Presentation on theme: "Introducing SECURITY MIGRATION"— Presentation transcript:
1Introducing SECURITY MIGRATION Simplify the move to Lawson Security 9Introducing SECURITY MIGRATIONThis presentation demonstrates the new capabilities of PowerPoint and it is best viewed in Slide Show. These slides are designed to give you great ideas for the presentations you’ll create in PowerPoint 2010!For more sample templates, click the File tab, and then on the New tab, click Sample Templates.
2Agenda Background LAUA Security Methodology LS9 Security Methodology Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done soon!BackgroundLAUA Security MethodologyLS9 Security MethodologyMigration ProcessOur SolutionDeliverablesTips & TricksAgenda
3A little about us.Our BackgroundFounded by Dan and Brad Kinsey, K&K has provided software sales, implementations, support and development for over 29 years.Lawson reseller and implementation partner since 1996Lawson Certified Systems Integrator PartnerLawson Complementary Software PartnerLawson’s “Go to” Reseller/Implementer for Public Sector2 time Partner of the YearFocusing on the development of Lawson complementary software products
4LAUA Security Methodology Let me provide a brief explanation of how LAUA security works.LAUA Security MethodologyLAUA security is a structured Silo model built by creating Security Classes that restrict access to specific System Codes, Forms, Function Codes and Tables. A major restriction of this model is that it fails to provide any ability to share security settings between Security Classes. And since users can only be attached to a single Security Class, a slightly different job requirement requires an entirely new Security Class.
5LAUA Silo StructureI call this the Silo effect. Nothing about your security is shared from one class to another making the model difficult to manage.IC AdminIC SuperIC ClerkIC AssistIC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1
6LAUA Silo StructureWhen you set up a new class full access is provide by default. You can then restrict access to systems, table, forms and functions.IC AdminIC SuperIC ClerkIC AssistIC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1
7LAUA Silo StructureA slightly different role requires you to set up a new class. In this example black represents full access, red is no access, and blue is inquiry only.IC AdminIC SuperIC ClerkIC AssistIC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC240IC241IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1
8LS9 Security Methodology Lawson adopted a new methodology with Security 9LS9 Security MethodologyLawson has changed the security model to follow a role based structure. In this model Security Classes are created to group a series of forms together to accomplish a specific task. (i.e. IC Setup). These Security Classes (tasks) are then assigned to Roles within the organization (i.e. Inventory Manager). Security Classes can be shared between multiple roles and users can be assigned to more than one role in the organization.
9LS9 Structure No User access is provided by default This example reflects the same security access as the LAUA graphic only now organized by Role and Task. Some major differences are listed below.IC AdminIC SuperIC ClerkIC AssistIC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202Inventory03Inventory02IC10.2IC11.1IC10.1IC11.2IC11.3IC11.6IC12.2IC15.1IC12.1IC20.1IC20.2IC20.4IC21.1IC11.4IC11.5IC242IC241IC240IC262IC260IC280IC246Inventory01IC20.1IC20.2IC11.6IC20.4IC21.1Inventory05IC11.2IC11.3IC11.1IC11.4IC11.5Inventory04No User access is provided by defaultSecurity Classes (Tasks) grant specific Form, Function Code and Table accessConditional Logic can be added at any levelObjects are shared between Roles and UsersMultiple Roles can be assigned to a User
10Accuracy Resources Cost Time Complementing Lawson SolutionsSo what are our customers’ biggest concerns?Accuracy Resources Cost Time
11BUILDING LS9 Define your organization’s Roles (AP Manager, AP Clerk) At a high level these are the steps you need complete when setting up Security 9. Click to see what our utility can do for you automatically!Define your organization’s Roles (AP Manager, AP Clerk)Define a list of operational tasks (AP Invoice Entry, Check Processing)Assign form names to each Task (over 6000 forms)Assign table names to each TaskDetermine access Rules for each form (ACDINP+-)Build your Task (Security Classes)Build your RolesDetermine which forms each user needs to access for proper class assignmentsAssign your Task (Security Classes) to your RolesAssign your Roles to your UsersImplement form RulesBuild conditional logicPerform positive and negative Testing
