If JavaScript is disabled, please continue to the
sitemap
.
Resources and Security Administration Guide
Home
Home
Back
Back
Forward
Forward
Search
Help
Copy URL
PDF
Print this page
Help
Help
Copy URL
Copy URL
Topic URL copied to clipboard
PDF
PDF
Print
Hide the Table of Contents
Show the Table of Contents
Before you begin
Overview
Infor Security overview
Infor Security
Infor Security Services (ISS)
Resource Management
Single sign on
Terminology
User
Product Tour
Infor Security Services (ISS)
The Lawson Security Administrator
The Resource Management Administrator
Lawson Security and Resource Management Components
Session management
Resources
Attributes
Groups
What Is a Profile?
Functional Profiles
Administrative Profiles
Securable Objects
Types of securable objects
Selecting objects: selector form and icons
Roles
Rules
Security Classes
Setup Overview
User / Actor Setup: Overview
Creating Roles
Creating groups
Adding users and their identities to the Lawson system
Assigning roles to users
Populating optional user attributes
Federated systems: Update users through the LSS tool whenever possible
Lawson Security Setup Overview
Securing Security
Defining Functional Profiles
Creating Security Classes
Creating Rules
Assigning Security Classes to Roles
Assigning a Profile to a Data Source
Working with Resources
Locating Resources through Queries and Views
What Are Views?
Locating Users (Resources), Groups, or Roles
Creating queries
Working with your results list
Updating the entry
People and Thing Resources
Adding People Resources to Resource Management
Adding a Thing Resource
Groups
What Are Groups?
Creating, Updating, or Deleting a Group
Adding a group
Changing a group
Deleting a group
Structures
Structures Overview
Structure Requirements
Structure Rules
Using Unique Node IDs with Structures
Creating a Simple Structure
Creating a Structure
Populating a Structure with Users
Initial System Setup
Application Profile
Create an application profile
Securing Security
Do You Need to Secure Security?
Administrator Securable Types and Securable Objects
Administrative Profile Securable Objects
Selecting objects for administrative profiles
Creating Security Classes for the Administrative Profiles
Writing Rules to Secure the Administrator
To write a rule for securable types
To write a rule for an individual securable object
Writing Rules for Resource Management Administrators
Creating and Administering Services and Agents
The ssoconfig Utility
The ssoconfig Utility: Overview
Creating Services and Agents
SSO Services, Agents and Identities
Black box service
Defining a black box service
Creating a Black Box service
Database User Authentication and the Database Service
Database User Authentication Overview
Database Service
Database User Authentication Options
Database Driver Configuration File
Creating or Changing a Database Service
Activating the Database Service: Next Steps
Adding and Updating Users and Identities
General User Requirements
Lawson Portal Users Access Requirements
Online Only Users
Batch Job Users
HR Data Item Security Users
Lawson Self-Service Application Users
ProcessFlow Users
Services Automation (PSA) Users
Privileged Users and Other Default User Requirements
Privileged Identities
Infor Lawson System Foundation Default Environment / OS Identity: Overview
Setting Up the Default Environment / OS Identity
Post-Setup Behavior of the Default User
The OS User and the ONLINE Privileged Identity: Additional Details
Privileged Identity for Batch Jobs (Windows only)
Application-Specific User Requirements
OLE DB Object Services User Requirements
Self-Service Applications User Requirements
Lawson Design Studio User Requirements
Fax Integrator User Requirements
Lawson Interface Desktop (LID) User Requirements
Infor Lawson Add-ins for Microsoft Office Additional Requirements and Options
Infor Lawson Add-ins for Microsoft Office User Requirements
Fine-Tuning Access to Infor Lawson Add-ins for Microsoft Office
Configuring Infor Lawson Add-ins for Microsoft Office
Adding values to the ADDINS attribute
Permission Strings Matrix
Adding (or Updating) an Individual User in an LSF Standalone System
User Setup in Lawson Security: Overview
Checklist: Adding a User to Infor Lawson System Foundation
Create at least one group for batch users
Adding a New Lawson User to Resource Management
Adding an Environment / Operating System Identity on UNIX or IBM i
Adding an Environment / Operating System Identity on Windows
Adding an SSOP Identity for a User
Add Environment Information (Basic) for the New User
Running as another user for configuration and testing
Test a New Lawson User
Updating User Information
Locating the user
Performing an advanced query
Other view options
Disabling a User
Deleting a User
Mass-Loading Users
What Is the loadusers Utility?
Should You Use the loadusers Utility to Mass-Load User Attributes in Infor Lawson System Foundation?
