What Is the Build Security Utility?

The bldmsf2000sec utility will duplicate Lawson table level security in the Microsoft SQL Server database.

Security constraints and privileges placed on database tables are enforced when users attempt to use Lawson applications to access those tables. When non-Lawson applications or tools access Lawson data stored in the Microsoft SQL Server database, they do not encounter any Lawson security restrictions or privileges.

When you make changes to any of your table-level security constraints, run bldmsf2000sec to implement the changes in the Microsoft SQL Server database. When you drop and recreate any tables either by using the utility or by reorganizing the Lawson database, you also drop all security constraints on those tables in the Microsoft SQL Server database. Run bldmsf2000sec again to reinsert your table-level constraints.

For more general information on security planning and implementation, see

  • Administration guides provided by your database vendor

  • Lawson Security and Resource Management Administration Guide

Using the Utility with Lawson Security and Resource Management

In Lawson Security, data level security and user information may be stored in LDAP. The bldmsf2000sec utility uses Lawson Security APIs to retrieve security data from LDAP, based on security rules and the specified database service. Grant and revoke SQL statements are generated from this information.

Database drivers use database services to connect to the RDBMS. If your system uses Lawson Security, you must specify a database service for this utility using the DatabaseService parameter. RMIds and their permissions on tables in a product line are determined, and access to the database service is validated. If the RMId has access to the service, bldmsf2000sec resolves the database login and generates the grant or revoke SQL statement.

Note: The checkLS flag must be set to ON for a user (RMid) in order for grant or revoke SQL statements to be generated for that user.
Note: 

The bldmsf2000sec utility only resolves designated database logins for RMIds. It does not retrieve privileged database logins. This means that the service specified by the DatabaseServices argument must have a USE_USER_ID LoginProcedure assigned to it.