Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION.

Similar presentations


Presentation on theme: "Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION."— Presentation transcript:

1 Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION

2 Agenda » Background » LAUA Security Methodology » LS9 Security Methodology » Migration Process » Our Solution » Deliverables » Tips & Tricks Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done soon!

3 Founded by Dan and Brad Kinsey, K&K has provided software sales, implementations, support and development for over 29 years. Lawson reseller and implementation partner since 1996 Lawson Certified Systems Integrator Partner Lawson Complementary Software Partner Lawsons Go to Reseller/Implementer for Public Sector 2 time Partner of the Year Focusing on the development of Lawson complementary software products Our Background A little about us.

4 LAUA Security Methodology LAUA security is a structured Silo model built by creating Security Classes that restrict access to specific System Codes, Forms, Function Codes and Tables. A major restriction of this model is that it fails to provide any ability to share security settings between Security Classes. And since users can only be attached to a single Security Class, a slightly different job requirement requires an entirely new Security Class. Let me provide a brief explanation of how LAUA security works.

5 LAUA Silo Structure IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Clerk IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Assist IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Super IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Admin I call this the Silo effect. Nothing about your security is shared from one class to another making the model difficult to manage.

6 LAUA Silo Structure IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Clerk IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Assist IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Super IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Admin When you set up a new class full access is provide by default. You can then restrict access to systems, table, forms and functions.

7 LAUA Silo Structure IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Clerk IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Assist IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Super IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC Admin A slightly different role requires you to set up a new class. In this example black represents full access, red is no access, and blue is inquiry only.

8 LS9 Security Methodology Lawson has changed the security model to follow a role based structure. In this model Security Classes are created to group a series of forms together to accomplish a specific task. (i.e. IC Setup). These Security Classes (tasks) are then assigned to Roles within the organization (i.e. Inventory Manager). Security Classes can be shared between multiple roles and users can be assigned to more than one role in the organization. Lawson adopted a new methodology with Security 9

9 LS9 Structure IC Admin IC Super IC Clerk IC Assist Inventory02 IC10.2 IC11.1 IC10.1 IC11.2 IC11.3 IC11.6 IC12.2 IC15.1 IC12.1 IC20.1 IC20.2 IC20.4 IC21.1 IC11.4 IC11.5 IC242 IC241 IC240 IC262 IC260 IC280 IC246 Inventory01 IC20.1 IC20.2 IC11.6 IC20.4 IC21.1 Inventory05 IC11.2 IC11.3 IC11.1 IC11.4 IC11.5 Inventory04 No User access is provided by default Security Classes (Tasks) grant specific Form, Function Code and Table access Conditional Logic can be added at any level Objects are shared between Roles and Users Multiple Roles can be assigned to a User This example reflects the same security access as the LAUA graphic only now organized by Role and Task. Some major differences are listed below. IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 Inventory03

10 Accuracy Resources Cost Time Complementing Lawson Solutions So what are our customers biggest concerns?

11 » Define your organizations Roles (AP Manager, AP Clerk) » Define a list of operational tasks (AP Invoice Entry, Check Processing) » Assign form names to each Task (over 6000 forms) » Assign table names to each Task » Determine access Rules for each form (ACDINP+-) » Build your Task (Security Classes) » Build your Roles » Determine which forms each user needs to access for proper class assignments » Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users » Implement form Rules » Build conditional logic » Perform positive and negative Testing BUILDING LS9 At a high level these are the steps you need complete when setting up Security 9. Click to see what our utility can do for you automatically!

12 » Define your organizations Roles (AP Manager, AP Clerk) » Define a list of operational tasks (AP Invoice Entry, Check Processing) » Assign form names to each Task (over 6000 forms) » Assign table names to each Task » Determine access Rules for each form (ACDINP+-) » Build your Task (Security Classes) » Build your Roles » Determine which forms each user needs to access for proper class assignments » Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users » Implement form Rules » Build conditional logic » Perform positive and negative Testing BUILDING LS9 Your Roles, Security Classes and User assignments are created automatically ! Youre well on you way to building a new model!

13 Identifying and Validating the forms a User needs to access Organizing over 6,000 forms and tables into Security Classes Properly restricting function code access for each form Building conditional Logic Creating and assigning Roles to users Verifying User security So whats the challenge? Well, how about these thoughts….