12BUILDING LS9 Define your organization’s Roles (AP Manager, AP Clerk) Your Roles, Security Classes and User assignments are created automatically ! You’re well on you way to building a new model!Define your organization’s Roles (AP Manager, AP Clerk)Define a list of operational tasks (AP Invoice Entry, Check Processing)Assign form names to each Task (over 6000 forms)Assign table names to each TaskDetermine access Rules for each form (ACDINP+-)Build your Task (Security Classes)Build your RolesDetermine which forms each user needs to access for proper class assignmentsAssign your Task (Security Classes) to your RolesAssign your Roles to your UsersImplement form RulesBuild conditional logicPerform positive and negative Testing
13So what’s the challenge? Well, how about these thoughts…. Identifying and Validating the forms a User needs to accessOrganizing over 6,000 forms and tables into Security ClassesProperly restricting function code access for each formBuilding conditional LogicCreating and assigning Roles to usersVerifying User security
151 STEP 1 - TUNE Analyze & Tune Our process is based on analyzing and tuning LAUA before we build LS9. Let me explain how these 3 steps help us with that challenge.Use our Listener to find the forms that are being accessedAnalyze LAUA using our SOD violation reportIdentity common access points between Security Classes to eliminate redundant classes1Analyze & Tune
16Over a period of a few weeks we track all form activity for each user. Analyze & TuneLISTENIC ClerkIC AssistIC SuperIC AdminLawsonDatabaseLawson ApplicationsListener ApplicationListenerDatabaseOur Listener application will collect information on who, when and how every form has been used.
17Analyze & TuneLISTENWe then analyze this data in many different fashions using pivot tables.Use the Listener Pivot tables to analyze actual usage by Security Class/Form, User/Form, User/System Code, or System Code/Security Class
18Analyze & TuneTOKENS NOT USEDThe listener results are then compared to your LAUA security settings. You can change LAUA straight from Excel.The Tokens Not Used report compares your actual usage to your security settings. For tokens not being used simply drag and drop the word ‘DENY’ in any cell to change LAUA security.
19Analyze & TuneANALYZE - SODThe next step involves using our segregation of duties module to look for potential problems in LAUA.Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.
20ANALYZE - SOD Analyze & Tune Our 192 policies use over 2000 rules to make sure you have implemented the proper checks and balances.
21ANALYZE - SOD Analyze & Tune You can now use this report to change LAUA and prevent future violations in LS9.
22Analyze & TuneANALYZE - REPORTNext we want to check for redundant classes. This comparison graph highlights where we might have similar LAUA classes.The LAUA Class Comparison Graph helps identify the security classes that may be similar.
23Analyze & TuneANALYZEOur LAUA reporting allows you to review exactly how your security is defined.Using the LAUA Security Report allows you to evaluate specific security class settings and differences. This report includes security settings for forms, tables, conditional logic, data security and user profiles.
24Analyze & TuneANALYZESecurity classes are lined up side by side allowing you to easily see any differences.
25ANALYZE & TUNE Analyze & Tune So now that we have tuned LAUA based on actual usage, segregation of duty violations and redundant classes let’s move on the Step 2.
26Our utility will do these steps for you automatically! STEP 2 - BUILDConversion UtilityCreate Security ClassesCreate RolesAssign Security Classes to RolesAssign Roles to the appropriate UsersCreate LS9 profile using Lawson’s load utilities2Build & Load
27LS9 StructureIC242IC241IC240IC262IC260IC280IC246Inventory01Inventory02IC10.2IC11.1IC10.1IC11.2IC11.3IC11.6IC12.2IC15.1IC12.1IC20.1IC20.2IC20.4IC21.1IC11.4IC11.5Let’s go back to the original LAUA diagram. By identifying common access for each system code across all security classes we can create unique task. Click to see how.IC ClerkIC AssistIC SuperIC AdminIC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202Inventory03IC11.2IC11.3IC11.1IC11.4IC11.5Inventory04IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC10.1IC10.2IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202IC12.2IC15.1IC12.1IC240IC241IC246IC260IC242IC262IC11.6IC280IC20.1IC20.2IC20.4IC21.1IC10.1IC10.2IC11.1IC11.2IC11.3IC11.5IC12.2IC15.1IC11.4IC12.1IC11.6IC20.1IC20.2IC20.4IC21.1IC11.1IC11.2IC11.3IC11.5IC11.4IC240IC241IC246IC260IC242IC262IC280IC20.1IC20.2IC11.6IC20.4IC21.1Inventory05IC11.6IC20.1IC20.2IC20.4IC21.1The utility identifies common access between Security Classes and creates an LS9 task.
