Implementation considerations

You can assign a separate PortalRole file to the external domain for users accessing the Lawson system outside of the firewall. This role file enables you to configure a separate home page, remove the search box and/or menus, and set up bookmark subscription locks. This enables you to secure features of the Lawson interface for users on the external domain. All users accessing Lawson outside the firewall will use the role file attached to the external domain, if one is assigned. If an external role file is assigned to an external domain, then it is applied for all users of the domain. If an external role file is not assigned to a domain, then the individual role file assigned to each user in the Resource Management system is used.

A PortalRole file can prevent a user from unsubscribing to bookmarks on the external domain (subscription locks). Setting separate access rules for bookmarks on the external domain is currently not allowed. The list of bookmarks that is visible to a user on the internal domain will also be visible to the user on the external domain. Custom rule files do not control access to bookmarks, but to the underlying securable objects (database tables or program forms) in the Lawson system instead. Custom rule files is set up to prevent access to any securable objects used by a bookmark that should not be accessible on the external domain. Use the template rule files delivered with EMSS as a starting point for your implementation.

The Internet-facing rule files described in this section provide an additional layer of security when your Lawson system is accessed from an external domain. The external security rules are applied first, followed by the internal security rules. This enables you to tighten application security when your Lawson system is deployed outside the firewall.

Because custom rule files restrict access to underlying securable objects in the Lawson system, accessing some bookmarks from the external domain might result in the application terminating with one or more object is secured messages. Same user on the internal domain might have full access to these same bookmarks. There is currently no ability to define additional bookmark access rules for the external domain, so users might want to know which bookmarks they can access externally to avoid those object is secured messages.

When setting up access rules in the custom rule files, multiple bookmarks might require some or all of the same underlying securable objects. In this case, if at least one of these bookmarks is set up as accessible in your rule file, then the other bookmarks can also be fully or partially accessible. Access rules are defined by taking the union of all rules set up across all rule files for the external domain.

See the information about setting up a PortalRole file in the Infor Lawson for Ming.le Administration Guide. Refer to the Infor Security Services Configuration Guide for details on how to assign a role file to an external domain.