Landmark Security Introduction
Landmark security provides features for authentication and authorization. Authentication refers to control over which users can log in and how they can log in. Authorization refers to control over each user's access after he or she has logged in.
Authentication
In the simplest scenario for authentication, you can have all authentication performed by the SSOPV2 Single Sign-On service. If your business needs are more complex, you may want to configure database and application services. For example, you can configure your database server so that each user who accesses the database must have his or her own identity for that access, or you can set up the database service so that all access goes through a special privileged identity.
You can also set up SSO domains. Each SSO domain will have its own primary service (that is, one that provides login functionality). Thus, different domains can have different login services—for example, SSOPV2 in one case and an application service such as Candidate Space in another.
For any service, you can set up and assign security policies to control how users log in, when users get locked out of their account, what rules control password creation, and what rules apply to resetting passwords. For example, you may want stricter policies for some applications, and less strict for others.
Authorization
Authorization rules are contained in security classes. Lawson delivers predefined security class with Landmark Technology and with Landmark applications.
To implement the rules contained in these security classes, you assign them to roles to which actors are also assigned. The actors represent users in the system, and with the linking of both actors and security classes to roles, the users are linked to rules that govern their access to securable objects.
You can also restrict access to the Security Administration utility itself by allowing access to it only by users in a specified operating system user group and by enforcing password requirements for it.