
Inventory03
IC242 IC241 IC240
IC262 IC260
IC280
IC246
Inventory01
IC20.1IC20.2
IC11.6
IC20.4 IC21.1
Inventory05
IC11.2IC11.3
IC11.1
IC11.4 IC11.5
Inventory04
Roles
ICTABLES
Inventory
IC Tables
Your old security classes become Roles,
the class are built automatically and we
make the proper connections including
tables.
LS9 Structure
IC Admin
IC Super IC Clerk
IC Assist
Roles
ICTABLES
Inventory
IC Tables
IC Setup 01
IC10.2IC11.1
IC10.1
IC11.2 IC11.3
IC11.6
IC12.2 IC15.1
IC12.1
IC20.1
IC20.2
IC20.4IC21.1IC11.
4 IC11.5
IC Setup 02IC01.1 IC01.2 IC06.1
IC07.1 IC08.1
IC Reports 01IC200IC201 IC202 IC242
IC241 IC240
IC262 IC260
IC280
IC246
IC Reports 02
IC20.1IC20.2
IC11.6
IC20.4 IC21.1
IC Setup RO 01
IC11.2IC11.3
IC11.1
IC11.4 IC11.5
IC Setup RO 02
Categories: Setup, Processing, Analysis, Update Batch Job, Purge Batches, Reports, Interfaces, and Miscellaneous.
If you need to be more granular we can create
classes based on the category list shown
here.
» Compare and tune form access rules
» Evaluate and create conditional logic
» Validate User access
» Activate Security 9
STEP 3
3Customize, Validate &
Deploy
You’re now ready for the final phase where we add special logic, tune function codes and get the users to
do some testing.
OUTLIER REPORT
Customize, Validate &
Deploy
The Outliers report identifies any special
function rules in LAUA that we may want to
incorporate in the LS9 model.
ANALYZE & TUNE
Analyze &
Tune
One you tweak your function codes some
additional time may be required to build special
rules based on your organizations
requirements, but your pretty much ready for
testing.
Security 9 Reports – Security Admin Reports
You’ll have access to our security
dashboard to evaluate any security
settings while performing your test.
Security 9 Reports – Security Admin Reports
Our flexible user interface makes it simple to analyze
your model.
VALIDATE - SOD
Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.
You can continue to use our segregation of
duties module to check for any user violations in LS9.
SELF SERVICE
Customize, Validate &
Deploy
We’re just about done . If you need help with self-service we deliver
a proven set of templates for ESS,
MSS and RCQ.
» Security Overview and Kickoff» Soft ware Installati on» Technical Support» Kinsey Project Manager» Report Training» Creati on of Security Classes and Roles» Security Class and Rule Analysis» Assist with Data Element Security » Assist with Conditi onal Logic» Proof of Concept Workshop» Security Testi ng» Security Training» Go Live Support
SERVICESHere is a quick overview of the services required
to complete the project. We will do as much as
you want or let you take the lead!
» Token Listener» Security Builder» Segregation of Duties» LAUA Reporting» LS9 Dashboard
TOOLSYou will have access
to all of these products during the
project.
HIGHLIGHTS» Takes advantage of the knowledge already put into LAUA security
» Utilizes actual form usage to fine tune security setti ngs
» Re-engineers LAUA to automatically build your LS9 security model
» Includes all Custom Forms created in your system
» Leverages Lawson’s uti liti es for building LDAP
» Takes signifi cantly less ti me than other methods
» Requires less of your resources
» It ’s built around your business practi ces
These highlights are what make us
different.
Guy HensonVP Business Developmentcell: [email protected]
And as we like to think, it’s not about
converting LAUA, it’s about building a better
model!