Overview of security

Create new roles from scratch by creating new business classes or linking existing ones. Most customers create their roles from templates.

Security components

Securing Financials & Supply Management is achieved using these components:

Component Description
Infor OS The system of record. Users must exist on the system.
Infor Security: Used to maintain Infor Lawson user role.
User BODs Used to synchronize user information for Infor OS and Infor FSM systems.
EPM Platform FSM (MT), or Supply Chain Analytics (ST) and (OP) Provides user provisioning for Infor EPM Platform components so that EPM Platform product users interface seamlessly through all components.

Glossary of terms

This table contains definitions for common security terms. For background information, including architecture diagrams for Infor Landmark, see the Landmark User Setup and Security guide.

Term Definition
Actor A unique ID of anyone using any part of the system, including Landmark Technology. See user.
Authentication Authentication occurs when actors present their sign in credentials to a system.
authorization The set of rules and roles that determines specific access for a system and associated data. These authorization rules and roles provide security access. For example, a user can have access to a solution to update their personal data, but cannot access other users' information.
context property and actor context record A context property is a key field that the actor context record is defined against.

A context record is a filter that determines the information that is displayed. A context record is assigned to an actor to form an actor context record.

When you add a new user, assign a context property value. Typically, the properties are created as part of initial system setup.
FSM This guide occasionally uses the acronym FSM to refer to the Financials & Supply Management product.
HCM HCM is the acronym for Human Capital Management, a product that some customers use in conjunction with Financials & Supply Management.
Note: You may see the acronym GHR in examples of naming conventions and URLs. GHR is an acronym for Global Human Resources, a component of HCM. Some instructions in this document are performed using the GHR application. In those situations, GHR is specified.
Security roles A group of tasks, or security classes that determine user access. A role is determined by the specific tasks of security roles for specific jobs. For example, the PO_Signoff role includes all security classes that are required to sign-off on purchase orders. Roles are assigned to users at your site who is responsible for that task.

You can use a set of templates that contain user roles and assigned security classes.

Note: Security roles are also used in Analytics. These roles are maintained using the Infor EPM Platform Administration console. We recommend that you use the same roles on each system.
Security classes The rules for user access. A rule is written against a specific business class that is required to perform a specific job. Security classes are assigned to roles and roles are assigned to users.

To ensure that individuals have correct access, classes are flexible. For example, one class can be used for access to view a specific report. Another class can be used for access to update data that is included in a report. The view report class is a read-only class. Users who add and update data are assigned an all access class.
Single sign on (SSO) An authentication scheme so that users of multiple Infor systems can sign in one time for access to all products.
User A resource who is assigned the access rights and credentials to perform their tasks in an Infor solution. See actor.

Advanced security topics

These security configuration methods are less common and more complex. They are not used in this guide. For details about how to perform these configurations, see Landmark User Setup and Security.

Security technique Description/reason to perform
Creating security administrators Adding users who have super-user access rights.
Configuring login pages You can customize a sign in page for your site.
Setting up and administering user proxies Determine if users can designate another user to act for them in their absence.
Administering password policies Authentication mechanisms should always require sufficiently complex passwords. Consider these requirements when creating a password policy:
  • Require a minimum of eight characters
  • Require alphanumeric characters
  • Require a mix of uppercase and lowercase characters
  • Do not allow passwords that contain the user name
  • Do not allow passwords that contain three or more identical characters in a row. For example, aaa or 111.
  • Do not allow passwords that contain three or more consecutive characters. For example, abc or 123.
Making domain-wide configuration changes For example, adding a new domain.
Configuring vulnerability mitigation Information about configuring tools for preventing attacks to web-based products. This includes tools for preventing XSS scripting attacks and configuring session validation.
Using command-line tools for administering Landmark, including Infor Security An overview of the basic administration tools, including command-line tools, and how to use them.