400 likes | 542 Views
Simplify the move to Lawson Security 9. I ntroducing SECURITY MIGRATION. Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done soon!. Background
E N D
Simplify the move to Lawson Security 9 IntroducingSECURITY MIGRATION
Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done soon! • Background • LAUA Security Methodology • LS9 Security Methodology • Migration Process • Our Solution • Deliverables • Tips & Tricks Agenda
A little about us. Our Background • Founded by Dan and Brad Kinsey, K&K has provided software sales, implementations, support and development for over 29 years. • Lawson reseller and implementation partner since 1996 • Lawson Certified Systems Integrator Partner • Lawson Complementary Software Partner • Lawson’s “Go to” Reseller/Implementer for Public Sector • 2 time Partner of the Year • Focusing on the development of Lawson complementary software products
Let me provide a brief explanation of how LAUA security works. LAUA Security Methodology • LAUA security is a structured Silo model built by creating Security Classes that restrict access to specific System Codes, Forms, Function Codes and Tables. A major restriction of this model is that it fails to provide any ability to share security settings between Security Classes. And since users can only be attached to a single Security Class, a slightly different job requirement requires an entirely new Security Class.
LAUASilo Structure I call this the Silo effect. Nothing about your security is shared from one class to another making the model difficult to manage. IC Admin IC Clerk IC Assist IC Super IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC07.1 IC01.2 IC07.1 IC01.2 IC01.2 IC07.1 IC07.1 IC01.2 IC08.1 IC08.1 IC10.1 IC08.1 IC10.1 IC10.1 IC08.1 IC10.1 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC202 IC11.2 IC202 IC11.2 IC11.2 IC202 IC11.2 IC202 IC11.3 IC240 IC11.3 IC240 IC11.3 IC11.3 IC240 IC240 IC11.4 IC241 IC11.4 IC11.4 IC241 IC241 IC11.4 IC241 IC242 IC11.5 IC242 IC11.5 IC11.5 IC11.5 IC242 IC242 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC260 IC12.1 IC12.1 IC12.1 IC260 IC260 IC12.1 IC260 IC262 IC12.2 IC12.2 IC262 IC262 IC12.2 IC262 IC12.2 IC280 IC15.1 IC15.1 IC280 IC280 IC15.1 IC280 IC15.1 IC20.4 IC20.1 IC20.1 IC20.4 IC20.4 IC20.1 IC20.4 IC20.1 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2
LAUASilo Structure When you set up a new class full access is provide by default. You can then restrict access to systems, table, forms and functions. IC Admin IC Clerk IC Assist IC Super IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC07.1 IC01.2 IC07.1 IC01.2 IC01.2 IC07.1 IC07.1 IC01.2 IC08.1 IC08.1 IC10.1 IC08.1 IC10.1 IC10.1 IC08.1 IC10.1 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC202 IC11.2 IC202 IC11.2 IC11.2 IC202 IC11.2 IC202 IC11.3 IC240 IC11.3 IC240 IC11.3 IC11.3 IC240 IC240 IC11.4 IC241 IC11.4 IC11.4 IC241 IC241 IC11.4 IC241 IC242 IC11.5 IC242 IC11.5 IC11.5 IC11.5 IC242 IC242 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC260 IC12.1 IC12.1 IC12.1 IC260 IC260 IC12.1 IC260 IC262 IC12.2 IC12.2 IC262 IC262 IC12.2 IC262 IC12.2 IC280 IC15.1 IC15.1 IC280 IC280 IC15.1 IC280 IC15.1 IC20.4 IC20.1 IC20.1 IC20.4 IC20.4 IC20.1 IC20.4 IC20.1 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2
LAUASilo Structure A slightly different role requires you to set up a new class. In this example black represents full access, red is no access, and blue is inquiry only. IC Admin IC Clerk IC Assist IC Super IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 IC07.1 IC01.2 IC07.1 IC01.2 IC01.2 IC07.1 IC07.1 IC01.2 IC08.1 IC08.1 IC10.1 IC08.1 IC10.1 IC10.1 IC08.1 IC10.1 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC200 IC10.2 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC202 IC11.2 IC202 IC11.2 IC11.2 IC202 IC11.2 IC202 IC11.3 IC240 IC11.3 IC240 IC11.3 IC11.3 IC240 IC240 IC11.4 IC241 IC11.4 IC11.4 IC241 IC241 IC11.4 IC241 IC242 IC11.5 IC242 IC11.5 IC11.5 IC11.5 IC242 IC242 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC260 IC12.1 IC12.1 IC12.1 IC260 IC260 IC12.1 IC260 IC262 IC12.2 IC12.2 IC262 IC262 IC12.2 IC262 IC12.2 IC280 IC15.1 IC15.1 IC280 IC280 IC15.1 IC280 IC15.1 IC20.4 IC20.1 IC20.1 IC20.4 IC20.4 IC20.1 IC20.4 IC20.1 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2
Lawson adopted a new methodology with Security 9 LS9 Security Methodology • Lawson has changed the security model to follow a role based structure. In this model Security Classes are created to group a series of forms together to accomplish a specific task. (i.e. IC Setup). These Security Classes (tasks) are then assigned to Roles within the organization (i.e. Inventory Manager). Security Classes can be shared between multiple roles and users can be assigned to more than one role in the organization.
