Simplify the move to Lawson Security 9

Introducing

SECURITY MIGRATION

Agen

da» Background

» LAUA Security Methodology

» LS9 Security Methodology

» Migration Process

» Our Solution

» Deliverables

» Tips & Tricks

Thank you for taking to time to view our presentation. I will be walking you through each step in our migration process. Just remember to click after each slide and we should be done

soon!

Founded by Dan and Brad Kinsey, K&K has provided soft ware sales, implementati ons, support and development for over 29 years.

Lawson reseller and implementati on partner since 1996

Lawson Certi fi ed Systems Integrator Partner

Lawson Complementary Soft ware Partner

Lawson’s “Go to” Reseller/Implementer for Public Sector

2 ti me Partner of the Year

Focusing on the development of Lawson complementary soft ware products

Our Background

A little about us.

LAUA Security Methodology

LAUA security is a structured Silo model built by creating Security Classes that restrict access to specific System Codes, Forms,

Function Codes and Tables. A major restriction of this model is that it fails to provide any ability to share security settings between

Security Classes. And since users can only be attached to a single Security Class, a slightly different job requirement requires an

entirely new Security Class.

Let me provide a brief explanation

of how LAUA security works.

LAUA Silo Structure

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Clerk

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Assist

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Super

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Admin

I call this the Silo effect. Nothing about your security is shared

from one class to another making the

model difficult to manage.

LAUA Silo Structure

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Clerk

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Assist

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Super

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Admin

When you set up a new class full access is

provide by default. You can then restrict

access to systems, table, forms and

functions.

LAUA Silo Structure

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Clerk

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Assist

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Super

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC Admin

A slightly different role requires you to set up

a new class. In this example black

represents full access, red is no access, and blue is inquiry only.

LS9 Security Methodology

Lawson has changed the security model to follow a role based structure. In this model Security Classes are created to group a

series of forms together to accomplish a specific task. (i.e. IC Setup). These Security Classes (tasks) are then assigned to Roles

within the organization (i.e. Inventory Manager). Security Classes can be shared between multiple roles and users can be

assigned to more than one role in the organization.

Lawson adopted a new methodology

with Security 9

LS9 Structure

IC Admin

IC Super IC Clerk

IC Assist

Inventory02

IC10.2IC11.1

IC10.1

IC11.2 IC11.3

IC11.6

IC12.2 IC15.1

IC12.1

IC20.1

IC20.2

IC20.4IC21.1IC11.

4 IC11.5

IC242 IC241 IC240

IC262 IC260

IC280

IC246

Inventory01

IC20.1IC20.2

IC11.6

IC20.4 IC21.1

Inventory05

IC11.2IC11.3

IC11.1

IC11.4 IC11.5

Inventory04

No User access is provided by default

Security Classes (Tasks) grant specific Form, Function Code and Table access

Conditional Logic can be added at any levelObjects are shared between Roles and Users

Multiple Roles can be assigned to a User

This example reflects the same security access as the LAUA graphic only now

organized by Role and Task. Some major

differences are listed below.

IC01.1 IC01.2 IC06.1 IC07.1

IC08.1IC200IC201 IC202

Inventory03

Accuracy ResourcesCost Time

Complementing Lawson Solutions

So what are our customers’ biggest

concerns?

» Define your organization’s Roles (AP Manager, AP Clerk)

» Define a list of operational tasks (AP Invoice Entry, Check Processing)

» Assign form names to each Task (over 6000 forms)

» Assign table names to each Task» Determine access Rules for each form (ACDINP+-)

» Build your Task (Security Classes)» Build your Roles» Determine which forms each user needs to access for proper class assignments» Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users» Implement form Rules» Build conditional logic» Perform positive and negative Testing

BUILDING LS9At a high level these

are the steps you need complete when setting up Security 9. Click to see what our utility

can do for you automatically!

» Define your organization’s Roles (AP Manager, AP Clerk)» Define a list of operational tasks (AP Invoice Entry, Check Processing)

» Assign form names to each Task (over 6000 forms)

» Assign table names to each Task» Determine access Rules for each form (ACDINP+-)» Build your Task (Security Classes)» Build your Roles» Determine which forms each user needs to access for proper class assignments» Assign your Task (Security Classes) to your Roles » Assign your Roles to your Users» Implement form Rules» Build conditional logic» Perform positive and negative Testing

BUILDING LS9Your Roles, Security

Classes and User assignments are

created automatically ! You’re well on you way

to building a new model!

