Security and User Maintenance Implementation Phases
This section describes the process of implementing Infor Security, including adding users to the system and writing and testing security policies.
Installation, an important phase of the process, is not covered in this document. Except as noted, this document assumes that all of Infor Lawson, including the Infor Lawson Core Technology, third-party products, applications, and the Infor Security and Resource Management Administrators have been installed.
Phase 1: User and task analysis
The first phase of setting up Infor Security is to do an analysis of your system. The analysis is primarily answering questions about your installation. Who are you users? What tasks do they perform? What data do they need access to? What data do they not need access to? What logical groups do users fall into? (This can be, but is not necessarily, your company's departments.)
The results of this analysis help you determine how to design your security system in a way that meets all users' needs and is efficient for you to maintain.
Typically, this phase begins prior to installation of the Infor Lawson system.
Phase 2: User access needs analysis
During this phase, you determine, based on the tasks that users perform, the securable objects that users need access to.
Phase 3: Determine roles that are needed at your site
In this phase you determine whether users, including those who perform distinctly different jobs at your company, have some tasks in common. If they do, you can create a role for those tasks. For example, suppose all users in your organization, from the CEO on down, use the Employee Self Service application to view their leave balances. You could create a role called "ESSLeaveBalance" that would be assigned to all users.
A role can also be created for just one user. For example, if the only Human Resources department worker in your company who can access executive compensation is the HR Directory, you could create a role called "HRDirector" that would have access to that data and assign it only to that individual.
Phase 4: Identify unique characteristics of securable objects
As you will see as you read the scenarios in this document, some Infor Lawson securable objects (application forms, reports and so on), have built-in application security. You will want to leverage application security when you write rules, so you must perform some analyses to determine if application security is used on the securable objects you need to secure. This document describes how to perform that analysis.
Phase 5: Create security classes and rules
In this phase, you are actually defining your security policies. Typically, you create security classes and rules at the same time.
Phase 6: Add users and identities
There are several ways to add users and their required identities to the system. The scenarios describe several methods.
Phase 7: Apply security to users through roles
When security classes exist, they are assigned to roles and roles are, in turn, assigned to users.
Phase 8: Test security policies
Before users begin using Infor Lawson, you must ensure that your security policies function as intended. This document does not describe how to create or test security policies. Your Infor consultants will help you determine the best way to test your own policies.