LS9 Structure This example reflects the same security access as the LAUA graphic only now organized by Role and Task. Some major differences are listed below. IC Clerk IC Admin IC Assist IC Super Inventory05 Inventory02 Inventory04 Inventory03 Inventory01 IC12.1 IC10.1 IC11.6 IC11.1 IC240 IC246 IC01.1 IC08.1 IC12.2 IC10.2 IC20.1 IC11.2 IC241 IC260 IC200 IC01.2 IC20.2 IC15.1 IC11.3 IC11.1 IC242 IC262 IC201 IC06.1 IC20.4 IC11.4 IC20.4 IC11.2 IC280 IC07.1 IC202 IC21.1 IC11.5 IC21.1 IC11.3 IC20.2 IC11.4 IC20.1 IC11.5 IC11.6 • No User access is provided by default • Security Classes (Tasks) grant specific Form, Function Code and Table access • Conditional Logic can be addedat any level • Objects are shared between Roles and Users • Multiple Roles can be assigned to a User
Complementing Lawson Solutions So what are our customers’ biggest concerns? Accuracy Resources Cost Time
BUILDING LS9 At a high level these are the steps you need complete when setting up Security 9. Click to see what our utility can do for you automatically! • Define your organization’s Roles(AP Manager, AP Clerk) • Define a list of operational tasks (AP Invoice Entry, Check Processing) • Assign form names to each Task (over 6000 forms) • Assign table names to each Task • Determine access Rulesfor each form (ACDINP+-) • Build your Task (Security Classes) • Build your Roles • Determine which forms each user needs to access for proper class assignments • Assign your Task (Security Classes) to your Roles • Assign your Roles to your Users • Implement form Rules • Build conditional logic • Perform positive and negative Testing
BUILDING LS9 Your Roles, Security Classes and User assignments are created automatically ! You’re well on you way to building a new model! • Define your organization’s Roles(AP Manager, AP Clerk) • Define a list of operational tasks (AP Invoice Entry, Check Processing) • Assign form names to each Task (over 6000 forms) • Assign table names to each Task • Determine access Rulesfor each form (ACDINP+-) • Build your Task (Security Classes) • Build your Roles • Determine which forms each user needs to access for proper class assignments • Assign your Task (Security Classes) to your Roles • Assign your Roles to your Users • Implement form Rules • Build conditional logic • Perform positive and negative Testing
So what’s the challenge? Well, how about these thoughts…. • Identifyingand Validatingthe forms a User needs to access • Organizingover 6,000 forms and tables into Security Classes • Properly restricting function code access for each form • Building conditional Logic • Creating and assigning Roles to users • VerifyingUser security
Our 3 Step Approach 2 3 1 Customize, Validate & Deploy Build & Load Analyze & Tune Let’s explore our 3 step approach….
