Role Domains

Role domains are the types of roles available in the Lawson Grid. The domains differ in what they apply to, ranging from global roles to application-specific roles. When you configure security and role mappings, it is important to keep track of the different role domains and what the purposes of the different role domains are.

Note: 

Roles in the grid are not related to the security roles in Landmark that are part of the set up to control users' access to the Landmark Environment and applications such as Infor HR Talent. For more information on those, see the Infor Landmark Technology User Setup and Security Guide.

In the Lawson Grid, there are three role domains to consider:

  • Session provider defined roles

  • Grid application defined roles

  • Global Lawson Grid defined roles

Session Provider Defined Roles

The DSSOSessionProvider installed with Landmark provides three general roles. Users included in each of these roles will have different access privileges in regard to administering the DSSOSessionProvider.

  • DSSOSessionProvider/app-admin

  • DSSOSessionProvider/app-poweruser

  • DSSOSessionProvider/app-user

Grid Application Defined Roles

Grid application defined roles are roles that are defined by each grid application. The Lawson Grid gives each grid application the following implicit roles:

  • applicationName/app-admin

  • applicationName/app-poweruser

  • applicationName/app-user

Note: 

The implicit application roles are used by the generic APIs of the Lawson Grid. For example, users who are mapped to the role grid-admin may start or stop any application from the Management UI, but if a user isn’t mapped to grid-admin, he may still start and stop a particular application if he is mapped to that application’s applicationName/app-admin role.

An application developer may define more roles that are relevant for that application in addition to the roles mentioned above. For example, the developer may define a database administrator or a reviewer role.

When designing a grid application, the developer may associate functions in the different application APIs relative to those grid application defined roles. For example, if the application has a feature that will perform a backup of the database (belonging to the application), the developer may assign a subset of the available application defined roles to that feature. The subset of roles from the example above could be:

  • Database-admin

  • applicationName/app-admin

  • grid-admin

If the backup feature of the application is designed with the set of roles above, then authenticated users who belong (are mapped to) any of the application defined roles in this set would be allowed to perform the action. So, users who are mapped to Database-admin will be able to perform the action, but also users who are mapped to applicationName/app-admin or grid-admin will be able to perform the action.

Global Lawson Grid Defined Roles

There are also some roles belonging to the Lawson Grid itself. These can be viewed as application defined roles where the application in this case is the Lawson Grid itself.

The Lawson Grid defines the following roles

  • grid-admin

  • grid-poweruser

  • grid-user