Assigning GEN Security Classes to Roles
Landmark Environment post-installation instructions include
the import of a security specification file using the secadm utility with the following syntax:
secadm -f %LAENVDIR%\install\secadm_script.txt
Among other configurations, this procedure preassigns two roles,
Security Administrator and JobQueueServer, to the lawson user and the current user, to provide minimal operating security
for the GEN product line. If you did not run this script at installation,
you can still assign the roles at any time manually or using the import
script.
Some security classes have specific conditions that restrict access to some actions. For more detailed information on each security class, review the security class code.
Templates for Security Class/Role Assignments
Use this key for the roles in the following table:
| Role | Abbreviation |
|---|---|
| SuperAdministrator | SuAdm |
| SecurityAdministrator | SecAdm |
| DataAreaSecurityAdministrator | DASecAdm |
| JobQueueServer | JQ |
| SystemAdministrator | SysAdm |
| DataAreaAdministrator | DAAdm |
| ApplicationUser | AU |
There are no specific rules regarding the assignment of security classes to roles; you can assign any class to any role you create. However, the following assignments are samples of starting points for your security implementation.
| SuAdm | SecAdm | DASecAdm | JQ | SysAdm | DAAdm | AU | |
|---|---|---|---|---|---|---|---|
| ActorAdminAccess | X | ||||||
| AgentMgmtAccess | X | ||||||
| AllGenAccess | X | X | |||||
| AuthorAdminAccess | X | ||||||
| BasicProductLineAccess | X | X | X | ||||
| DataAreaAdminAccess | X | ||||||
| DataAreaAuthorAdminAccess | X | ||||||
| DataImportAccess | X | ||||||
| JobQueueAccess | X | ||||||
| ProductLineAccess | X | X | |||||
| ServiceAdminAccess | X |
Assigning Roles to Actors
After creating roles, those roles must be assigned to actors.