Classes and rules for administrative users

Louis can make use of the Lawson-delivered roles SuperAdminRole and RMADMIN, but he still needs to create classes and rules that will be assigned to the SystemAdministrator and PortalAdministrator roles.

System Administrator classes

In EZShed's case (and for simplicity in explaining), Louis created security classes that give access to all securable objects in the ENV and GEN profiles.

In order for the security administrator to be able to run a utility, like dbreorg, that makes changes to Lawson files (tables), the class must also include a rule that gives access to the application product line (data source).

Note: Realistically, an administrator might not need access to all the objects and tables in the ENV and GEN profiles, but a decision about which objects and tables do not apply and can be ignored must be made at a customer site in conjunction with your Lawson consultants.

To meet these requirements, Louis created the following classes:

  • SysAdminENVAccess

  • SysAdminGENAccess

To create the SysAdminENVAccess class, Louis selected each securable type (Online, Printers, Queues) and granted all access to each object within each type.

The following screen shot shows the SysAdminENVAccess class that Louis created.

Screen clip: SysdminENVAccess which grants access to ENV profile objects needed by a Lawson system administrator

To create the SysAdminGENAccess, Louis granted all access to securable objects including all Data Sources. This ensured that utilities like dbreorg will be able to update data as needed.

The following screen shot shows the SysAdminGENAccess class that Louis created.

Screen clip: SysdminGENAccess which grants access to GEN profile objects needed by a Lawson system administrator

Additional details about how to make selections for rules are in Lawson Administration: Resources and Security.