The XML Input File for loadusers: General Information
Example 1: Creating a loadusers XML Input File for Self-Service Center Users
Example 2: Creating a loadusers XML Input File for Batch Users
The loadusers Utility XML Input File Template: Description of Attributes Included in this File
Auto-Loading Lawson Users (loadusers)
Deleting Large Numbers of Users, Roles or Groups through the loadusers Utility
Deleting users: Sample XML file
Deleting roles and groups: Sample XML file
Working with Identities
Adding an SSO Identity to an Existing User
Mass-Creating Identities and Importing them to the Lawson Repository
Generating the identity file template
Populating the identity file
Loading identity data to the Lawson repository
Linking multiple RMIds (Users) to Identities (Manage Identities)
Mass Assigning RMIds (Users) to Identities (Manage Identities)
Mass Assigning Attributes to Users: Overview
Mass Assigning Attributes to Users
Example Identity Files
Populating an Identity File: General Steps
Populating SSO Identity Files for the SSOP Service
Populating SSO Identity Files for the Environment/OS Service
Populating SSO Identity Files for Self-Service Applications
Populating SSO Identity Files for the Database Service
Managing Passwords
Working with User Passwords
Changing Specialized User Passwords through the useratts Page
Changing passwords and other attributes from the useratts page
Enabling / Disabling Users' Ability to Change Special User Passwords
Working with System Passwords
The ssoconfig utility password: Configuring, changing, and recovering
Performing a routine change of the ssoconfig password
Password recovery
Configuring password recovery via e-mail
Recovering the password via e-mail
Changing the password at the command line as a recovery mechanism
Customization Tools and Procedures
Lawson Schema Editor
What is Lawson Schema Editor?
What you can do with Schema Editor
Schema Editor users
Schema Editor process
Verifying and Installing Schema Editor
Adding an Attribute to Lawson Schema
To add a new attribute to Lawson Schema
To link an attribute to an object definition
Changing the Default Value of a Resource Management Attribute
Hiding a Resource Management Attribute
Refreshing Metadata
The ldifgen Utility
Running the ldifgen Utility
Changing LDAP Policies and User Account Properties
Configuring LDAP Policies: Resource Management APIs
RMApiInit.properties and defaults
RMApiInit properties descriptions
Mapping User Entries from an Existing LDAP Directory to the Lawson Resource Management Repository
Map User Entries from an Existing LDAP Directory to the Lawson Resource Management Repository
Changing the structural class of the RM People object
Mapping the RM People object attributes to your attributes
Run ldifgen and import the ldif
Edit the properties file
Copy Lawson-delivered service entries to the new location
Create Lawson-delivered users in your repository
Restarting the security server
Transform existing LDAP users to RM People Resources (optional)
Exposing Existing LDAP Users to Lawson
Create a file of users
Run the addresourceutil program
Import the LDIF to your LDAP directory
addresourceutil parameters
Creating Rules and Assigning them to Users
Defining Functional Profiles
Defining a Profile
Assigning a Profile to a Data Source
Creating Security Classes
Creating Security Classes
Securing IOS Web Services
Form Personalization tokens
List Personalization tokens
LSR File Manager tokens
File Manager tokens
Other tokens
Writing Simple Rules
Rule Writing Basics
Basic steps for writing a rule
Unconditional versus conditional rules
General guidelines for writing rules
Writing Rules for All Action Types (ALL_ADD, ALL_CHANGE, ALL_DELETE, ALL_FUNCTIONS, ALL_INQUIRES)
Writing Rules for Various Object Types
Securing Jobs, Job Queues, and Print Files: Overview
How Lawson Security applies security to jobs and reports
Lawson-delivered role for batch users (BatchRole)
Normal user jobs security access needs
System administrator jobs security access needs
Lawson Environment Group utilities
Securing Attachments with Lawson Security
What Are Attachments?
Security Rules for Attachments
Securing Attachments: Process Overview
Identifying the Data and Attachment Files
Writing Rules to Secure Attachments
Securing Design Studio in Lawson Security
Create the executable dstudio to Secure Design Studio Access
Securing dstudio executable with Lawson Security
Creating an executable for FileMgr to secure Design Studio
Securing FileMgr executables with Lawson Security
Providing Access for Developers
Securing Lawson Smart Office Form Personalizations in Lawson Security
Conditional "By Type" Rules
Writing Rules that Validate Values in Actions
Writing More Complex Rules Using Expression Builder and Dates / Times
Expression Builder Overview
Writing Conditional Rules with Expression Builder
Securing batch jobs and reports by user name
User Attributes for Date and Time Rules
Date and time rule attributes
Conditions for updating date / time attributes
Writing Conditional Date and Time Rules
Using the WildCharMatch() and match() Functions
WildCharMatch()
match()
Defining Element Groups
Writing Rules for Element Groups
To write a rule using element groups for specific application forms
To write a rule using groups for the global default level
To write rules that use element group access to control other data access
Writing a Rule to Check Objects within a Range
areElementsInRange syntax
areElementsInRange parameters
Example rules using areElementsInRange
Creating and Assigning Roles
Delivered Security Roles
Administrative roles
Creating, Updating, or Deleting a Role in Resource Management
Adding a new role in Resource Management
Updating a role in Resource Management
Deleting a role in Resource Management
Assigning Roles to Users
Assigning an ActorRole to a Landmark User
What Are Role Overrides?
