Presentation is loading. Please wait.

Presentation is loading. Please wait.

8.1 Lawson Security Overview Del Dehn Product Manager.

Published byImogene Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "8.1 Lawson Security Overview Del Dehn Product Manager."— Presentation transcript:

1 8.1 Lawson Security Overview Del Dehn Product Manager

2 Agenda Security domains Upgrade considerations Summary 8.1 Technology project update Questions and answers

3 Lawson Security Domains 8.1.0 Technology Security Domains User management Authentication Authorization

4 Lawson Security Authorization Authentication/ Single sign-on Resource Management

5 Lawson Security Business process focused security Central repository for security administration (Resources) Organizational modeling (Roles) Rules builder (Rules) Single sign-on Additive security paradigm Database auditing (front-end, back-end sign-on)

6 Lawson Security: Design Features Designed as a centralized service –Callable by all Lawson layers Roles and Rules based –An industry prevalent approach Driven by user and corporate information –Flexible security to accommodate the customer’s business structures Administration tool for policy modeling –Test new structures or security policies Attribute based security –Same concept as attributes in LDAP structures Fine grained securable objects –For example, field level security

7 User Management

8 User Management Domain Lawson Resource Management Central repository for globally interesting data –user name, email address and roles Create custom attributes Structure – organizational chart modeling Non-organizational chart structures allowed

9 Organizational Modeling: Changes for Individuals Project Manager is promoted to CFO “Roles” domain LDAP Server Microsoft ADAM 2003 Changes to structures can be made in a “drag and drop” fashion

10 Organizational Modeling: Changes for Groups Director of Marketing with all of his/her directly reporting Marketing Managers is moved to the direct supervision of the newly created position of VP of Marketing LDAP Server Microsoft ADAM 2003 “Roles” domain Changes to structures can be made in a “drag and drop” fashion

11 Resource Management: Structure

12 Authentication

13 Authentication Domain Lawson Authentication 8.1.0 –Single Sign-on –Database (DB) user authentication –Session management –Secure credential storage –Identity management

14 Single Sign-on for End Users

15 Authorization

16 Authorization Domain The new Lawson Security model Business process focused Rules and Roles based Granular security checking Object oriented Flexible policy modeling –Allows organizational modeling for security –Allows attribute driven policies –Element based policies Allows for distributed administration

17 Authorization: Roles and Rules Roles –Organizational roles –Organizational structures Rules –Rules builder –Simple or complex Rules written for Roles govern the security privileges of end-users assigned to a Role(s)

18 Benefits of Role-Based Security Transparency –User’s roles are defined by business needs –Security classes and privileges are defined by business tasks Stability –Access needs for a task do not change often –User’s roles change more frequently Efficiency –Changing access for a given task accomplishes changes for all affected users

19 Lawson Security: New Rules Rules apply to “securable objects” –Product lines –System codes –Forms and their fields –Drill Around® –Tables and the columns in a row –Environment objects – printers, etc.

20 Security Rules Rules can be unconditional –Grant All Access/Deny Any Access –Builds fast, efficient access control lists Rules can be unconditional but allow limited access –Inquire only, for example Example –ADD_EMPLOYEE class: EMPLOYEE table: ALL_ACCESS (users that are employees can view their own information)

21 Conditional Rules Data can be secured based on attributes of the user –If (user.getAttribute(‘Department’)== ‘HR’) then ‘IACD’ else ‘I’ (if user is in HR Department, then can change information) Data can be secured based on the data values –If (table.EMPLOYEE == user.getEmployeeId()) then ‘IACD’ else ‘I’ (user can change own information and see all others) Data can be secured using other kinds of functions –Time of day, database reads, etc.

22 New Security Model Rules express security policies - Rule execution allows or denies access to a securable object Security Classes group rules for common tasks - Constitutes a task oriented privilege pack Multiple security classes to Roles - Easy creation of Roles with overlapping functionalities Multiple Roles to users - Allows for multiple responsibilities

23 A Security Policy Illustration Users Roles Security Classes Securable Objects Jane John Steve Mary Employee HR Manager Payroll Manager Payroll Clerk Employee Info Manager Info Payroll Access Form HR11 Check Printer Note: Users can be assigned multiple Roles simultaneously

24 Lawson Security Securable Objects

25 Deny Access to a Form Field

26 Security “Off” – All Form Transfers are Available *

27 Secured: Form Transfers are Hidden

28 Upgrade Considerations

29 Lawson Security: 8.1 release Provides security for all Lawson Portal based products –LAUA security – not required –Security extensions (Ex. HR security) - not required Lawson Security and LAUA security can operate concurrently –Lawson Security – Lawson Portal Users ONLY –LAUA security – Lawson Portal Users and LID users –Each end user must be secured by only one security mechanism, not both

30 Transitioning to 8.1 Lawson Security Security mechanism assignment per end user Enables phased migration from LAUA security to Lawson Security Migration from LAUA to Lawson Security by: –End user –Role –Group –Structure –Etc. Not a “Big Bang” approach

31 Lawson 8.1 Technology Release 8.1 Technology = Environment, Internet Object Services (IOS) and Lawson Portal 8.1 Technology will support: –8.1 Applications –8.0.X Applications Existing or upgrading 8.0.X Applications customers are not “cut off” from implementing 8.1 Technology 8.0.X Applications customers can utilize 8.1 Technology features without needing to upgrade to 8.1 Applications

32 8.1 Lawson Security: Summary Flexibility and power to create security policies based on how your organization does business Major components: –Resource Management and LDAP (roles, structures) –Authorization (rules engine) –Authentication and Single sign-on (SSO)

33 8.1 Technology Project Update The scheduled release of Lawson 8.1 Technology has been moved to Lawson’s Q1FY06 (June – August 2005) after a recent review of the project’s milestones and metrics. This release is being measured against the quality standards and milestones of Lawson’s CMMI methodology and whole company readiness metrics. The review indicated that an adjustment to the proposed schedule would not only deliver much improved performance, usability and security, but also a quicker time to benefit for Lawson clients.

34 Questions?

Download ppt "8.1 Lawson Security Overview Del Dehn Product Manager."

Similar presentations

Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.

Efficient, Productive Solutions SECURITY SOLUTIONS for LAWSON SOFTWARE Part of our RISK MANAGEMENT SUITE FOR LAWSON S3 Thank you for taking the time to.
C6 Databases.

C6 Databases.
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.

0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Access Control Methodologies

Access Control Methodologies
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory

Understanding Active Directory
University of Southern California Enterprise Wide Information Systems Instructor: Richard W. Vawter.

University of Southern California Enterprise Wide Information Systems Instructor: Richard W. Vawter.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Chapter 6 Database Design

Chapter 6 Database Design
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google