Functional Profiles

Functional profiles control which set of security classes and rules applies to users when they attempt to access any securable objects in a data source. Before a user can have access to a data source, you must define a profile that includes rules that grant access to that data source and you must assign the profile to the data source.

Functional profiles apply to your application product line data sources, the GEN data source, the Resource Management data source, and the Environment data source. In the case of application product lines, the data sources are the data areas and data IDs in the product line. The GEN data source contains information on OS users and Environment groups. The Resource Management data source represents the Lawson LDAP data as well as some data stored in the LOGAN data area. The Environment data source is for the Environment programs or utilities, job queues, and printers.

The profile for a data source must exist before you can define any security classes or rules. This is because when you write rules for specific objects such as forms and files, you must select the set of objects that you want to write rules for. When you define a profile, you indicate the data source to be used to identify the available securable objects. Then, when you write rules, Lawson Security can provide you with a list of the securable objects for you to select from.

Creating one profile per data source is a typical scenario, but doing so is not a requirement. The number of functional profiles you choose to create depends on your situation. Here are three scenarios:

Profile Scenario Description
One profile per data source Typical scenario. This means you define a separate profile for each data source. This is appropriate if the security needs of each data source are significantly different and if the data sources belong to different product lines. For example, you must have separate profiles for your Resource Management and application product line data sources.
One profile applied to multiple data sources This means that you assign the same profile to more than one data source. You can do this only if all the data sources belong to a product line on the same release level and contain the same Lawson application programs, forms, files, and so on. This is appropriate if the data sources have similar security needs and you can handle the differences within the single profile.
Multiple profiles available for a data source (only one applied at a time) This means that you create multiple profiles for the same data source. However, you are allowed to assign only one of these profiles at a time to the data source. This is appropriate if you want to be able to switch the security for a data source. For example, if you want to test different security setups, you could switch which profile is applied and thus easily compare how the different security setups work.
Illustration: Profiles, Security Classes, and Data Sources