14 Our 3 Step Approach 2 Build & Load 1 Analyze & Tune 3 Customize, Validate & Deploy Lets explore our 3 step approach….

15 » Use our Listener to find the forms that are being accessed » Analyze LAUA using our SOD violation report » Identity common access points between Security Classes to eliminate redundant classes STEP 1 - TUNE 1 Analyze & Tune Our process is based on analyzing and tuning LAUA before we build LS9. Let me explain how these 3 steps help us with that challenge.

16 LISTEN IC Clerk IC Assist IC Super IC Admin Lawson Applications Listener Application Lawson Database Listener Database Analyze & Tune Our Listener application will collect information on who, when and how every form has been used. Over a period of a few weeks we track all form activity for each user.

17 Use the Listener Pivot tables to analyze actual usage by Security Class/Form, User/Form, User/System Code, or System Code/Security Class Analyze & Tune LISTEN We then analyze this data in many different fashions using pivot tables.

18 The Tokens Not Used report compares your actual usage to your security settings. For tokens not being used simply drag and drop the word DENY in any cell to change LAUA security. Analyze & Tune TOKENS NOT USED The listener results are then compared to your LAUA security settings. You can change LAUA straight from Excel.

19 ANALYZE - SOD Analyze & Tune Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals. The next step involves using our segregation of duties module to look for potential problems in LAUA.

20 ANALYZE - SOD Analyze & Tune Our 192 policies use over 2000 rules to make sure you have implemented the proper checks and balances.

21 ANALYZE - SOD Analyze & Tune You can now use this report to change LAUA and prevent future violations in LS9.

22 The LAUA Class Comparison Graph helps identify the security classes that may be similar. ANALYZE - REPORT Analyze & Tune Next we want to check for redundant classes. This comparison graph highlights where we might have similar LAUA classes.

23 Using the LAUA Security Report allows you to evaluate specific security class settings and differences. This report includes security settings for forms, tables, conditional logic, data security and user profiles. ANALYZE Analyze & Tune Our LAUA reporting allows you to review exactly how your security is defined.

24 ANALYZE Analyze & Tune Security classes are lined up side by side allowing you to easily see any differences.

25 ANALYZE & TUNE Analyze & Tune So now that we have tuned LAUA based on actual usage, segregation of duty violations and redundant classes lets move on the Step 2.

26 Conversion Utility » Create Security Classes » Create Roles » Assign Security Classes to Roles » Assign Roles to the appropriate Users » Create LS9 profile using Lawsons load utilities STEP 2 - BUILD 2 Build & Load Our utility will do these steps for you automatically!

27 LS9 Structure IC11.6 IC20.1 IC20.2 IC20.4 IC21.1 IC11.1 IC11.2 IC11.3 IC11.5 IC11.4 IC11.1 IC11.2 IC11.3 IC11.5 IC11.4 IC10.1 IC10.2 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC12.2 IC15.1 IC12.1 IC10.1 IC10.2 IC240 IC241 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC12.2 IC15.1 IC12.1 IC246 IC260 IC242 IC262 IC11.6 IC280 IC20.1 IC20.2 IC20.4 IC21.1 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 IC240 IC241 IC246 IC260 IC242 IC262 IC280 IC240 IC241 IC246 IC260 IC242 IC262 IC280 IC240 IC241 IC246 IC260 IC242 IC262 IC280 IC10.1 IC10.2 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC11.6 IC20.1 IC20.2 IC20.4 IC21.1 IC10.1 IC10.2 IC11.1 IC11.2 IC11.3 IC11.5 IC12.2 IC15.1 IC11.4 IC12.1 IC11.6 IC20.1 IC20.2 IC20.4 IC21.1 IC Clerk IC Assist IC Super IC Admin IC242 IC241 IC240 IC262 IC260 IC280 IC246 Inventory01 Inventory02 IC10.2 IC11.1 IC10.1 IC11.2 IC11.3 IC11.6 IC12.2 IC15.1 IC12.1 IC20.1 IC20.2 IC20.4 IC21.1 IC11.4 IC11.5 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 Inventory03 IC11.2 IC11.3 IC11.1 IC11.4 IC11.5 Inventory04 IC20.1 IC20.2 IC11.6 IC20.4 IC21.1 Inventory05 The utility identifies common access between Security Classes and creates an LS9 task. Lets go back to the original LAUA diagram. By identifying common access for each system code across all security classes we can create unique task. Click to see how.

