Data control security: company, groups, and dimensions
You must configure these components to enable security for company, groups, and dimensions:
- Security groups or business group security: Security groups are configured
to detail the data elements you want to secure and the actors you want to be able to access
the data. Caution:You must link actors to these security groups as part of their configuration in order to secure the data. Actors who are not linked to security groups can access all data.
- Optionally, conditional rules for business classes: Predefined security rules are delivered as part of security classes associated to all pertinent business classes. When you configure security groups, these delivered security rules are made available. You can also use these rules as templates to create custom security classes with conditional rules.
Personnel performing these configurations must possess an understanding of global ledger configuration, especially companies, groups, and dimensions.
Helpful terms
| Term | Description |
|---|---|
| Security group type | Collection of security groups that define security access to the same type of data. For example, accounting unit. Each security group type is represented by a menu item in the menu. |
| Security group | A group that defines the specific data that can be accessed by specific users. For example, a finance dimension security group specifies the specific structure and dimension levels to which users have access. The specific users are also defined in the security group. |
| Business group security | Security groups are not created for business groups. Vendor business groups and customer business groups are managed in global ledger, and then actors are added to a single vendor or customer business group in . |
| Group members | For each group type, members define the specific data elements to which users
have access. For example, the members of a project security group are the projects
to which users of the security group have access. Some security groups do not have members because they are based on global ledger groups, where members are defined. For example, an accounting entity security group does not have accounting entity members because it is linked to a global ledger accounting entity group. The global ledger accounting entity group has members that are accounting entities. The accounting entities that are members of the global ledger group are the data elements to which users of the associated security group have access. |
| Actor context | Actor context values are user attributes that can be used for authorization and application defaulting purposes. For security groups, an actor context record must be created to designate the user is part of the security group. |
| Security class | Security classes provide security for numerous securable objects. For example, business classes. Security groups are included in the security definition for applicable business classes in the associated security classes. For example, a security class that specifies security access for a business class related to chart of account may include a condition for Chart of Account Security Groups. |
| Security rules and conditions | Security rules are the LPL code in a security class that defines access to the securable object. Some security classes use conditions that reference security groups. For example, a security rule can include a condition that grants access only if the actor is included in an applicable security group. |
For information about Infor Landmark Technology security and actor context, see Infor Landmark Technology User Setup and Security.