1 / 33

Lawson M3 Function Security

Lawson M3 Function Security. Lawson Learning education@lawson.com. M3 Function Security by Authority. Agenda. SES003 Methodology Role-based Security Methodology Summarised Comparison. M3 Function Security by Authority. Function Security Options.

roddy
Download Presentation

Lawson M3 Function Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lawson M3 Function Security Lawson Learning education@lawson.com

  2. M3 Function Security by Authority Agenda • SES003 Methodology • Role-based Security Methodology • Summarised Comparison

  3. M3 Function Security by Authority Function Security Options From V13.1 of Lawson M3, two methods are provided through which security is managed on the function level: • 0 Authorities (SES003) • 1 Permissions (SES400) – Role-based Security The method to be used is determined by a new property in Movex.properties: app.pgm.CAUTCHK.mode

  4. M3 Function Security by Authority Function Security Using SES003 Function Authority User Full update capability CRS610 Display only CRS610 Disallowed CRS610

  5. M3 Function Security by Authority Using Groups with SES003 Function groups User groups A user cannot be in more than one group A function cannot be in more than one group A group cannot be in another group Exceptions allowed • Individual can be named in SES003 even if in a group, with a contradictory setting

  6. M3 Function Security by Authority Rules for Groups Group “ACCOUNTS” Correct Incorrect Incorrect User is member of two groups Group within a group

  7. Buying Buyer Purch Admin PurchMgr Finance Fin Funcs IT Admin Sys Admin M3 Function Security by Authority SES003 Security Mechanism – 4-Tier Model USER USER GROUP FUNCTION GROUP FUNCTION PPS170 PPS180 SES003 PPS200 PPS235 PPS280 APS100 ARS100 GLS047 MNS150 MNS204 MNS205

  8. M3 Function Security by Authority Function SES003, “Function. Connect authority” • SES003 entries can specify disallow as well as allow

  9. Buying Buyer Purch Admin PurchMgr Finance Fin Funcs IT Admin Sys Admin M3 Function Security by Authority SES003 Security Mechanism – 4-Tier Model USER USER GROUP FUNCTION GROUP FUNCTION PPS170 PPS180 PPS200 PPS235 PPS280 APS100 ARS100 DISALLOW GLS047 DISALLOW MNS150 MNS204 MNS205

  10. Basic Options Basic Options appear in many -but not all - Lawson M3 programs

  11. Basic Options can be secured in SES400 Option 1 - Create Option 2 - Change Option 3 - Copy Option 4 - Delete Option 5 - Display

  12. M3 Function Security by Authority Using SES003 to Secure Standard Options

  13. M3 Function Security by Authority Using SES003 to Secure Function Keys Function keys 1-24 can be controlled in SES003

  14. secure secure secure M3 Function Security by Authority SES003 Mechanism – Conceptual View Function Definitions MMS001 MMS002 MMS003 MMS004 MMS006 MMS010 MMS015 MMS020 MMS025 Company 100 Central division (division blank) SES003 entries Company 200 Central division (division blank) Company 300 Central division (division blank) secure secure Division A Division B Division A Division B Division A Division B Optionally lock some functions Make allowing or disallowing entries in SES003 Optionally leave some companies unsecured

  15. M3 Role-based Security

  16. M3 Function Security by Authority Function Security Options From V13.1 of Lawson M3, two methods are provided through which security is managed on the function level: • 0 Authorities (SES003) • 1 Permissions (SES400) – Role-based Security The method to be used is determined by a new property in Movex.properties: app.pgm.CAUTCHK.mode

  17. MMS006 MMS026 MMS025 MMS020 MMS015 MMS010 MMS006 MMS004 MMS003 MMS002 MMS001 M3 Role-based Security Function Access – The Need for Security • Function definition attribute Authority Required • determines whether the function is accessible • unchecked -Implicit Permission • the function is “unlocked” – open for access to users By default all functions are accessible to all users • no permissions set-up is required to enable access ------------------ Function definitions ------------------ • checked - Explicit Permission • the function is “locked” - closed to users unless they have permission All M3 function definitions are maintained by MNS110 • Checking the Authority Required box is the only way to deny access to a function

  18. Buyer PurchMgr M3 Role-based Security Roles • Roles • define a set of authorizations in M3 Business Engine • connect users to roles • each connection of user and role can have validity dates • for temporary cover during absence/vacation • a user can be connected to several roles at the same time