Identifying and Validating the forms a User needs to access

Organizing over 6,000 forms and tables into Security Classes

Properly restricting function code access for each form

Building conditional Logic

Creating and assigning Roles to users

Verifying User security

So what’s the challenge? Well, how about these

thoughts….

Our 3 Step Approach

2Build & Load

1Analyze & Tune

3Customize,

Validate & Deploy

Let’s explore our 3 step

approach….

» Use our Listener to find the forms that are being accessed

» Analyze LAUA using our SOD violation report

» Identity common access points between Security Classes to eliminate redundant classes

STEP 1 - TUNE

1Analyze & Tune

Our process is based on analyzing and tuning LAUA before we build LS9. Let me explain how these 3 steps

help us with that challenge.

LISTEN

IC Clerk

IC Assist

IC Super

IC Admin

Lawson ApplicationsListener Application

LawsonDatabase

ListenerDatabase

Analyze & Tune

Our Listener application will collect information on who, when and how every form has been used.

Over a period of a few weeks we track all form activity for

each user.

Use the Listener Pivot tables to analyze actual usage by Security Class/Form, User/Form, User/System Code, or System Code/Security Class

Analyze & Tune

LISTENWe then analyze this data in many different fashions using pivot tables.

The Tokens Not Used report compares your actual usage to your security setti ngs. For tokens not being used simply drag and drop the word ‘DENY’ in any cell to change LAUA security.

Analyze & Tune

TOKENS NOT USEDThe listener results are

then compared to your LAUA security settings. You can

change LAUA straight from Excel.

ANALYZE - SOD

Analyze &

Tune

Segregati on of Duti es ensures an appropriate level of checks and balances upon the acti viti es of individuals.

The next step involves using our segregation of duties module to

look for potential problems in LAUA.

ANALYZE - SOD

Analyze &

Tune

Our 192 policies use over 2000 rules to

make sure you have implemented the proper checks and

balances.

ANALYZE - SOD

Analyze &

Tune

You can now use this report to change LAUA

and prevent future violations in LS9.

The LAUA Class Comparison Graph helps identi fy the security classes that may be similar.

ANALYZE - REPORT

Analyze &

Tune

Next we want to check for redundant

classes. This comparison graph

highlights where we might have similar

LAUA classes.

Using the LAUA Security Report allows you to evaluate specifi c security class setti ngs and diff erences. This report includes security setti ngs for forms, tables, conditi onal logic, data security and user profi les.

ANALYZE

Analyze &

Tune

Our LAUA reporting allows you to review

exactly how your security is defined.

ANALYZE

Analyze &

Tune

Security classes are lined up side by side

allowing you to easily see any differences.

ANALYZE & TUNE

Analyze &

Tune

So now that we have tuned LAUA based on

actual usage, segregation of duty

violations and redundant classes let’s move on the

Step 2.

Conversion Utility » Create Security Classes

» Create Roles

» Assign Security Classes to Roles

» Assign Roles to the appropriate Users

» Create LS9 profile using Lawson’s load uti lities

STEP 2 - BUILD

2Build & Load

Our utility will do these steps

for you automatically!

LS9 Structure

IC11.6

IC20.1IC20.2

IC20.4IC21.1

IC11.1 IC11.2 IC11.3

IC11.5IC11.4

IC11.1 IC11.2 IC11.3

IC11.5IC11.4

IC10.1 IC10.2

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC12.2 IC15.1

IC12.1

IC10.1 IC10.2

IC240 IC241

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC12.2 IC15.1

IC12.1 IC246 IC260

IC242

IC262

IC11.6

IC280IC20.1IC20.2

IC20.4IC21.1

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC01.1 IC01.2

IC06.1 IC07.1 IC08.1IC200IC201 IC202

IC240 IC241

IC246 IC260

IC242

IC262IC280

IC240 IC241

IC246 IC260

IC242

IC262IC280

IC240 IC241

IC246 IC260

IC242

IC262IC280

IC10.1 IC10.2 IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC11.6

IC20.1IC20.2

IC20.4IC21.1

IC10.1 IC10.2 IC11.1 IC11.2 IC11.3

IC11.5

IC12.2 IC15.1

IC11.4

IC12.1 IC11.6

IC20.1IC20.2

IC20.4IC21.1

IC Clerk

IC Assist

IC Super

IC Admin

IC242 IC241 IC240

IC262 IC260

IC280

IC246

Inventory01 Inventory02

IC10.2IC11.1

IC10.1

IC11.2 IC11.3

IC11.6

IC12.2 IC15.1

IC12.1

IC20.1

IC20.2

IC20.4IC21.1IC11.

