Creating Security Sub-Administrators
This section describes how to create sub-administrators. There is no right or wrong way to do this. Customers can give access rights to administrators based on their needs in the same they can with any other kind of users, that is, by creating roles and assigning them to the appropriate administrators. This section uses examples to describe the sub-administrator roles that a hypothetical customer created.
As the result of their user needs analysis, the customer determined they needed to have the following administrator roles.
-
SuperAdmin: Can perform all Lawson Security functions. (The Lawson-delivered role, SuperAdminRole, provides all needed functionality in this case.)
-
RulesSubAdminRole: Perform all security tasks except assigning roles to users.
-
AddUserAdminRole: Can add users to the system, including assigning roles to users, but cannot perform any rule-related security tasks.
Creating a sub-admnistrator who can only write rules
For the RulesSubAdminRole, you would:
-
Grant limited access, for example, View only, to the RM profile. This is necessary to ensure that the sub-administrator has access to the Administrators tools.
-
Grant all access to the ADM profile.
-
You could also choose not to install the Resource Management Administrator on this user's desktop machine. This user needs the Lawson Security Administrator only.
Creating a sub-administrator who can only add users
For the AddUserAdminRole, you would:
-
Grant wide access to the RM profile.
-
Deny access to the ADM profile.