Securing Security
Securing security means creating sub-administrators who can access only certain components. You might want to create a hierarchy of security administration so that some administrators are considered sub-administrators and can only control access for specified system components. (At least one administrator must have access to the system as a whole.)
There are many reasons why setting up sub-administrators is a good idea. For example, you might have staff at your site who have a strong knowledge of applications to define security for an application product line. You would like these individuals to assign access rights for other users of the applications. However, you don't want them to be able to change their own security profiles. Creating a sub-administrator for the application would address this concern.
Another example: Suppose you have a large number of employees at your company that you want to store in your Lawson LDAP as people resources (whether or not they are Lawson users). People resources who do not need access to Lawson are added to the LDAP directory through the Resource Management Administrator. You could create "resource management sub-administrators" who only need access to the Resource Management Administrator to perform this task.
When to do it
Creating sub-administrators should be a first step because they will then define security for other users. You can add sub-administrators at any time.
How to do it
-
On the Security Administrator, create rules and security classes.
-
On the Resource Management Administrator, create roles.
-
On the Security Administrator, add the users who will be sub-administrators. Select the roles that the users should have when you add the users.