Our process is based on analyzing and tuning LAUA before we build LS9. Let me explain how these 3 steps help us with that challenge. STEP 1 - TUNE 1 • Use our Listenerto find the forms that are being accessed • Analyze LAUA using our SOD violation report • Identity common access points between Security Classes to eliminate redundant classes Analyze & Tune
Over a period of a few weeks we track all form activity for each user. LISTEN IC Admin IC Clerk IC Assist IC Super Analyze & Tune Lawson Database Lawson Applications Listener Application Listener Database Our Listener application will collect information on who, when and how every form has been used.
LISTEN We then analyze this data in many different fashions using pivot tables. Analyze & Tune • Use the Listener Pivot tables to analyze actual usage by Security Class/Form, User/Form, User/System Code, or System Code/Security Class
TOKENS NOT USED The listener results are then compared to your LAUA security settings. You can change LAUA straight from Excel. Analyze & Tune • The Tokens Not Used report compares your actual usage to your security settings. For tokens not being used simply drag and drop the word ‘DENY’ in any cell to change LAUA security.
ANALYZE - SOD The next step involves using our segregation of duties module to look for potential problems in LAUA. Analyze & Tune Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.
ANALYZE - SOD Our 192 policies use over 2000 rules to make sure you have implemented the proper checks and balances. Analyze & Tune
ANALYZE - SOD You can now use this report to change LAUA and prevent future violations in LS9. Analyze & Tune
ANALYZE - REPORT Next we want to check for redundant classes. This comparison graph highlights where we might have similar LAUA classes. Analyze & Tune • The LAUA Class Comparison Graph helps identify the security classes that may be similar.
ANALYZE Our LAUA reporting allows you to review exactly how your security is defined. Analyze & Tune Using the LAUA Security Report allows you to evaluate specific security class settings and differences. This report includes security settings for forms, tables, conditional logic, data security and user profiles.
ANALYZE Security classes are lined up side by side allowing you to easily see any differences. Analyze & Tune
ANALYZE & TUNE So now that we have tuned LAUA based on actual usage, segregation of duty violations and redundant classes let’s move on the Step 2. Analyze & Tune
Our utility will do these steps for you automatically! STEP 2 - BUILD 2 • Conversion Utility • Create Security Classes • Create Roles • Assign Security Classes to Roles • Assign Roles to the appropriate Users • Create LS9 profile using Lawson’s load utilities Build & Load
LS9 Structure Let’s go back to the original LAUA diagram. By identifying common access for each system code across all security classes we can create unique task. Click to see how. IC Admin IC Clerk IC Assist IC Super Inventory05 Inventory02 Inventory04 Inventory03 IC06.1 IC01.1 IC06.1 IC01.1 IC06.1 IC01.1 Inventory01 IC06.1 IC01.1 IC07.1 IC01.2 IC07.1 IC01.2 IC01.2 IC07.1 IC07.1 IC01.2 IC12.1 IC10.1 IC11.6 IC11.1 IC240 IC246 IC01.1 IC08.1 IC08.1 IC08.1 IC10.1 IC08.1 IC10.1 IC10.1 IC08.1 IC10.1 IC12.2 IC10.2 IC20.1 IC11.2 IC260 IC241 IC200 IC01.2 IC200 IC10.2 IC20.2 IC200 IC10.2 IC200 IC15.1 IC10.2 IC11.3 IC11.1 IC200 IC10.2 IC242 IC262 IC201 IC06.1 IC20.4 IC11.4 IC201 IC20.4 IC11.2 IC11.1 IC280 IC201 IC11.1 IC201 IC11.1 IC201 IC11.1 IC07.1 IC202 IC21.1 IC11.5 IC21.1 IC11.3 IC202 IC11.2 IC202 IC11.2 IC11.2 IC202 IC11.2 IC202 IC20.2 IC11.4 IC11.3 IC240 IC11.3 IC240 IC11.3 IC11.3 IC240 IC240 IC20.1 IC11.5 IC11.4 IC241 IC11.4 IC11.4 IC241 IC241 IC11.4 IC241 IC11.6 IC242 IC11.5 IC242 IC11.5 IC11.5 IC11.5 IC242 IC242 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC11.6 IC246 IC260 IC12.1 IC12.1 IC12.1 IC260 IC260 IC12.1 IC260 IC262 IC12.2 IC12.2 IC262 IC262 IC12.2 IC262 IC12.2 IC280 IC15.1 IC15.1 IC280 IC280 IC15.1 IC280 IC15.1 IC20.4 IC20.1 IC20.1 IC20.4 IC20.4 IC20.1 IC20.4 IC20.1 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2 IC21.1 IC20.2 The utility identifies common access between Security Classes and creates an LS9 task.
LS9 Structure Roles IC Clerk IC Admin IC Assist IC Tables IC Super Inventory05 Inventory02 Inventory Inventory04 Inventory03 Inventory01 IC12.1 IC10.1 IC11.6 IC11.1 IC240 IC246 IC01.1 IC08.1 IC12.2 IC10.2 IC20.1 IC11.2 IC241 IC260 IC200 IC01.2 IC20.2 IC15.1 IC11.3 IC11.1 IC242 IC262 ICTABLES IC201 IC06.1 IC20.4 IC11.4 IC20.4 IC11.2 IC280 IC07.1 IC202 IC21.1 IC11.5 IC21.1 IC11.3 IC20.2 IC11.4 Your old security classes become Roles, the class are built automatically and we make the proper connections including tables. IC20.1 IC11.5 IC11.6
LS9 Structure Roles IC Clerk IC Admin IC Assist IC Tables IC Super IC Setup 02 IC Reports 01 IC Reports 02 IC Setup RO 01 IC Setup 01 IC Setup RO 02 Inventory IC01.1 IC08.1 IC200 IC240 IC246 IC12.1 IC10.1 IC11.6 IC11.1 IC241 IC260 IC01.2 IC201 IC07.1 IC12.2 IC10.2 IC20.1 IC11.2 IC242 IC262 IC06.1 IC20.2 IC202 IC15.1 IC11.3 IC11.1 ICTABLES IC280 IC20.4 IC11.4 IC20.4 IC11.2 IC21.1 If you need to be more granular we can create classes based on the category list shown here. IC11.5 IC21.1 IC11.3 IC20.2 IC11.4 IC20.1 IC11.5 IC11.6 Categories: Setup, Processing, Analysis, Update Batch Job, Purge Batches, Reports, Interfaces, and Miscellaneous.
You’re now ready for the final phase where we add special logic, tune function codes and get the users to do some testing. STEP 3 3 • Compare and tune form access rules • Evaluate and create conditional logic • ValidateUser access • Activate Security 9 Customize, Validate & Deploy
OUTLIER REPORT The Outliers report identifies any special function rules in LAUA that we may want to incorporate in the LS9 model. Customize, Validate & Deploy
ANALYZE & TUNE One you tweak your function codes some additional time may be required to build special rules based on your organizations requirements, but your pretty much ready for testing. Analyze & Tune
Security 9 Reports – Security Admin Reports You’ll have access to our security dashboard to evaluate any security settings while performing your test.
Security 9 Reports – Security Admin Reports Our flexible user interface makes it simple to analyze your model.
VALIDATE - SOD You can continue to use our segregation of duties module to check for any user violations in LS9. Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.
SELF SERVICE We’re just about done . If you need help with self-service we deliver a proven set of templates for ESS, MSS and RCQ. Customize, Validate & Deploy
SERVICES Here is a quick overview of the services required to complete the project. We will do as much as you want or let you take the lead! • Security Overview and Kickoff • Software Installation • Technical Support • Kinsey Project Manager • Report Training • Creation of Security Classes and Roles • Security Class and Rule Analysis • Assist with Data Element Security • Assist with Conditional Logic • Proof of Concept Workshop • Security Testing • Security Training • Go Live Support
TOOLS You will have access to all of these products during the project. • Token Listener • Security Builder • Segregation of Duties • LAUA Reporting • LS9 Dashboard
HIGHLIGHTS • Takes advantage of the knowledgealready put into LAUA security • Utilizesactual form usage to fine tune security settings • Re-engineers LAUA to automatically build your LS9 security model • Includes all Custom Forms created in your system • LeveragesLawson’s utilities for building LDAP • Takes significantly less timethan other methods • Requires less of your resources • It’s built around your business practices These highlights are what make us different.
And as we like to think, it’s not about converting LAUA, it’s about building a better model! Guy Henson VP Business Development cell: 757-621-8236 g.henson@kinsey.com www.kinsey.com