Self-Service Applications User Requirements

This section provides a high-level overview of how to set up users, for authentication and security access purposes, for Lawson Self-Service applications.

Self-service applications ensure that users are able to view only their own data. They employ a filtering technique that makes use of Lawson application data in conjunction with the security that has been assigned to the user. Using the Employee Self-Service application as an example, here is how it works:

The fields Company and Employee are keys in HR application data tables. These fields are linked to a user through the user's identity on the agent for the Employee application. The identity contains the attributes Company and Employee which must be populated with the same data that exists in the HR application tables.

These items describe the setup that an administrator must perform in order to prepare the Employee application for users:

  • Perform agent setup for the application. For Self-Service applications, the required agents are delivered, you do not need to use ssoconfig to create them. You do need to perform agent setup for any applications you use. Agent setup is a post-installation procedure in the application installation process. It is typically performed by a Lawson installer or a system administrator at your site. (Details are in the Employee / Manager Self-Service Installation Guide.)

  • Add identities to the agent for each user of the application. There are several ways to do this. You will choose the one that makes sense for your needs.

    When you create an identity for the Employee agent, you populate the attributes, Employee and Company, with the same data that appears in the HR11 application. This provides the link between Self-Service applications and HR application data.

    Creating agent identities is typically performed by a security system administrator at your site. Instructions are in this document.

  • Grant access to all applications and data that the user needs to run the Employee application. The most typical way to do this is to create a role for the Employee application. Each user would be assigned this role.

    Assigning roles to users is typically performed by a security system administrator at your site. Instructions are in this document.

Attribute setup for all self-service applications

If you use the following Self-Service applications, you must perform the required agent setup (described in the Self-Service application installation guide) and create identities on the agent for each user (described in this document).

The following table shows the name of the attributes that must be populated for identities created each self-service agent.

In the "Required attributes for identities" column, the number in parentheses () shows the maximum number of characters allowed the attribute.

Agent name Required attributes for identities (maximum characters)

EMPLOYEE

Used with both the EMPLOYEE and MANAGER Self-Service applications.

COMPANY (4)

EMPLOYEE (9)

VENDOR VENDOR (9)
CUSTOMER

CUSTOMER (9)

CUSTOMER_GROUP (5)

REQUESTER

Used with the Requisition Center application.

REQUESTER (10)
Note: The attributes ACTIVITYLIST and ACGRPCOLLECT are used with the Reporting Self-Service application but they do not need to have an agent.