Implementation considerations

You can assign a separate PortalRole file to the external domain for users accessing the Lawson system outside of the firewall. You can use this role file to configure a separate home page, remove the search box or menus, or both, and set up the bookmark subscription locks. You can secure the features of the Lawson interface for users on the external domain. All users accessing Lawson outside the firewall use the role file attached to the external domain, if one is assigned. If an external role file is assigned to an external domain, then that role file is applied for all users of the domain. If an external role file is not assigned to a domain, then the individual role file assigned to each user in the Resource Management system is used.

You can use a PortalRole file to prevent users from unsubscribing to bookmarks on the external domain (subscription locks). Setting separate access rules for bookmarks on the external domain is currently not allowed. The list of bookmarks that is visible to a user on the internal domain is also visible to the user on the external domain. The custom rule files are used not to control access to bookmarks, but to the underlying securable objects (database tables or program forms) in the Lawson system instead. Custom rule files is set up to prevent access to any securable objects used by a bookmark that should not be accessible on the external domain. Use the template rule files delivered with EMSS as a starting point for your implementation.

The Internet-facing rule files provide an additional layer of security when your Lawson system is accessed from an external domain. The external security rules are applied first, followed by the internal security rules. This enables you to tighten application security when your Lawson system is deployed outside the firewall.

Because custom rule files restrict access to underlying securable objects in the Lawson system, accessing some bookmarks from the external domain might result in the application terminating with one or more object is secured messages. Same user on the internal domain might have full access to these same bookmarks. There is currently no ability to define additional bookmark access rules for the external domain, so users might want to know which bookmarks they can access externally to avoid those object is secured messages.

When setting up access rules in the custom rule files, multiple bookmarks might require some or all of the same underlying securable objects. In this case, if at least one of these bookmarks is set up as accessible in your rule file, then the other bookmarks can also be fully or partially accessible. Access rules are defined by taking the union of all rules set up across all rule files for the external domain.

See the information about setting up a PortalRole file in the Infor Lawson for Ming.le Administration Guide.

See the information about assigning a role file to an external domain in the Infor Security Services Configuration Guide.