28 LS9 Structure IC Admin IC Super IC Clerk IC Assist Inventory02 IC10.2 IC11.1 IC10.1 IC11.2 IC11.3 IC11.6 IC12.2 IC15.1 IC12.1 IC20.1 IC20.2 IC20.4 IC21.1 IC11.4 IC11.5 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC200 IC201 IC202 Inventory03 IC242 IC241 IC240 IC262 IC260 IC280 IC246 Inventory01 IC20.1 IC20.2 IC11.6 IC20.4 IC21.1 Inventory05 IC11.2 IC11.3 IC11.1 IC11.4 IC11.5 Inventory04 Roles ICTABLES Inventory IC Tables Your old security classes become Roles, the class are built automatically and we make the proper connections including tables.

29 LS9 Structure IC Admin IC Super IC Clerk IC Assist Roles ICTABLES Inventory IC Tables IC Setup 01 IC10.2 IC11.1 IC10.1 IC11.2 IC11.3 IC11.6 IC12.2 IC15.1 IC12.1 IC20.1 IC20.2 IC20.4 IC21.1 IC11.4 IC11.5 IC Setup 02 IC01.1 IC01.2 IC06.1 IC07.1 IC08.1 IC Reports 01 IC200 IC201 IC202 IC242 IC241 IC240 IC262 IC260 IC280 IC246 IC Reports 02 IC20.1 IC20.2 IC11.6 IC20.4 IC21.1 IC Setup RO 01 IC11.2 IC11.3 IC11.1 IC11.4 IC11.5 IC Setup RO 02 Categories: Setup, Processing, Analysis, Update Batch Job, Purge Batches, Reports, Interfaces, and Miscellaneous. If you need to be more granular we can create classes based on the category list shown here.

30 » Compare and tune form access rules » Evaluate and create conditional logic » Validate User access » Activate Security 9 STEP 3 3 Customize, Validate & Deploy Youre now ready for the final phase where we add special logic, tune function codes and get the users to do some testing.

31 OUTLIER REPORT Customize, Validate & Deploy The Outliers report identifies any special function rules in LAUA that we may want to incorporate in the LS9 model.

32 ANALYZE & TUNE Analyze & Tune One you tweak your function codes some additional time may be required to build special rules based on your organizations requirements, but your pretty much ready for testing.

33 Security 9 Reports – Security Admin Reports Youll have access to our security dashboard to evaluate any security settings while performing your test.

34 Security 9 Reports – Security Admin Reports Our flexible user interface makes it simple to analyze your model.

35 VALIDATE - SOD Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals. You can continue to use our segregation of duties module to check for any user violations in LS9.

36 SELF SERVICE Customize, Validate & Deploy Were just about done. If you need help with self-service we deliver a proven set of templates for ESS, MSS and RCQ.

37 » Security Overview and Kickoff » Software Installation » Technical Support » Kinsey Project Manager » Report Training » Creation of Security Classes and Roles » Security Class and Rule Analysis » Assist with Data Element Security » Assist with Conditional Logic » Proof of Concept Workshop » Security Testing » Security Training » Go Live Support SERVICES Here is a quick overview of the services required to complete the project. We will do as much as you want or let you take the lead!

38 » Token Listener » Security Builder » Segregation of Duties » LAUA Reporting » LS9 Dashboard TOOLS You will have access to all of these products during the project.

39 HIGHLIGHTS » Takes advantage of the knowledge already put into LAUA security » Utilizes actual form usage to fine tune security settings » Re-engineers LAUA to automatically build your LS9 security model » Includes all Custom Forms created in your system » Leverages Lawsons utilities for building LDAP » Takes significantly less time than other methods » Requires less of your resources » Its built around your business practices These highlights are what make us different.

40 Guy Henson VP Business Development cell: And as we like to think, its not about converting LAUA, its about building a better model!


Download ppt "Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION."

Similar presentations


Ads by Google