What Is a Landmark User?

A Landmark user is an entity set up on your Lawson system that allows a real person (or sometimes a system process) to be authenticated to Landmark applications and services. It is distinct from an operating system user, or user account set up on the machine where your Lawson system runs, and it is distinct from Lawson users that are set up for a Lawson System Foundation Environment.

To create a fully defined Landmark user, you must link together several components: actors, identities, and services. After you define a user, you provide them with access to services and applications by linking actors and security classes to roles. The users' access rights are then determined by the rules within the security classes.

Illustration: Identities, Actors, and Roles
  • Actors: An actor represents a user who can act upon a Landmark service. Actors can authenticate to a service if they have a set of credentials, called an identity, for that service. Actor data is stored in the GEN product line, and all data areas share the same actor data. Actors are created programmatically by the applications that require them
  • Agents: An agent is a unique subject within a specified application domain. For example, a Requester is an agent in the Buyer application. An actor could be a Requester when accessing the Buyer application, and an Employee when accessing the Human Resources system. In the case of self-provisioning actors, such as those created through the Candidate Space, such links are created programmatically. However, in other cases, such as when employees or recruiters are added, you must add the links. Agent data is stored in the data area the agent is associated with; each data area has its own agent data. An actor represents a user who can act upon a Landmark service.
  • Identities: An identity is a set of credentials that uniquely identifies a subject for a particular Landmark service. For example, a user name and a password may be sufficient to identify a subject for a service. An actor (or agent, in the case of data area specific applications) must have an identity for the service in order to access that service. An actor can have multiple identities, for example, one for the operating system and one for the Single Sign-On service.