28LS9 StructureRolesIC AdminIC SuperIC ClerkIC AssistIC TablesInventory02IC10.2IC11.1IC10.1IC11.2IC11.3IC11.6IC12.2IC15.1IC12.1IC20.1IC20.2IC20.4IC21.1IC11.4IC11.5IC01.1IC01.2IC06.1IC07.1IC08.1IC200IC201IC202Inventory03IC242IC241IC240IC262IC260IC280IC246Inventory01IC20.1IC20.2IC11.6IC20.4IC21.1Inventory05IC11.2IC11.3IC11.1IC11.4IC11.5Inventory04ICTABLESInventoryYour old security classes become Roles, the class are built automatically and we make the proper connections including tables.
29LS9 StructureRolesIC AdminIC SuperIC ClerkIC AssistIC TablesIC Setup 01IC10.2IC11.1IC10.1IC11.2IC11.3IC11.6IC12.2IC15.1IC12.1IC20.1IC20.2IC20.4IC21.1IC11.4IC11.5IC Setup 02IC01.1IC01.2IC06.1IC07.1IC08.1IC Reports 01IC200IC201IC202IC242IC241IC240IC262IC260IC280IC246IC Reports 02IC20.1IC20.2IC11.6IC20.4IC21.1IC Setup RO 01IC11.2IC11.3IC11.1IC11.4IC11.5IC Setup RO 02ICTABLESInventoryIf you need to be more granular we can create classes based on the category list shown here.Categories: Setup, Processing, Analysis, Update Batch Job, Purge Batches, Reports, Interfaces, and Miscellaneous.
30Customize, Validate & Deploy You’re now ready for the final phase where we add special logic, tune function codes and get the users to do some testing.STEP 3Compare and tune form access rulesEvaluate and create conditional logicValidate User accessActivate Security 93Customize, Validate & Deploy
31Customize, Validate & Deploy OUTLIER REPORTThe Outliers report identifies any special function rules in LAUA that we may want to incorporate in the LS9 model.
32ANALYZE & TUNE Analyze & Tune One you tweak your function codes some additional time may be required to build special rules based on your organizations requirements, but your pretty much ready for testing.
33Security 9 Reports – Security Admin Reports You’ll have access to our security dashboard to evaluate any security settings while performing your test.
34Security 9 Reports – Security Admin Reports Our flexible user interface makes it simple to analyze your model.
35VALIDATE - SODYou can continue to use our segregation of duties module to check for any user violations in LS9.Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.
36Customize, Validate & Deploy SELF SERVICEWe’re just about done . If you need help with self-service we deliver a proven set of templates for ESS, MSS and RCQ.
37SERVICES Security Overview and Kickoff Software Installation Here is a quick overview of the services required to complete the project. We will do as much as you want or let you take the lead!Security Overview and KickoffSoftware InstallationTechnical SupportKinsey Project ManagerReport TrainingCreation of Security Classes and RolesSecurity Class and Rule AnalysisAssist with Data Element SecurityAssist with Conditional LogicProof of Concept WorkshopSecurity TestingSecurity TrainingGo Live Support
38You will have access to all of these products during the project. TOOLSYou will have access to all of these products during the project.Token ListenerSecurity BuilderSegregation of DutiesLAUA ReportingLS9 Dashboard
39These highlights are what make us different. Takes advantage of the knowledge already put into LAUA securityUtilizes actual form usage to fine tune security settingsRe-engineers LAUA to automatically build your LS9 security modelIncludes all Custom Forms created in your systemLeverages Lawson’s utilities for building LDAPTakes significantly less time than other methodsRequires less of your resourcesIt’s built around your business practicesThese highlights are what make us different.
40And as we like to think, it’s not about converting LAUA, it’s about building a better model! Guy HensonVP Business Developmentcell: