User security maintenance overview

• Never turn off security. If you do, all encrypted data will be stored and visible in an unencrypted condition.
• Do not run security when all of the roles are set to all access. This is the same as running without security on.
• Before a new user can sign in for the first time, you must finish assigning appropriate roles to the user. If you are assigning a new role to an existing user, clear the cache before the user signs in again.
• Security roles delivered with the application that have _ST appended to the name, for example, AppAdminRole_ST are system roles that must not be changed. If you cannot use a delivered role as-is, copy the system role, assign a new name, and make updates to your version of the role.

Use the Configuration Console as described in the Landmark User Setup and Security Guide to:

• Add a role for the current OS user or other OS users that you want to become security administrators. Otherwise known as GEN administrators.
• Create security roles
• Assign security classes to roles
• Create, or provision, actors
• Assign actors to roles, including to the security administrator role
• Create ActorContext records for the actors as recommended for Infor HR Talent access
• Set up a user record that will be used by the job queue server to access Infor applications. Provision the user record in Landmark. Grant RMI Security Manager permissions to the job queue. Assign ProcessSchedulingAllAccess security class to Infor HR Talent administrators who schedule tasks and purges.
• Enable process rules in GEN
• Create and activate an Account Lockout Policy and a Password Reset Policy for the service.

  Alternatively, you can reference another service's policies.

• We recommend that you turn on security and do not implement with the AllAccess setting. It is assumed by Infor HR Talent documentation that your security settings follows this recommendation.