Assigning Security Classes to Roles
Overriding Security Rules for a Role
Security Reports
Defining and Running Security Reports
Lawson Security Reports
Security report descriptions
Accessing security reports
Report Maintenance Console
Issues with reports
Running Security Reports
Working with Security Reports in CSV Format
Defining the Object Security Report
Defining the Profile Report
Defining the Profile Rules Report
Defining the RM User Attributes Report
Defining the RM User Report
Defining the Role-Security Class Report
Defining the Role-User Assignment Report
Defining the Security Class Report
Defining the Segregation of Duties Report
Defining the Service Report
Defining the User Security Report
Defining the Audit Report
System Configuration and Maintenance Tools
Troubleshooting
Troubleshooting User Access Issues with Lawson Security: Overview
Maintenance Tools
Security Checking: Turning on and off
Changing security checking for a data source
Changing security for DEFAULT (all data sources)
Turning security checking on and off
Lawson Security Configuration Utility (lsconfig)
Controlling Which Cipher Suites Are Enabled for the Security Server: Overview
Control Which Cipher Suites Are Enabled for the Security Server
Specifying which cipher suites are enabled for the Security Server
Enabling trace logging of the cipher suites on the client side of secured communications
Sample SecurityLoggerConfiguration.xml Modifications
Deleting Security Data from the LDAP Repository Using the lsdelete Utility
When to use this utility
Command syntax
Dumping and Loading Security Definitions (lsdump, lsload, lsinteg)
Migrating Security Profile Information Using lsload and lsdump
Step 1: Create a dump file of security system information using lsdump
Step 2: Verify the dump file using lsinteg
Step 3: Import the dump file using lsload
Step 4: Run loadusers
Idle Event Handler: Overview
Configuring the Lawson Security Server to Use Idle Event Source Management
Creating Configurable Login Pages
What Are Configurable Login Pages?
Creating the Zip File for a Configurable Login Page
Updating lsservice.properties for configuring login pages
Modifying and Adding Files for a Configurable Login Page
To modify existing files for a configurable login page
To add new files for a configurable login page
Enabling a Configurable Login Page using the ssoconfig utility
Troubleshooting Configurable Login Pages
Creating a Configurable Logo
Logo Images
Enabling a custom logo in the Infor Security Properties file
Configuring the logo in LSF
Deleting a custom logo
Security Configuration Settings
Security Logging: Configuring Log and Trace Settings
Security Logging: Configuring Rolling Security Logs
Working with the Lawson Security Server Log File (lase_server_#.log)
Logging user events and changing level of logging detail
Locating the security server log files on your system
Locating troubleshooting information within the file
Accessing and Configuring the Lawson Security Server Log File
Locating the security server log files on your system
Logging user events and changing level of logging detail
Limiting the Size of Your Security Log File
Lawson Security Property, Log, and Audit Files
Security Server Configuration Properties
SSO Settings
Changing the Single Sign-on Timeout Parameter for the System
Configuring LSF to give Infor OS Portal (or Infor Ming.le) control of timeout for LSF applications
Locate the values for Infor OS Portal (or Infor Ming.le) properties
Identify the delegated security service for LSF
Add the Infor OS Portal (or Infor Ming.le) properties to the delegated service
Changing Other SSOP Service Attributes
Turning SSO logging on/off through the Lawson Security Administrator Desktop Client
Updating a Certificate Using the ssoconfig Utility
LDAP Settings
Changing Technical LDAP Settings in ssoconfig
Changing Lawson authentication data store settings
Configuring for Vulnerability Mitigation
Vulnerability mitigation properties files
Configuring XSS (cross-site scripting) validation
Viewing the security authentication log file through the command line
Configure anti-CSRF token validation
Configure domain whitelists for on-premise deployment
Adding the Service Property to SSOP and SSOPv2 services using ssoconfig
Reference Information
Resource Management Attributes
Resource Management Attributes
Configuring session validation
Open link in new tab
Open link in new window
Copy link to clipboard