  19. Buyer PurchMgr Finance IT Admin M3 Role-based Security M3 Role-based Security Mechanism – 3-Tier Model ROLE USER FUNCTION SES400 PPS170 PPS180 PPS200 PPS235 PPS280 APS100 ARS100 GLS047 MNS150 MNS204 MNS205

  20. Basic Options Basic Options appear in many -but not all - Lawson M3 programs

  21. Basic Options can be secured in SES400 Option 1 - Create Option 2 - Change Option 3 - Copy Option 4 - Delete Option 5 - Display

  22. M3 Role-based Security SES400 Permissions Setup - example Specify the function/role combination, and a company/division Specify the basic & related options, and function keys permitted

  23. M3 Role-based Security The Rules of Permissions Setup Set-up enables control of permissions for • all Basic Options (option 1 – 9) • all Related Options (option 10 - 99) • all function keys (F1 – F24) If a user is connected toseveral roles with different permissions for a certain function, the least restrictive permission applies • user receives all authorities added together Each company/division has its own permissions settings • no dependency between companies/divisions

  24. M3 Role-based Security The Rules of Permissions Setup SES400 settings are passed to autostart job SES900 to process • SES400 settings are by function and role level • system expands roles to create individual user permissions • system expands functions that contain security-inheriting programs (see Program Inheritance) Permissions are automatically updated by the system, when necessary • deleting users • copying roles • maintaining roles membership • when role validity dates are passed Permissions can be viewed using SES401 • you see what the system sees during a security check

  25. Inquiry types: M3 Role-based Security Permissions. Display (SES401) • In the permissions display you can view the results of the setup

  26. M3 Role-based Security Permissions. Display (SES401) - Panel E • In the permissions display E panel you can view the detail for each program/user Displays all ‘possible’ options or function keys in an M3 BE program. (Options and function keys that do not exist in the actual program are, of course, obsolete in this panel)

  27. M3 Role-based Security Copying Roles in MNS405 • When copying a role, options exist to copy • connected users • connected permissions

  28. Peter MMS006 Marie MMS026 MMS025 MMS020 MMS015 PPS200 MMS006 MMS004 MMS003 PPS170 MMS006 MMS001 MMS001 GLS040 IT Admin M3 Role-based Security Forcing Automatic Creation of Permissions Permissions UserProgram Marie PPS170 Peter PPS170 Marie OIS326 Peter OIS326 Marie PPS171 Peter PPS171 Marie PPS172 Peter PPS172 Marie PPS173 Peter PPS173 PPS008 CRS340 PPS173 PPS172 Marie PPS200 Peter PPS200 Marie CRS340 Peter CRS340 Marie PPS008 Peter PPS008 PPS171 OIS326 Marie MMS025 Peter MMS025 Marie MMS026 Peter MMS026

  29. secure secure secure M3 Function Security by Authority Role-based Security Mechanism – Conceptual View Function Definitions MMS001 MMS002 MMS003 MMS004 MMS006 MMS010 MMS015 MMS020 MMS025 Company 100 Central division (division blank) SES400 entries Company 200 Central division (division blank) Company 300 Central division (division blank) secure secure secure secure secure secure Division A Division A Division A Division B Division B Division B Lock all functions Create permissions in SES400 All companies need permissions set up

  30. secure secure secure secure M3 Function Security by Authority Company/division Comparison SES003 Method Role-based Method Company 100 central division (division blank) Company 200 central division (division blank) SES400 entries SES003 entries Division A Division C Division A Division C Each company has its own policy Each division must have its own policy Divisions follow company policy if no entries of their own. E.g. Division C is secured. Divisions without SES400 entries are unsecured. E.g. Division C is unsecured.

  31. M3 Function Security by Authority Comparison between SES003 and Role-based Mechanisms * * * * * * * * * *

  32. Buyer PurchMgr Finance IT Support IT Admin M3 Role-based Security ROLE USER FUNCTION SES400 PPS170 MNS410 LL0101 PPS180 PPS200 PPS235 LL0102 PPS280 APS100 LL0103 ARS100 LL0104 GLS047 MNS150 MNS150 MNS204 MNS204 LL0105 M3SRVADM View only MNS205 MNS205 Plus all MNS and SES functions

More Related