4 IC11.5

IC01.1 IC01.2 IC06.1 IC07.1

IC08.1IC200IC201 IC202

Inventory03

IC11.2IC11.3

IC11.1

IC11.4 IC11.5

Inventory04

IC20.1IC20.2

IC11.6

IC20.4 IC21.1

Inventory05

The utility identifies common access between Security Classes and creates an LS9 task.

Let’s go back to the original LAUA diagram. By identifying common access for each system code across all security classes we can create

unique task. Click to see how.

LS9 Structure

IC Admin

IC Super IC Clerk

IC Assist

Inventory02

IC10.2IC11.1

IC10.1

IC11.2 IC11.3

IC11.6

IC12.2 IC15.1

IC12.1

IC20.1

IC20.2

IC20.4IC21.1IC11.

4 IC11.5

IC01.1 IC01.2 IC06.1 IC07.1

IC08.1IC200IC201 IC202

Inventory03

IC242 IC241 IC240

IC262 IC260

IC280

IC246

Inventory01

IC20.1IC20.2

IC11.6

IC20.4 IC21.1

Inventory05

IC11.2IC11.3

IC11.1

IC11.4 IC11.5

Inventory04

Roles

ICTABLES

Inventory

IC Tables

Your old security classes become Roles,

the class are built automatically and we

make the proper connections including

tables.

LS9 Structure

IC Admin

IC Super IC Clerk

IC Assist

Roles

ICTABLES

Inventory

IC Tables

IC Setup 01

IC10.2IC11.1

IC10.1

IC11.2 IC11.3

IC11.6

IC12.2 IC15.1

IC12.1

IC20.1

IC20.2

IC20.4IC21.1IC11.

4 IC11.5

IC Setup 02IC01.1 IC01.2 IC06.1

IC07.1 IC08.1

IC Reports 01IC200IC201 IC202 IC242

IC241 IC240

IC262 IC260

IC280

IC246

IC Reports 02

IC20.1IC20.2

IC11.6

IC20.4 IC21.1

IC Setup RO 01

IC11.2IC11.3

IC11.1

IC11.4 IC11.5

IC Setup RO 02

Categories: Setup, Processing, Analysis, Update Batch Job, Purge Batches, Reports, Interfaces, and Miscellaneous.

If you need to be more granular we can create

classes based on the category list shown

here.

» Compare and tune form access rules

» Evaluate and create conditional logic

» Validate User access

» Activate Security 9

STEP 3

3Customize, Validate &

Deploy

You’re now ready for the final phase where we add special logic, tune function codes and get the users to

do some testing.

OUTLIER REPORT

Customize, Validate &

Deploy

The Outliers report identifies any special

function rules in LAUA that we may want to

incorporate in the LS9 model.

ANALYZE & TUNE

Analyze &

Tune

One you tweak your function codes some

additional time may be required to build special

rules based on your organizations

requirements, but your pretty much ready for

testing.

Security 9 Reports – Security Admin Reports

You’ll have access to our security

dashboard to evaluate any security

settings while performing your test.

Security 9 Reports – Security Admin Reports

Our flexible user interface makes it simple to analyze

your model.

VALIDATE - SOD

Segregation of Duties ensures an appropriate level of checks and balances upon the activities of individuals.

You can continue to use our segregation of

duties module to check for any user violations in LS9.

SELF SERVICE

Customize, Validate &

Deploy

We’re just about done . If you need help with self-service we deliver

a proven set of templates for ESS,

MSS and RCQ.

» Security Overview and Kickoff» Soft ware Installati on» Technical Support» Kinsey Project Manager» Report Training» Creati on of Security Classes and Roles» Security Class and Rule Analysis» Assist with Data Element Security » Assist with Conditi onal Logic» Proof of Concept Workshop» Security Testi ng» Security Training» Go Live Support

SERVICESHere is a quick overview of the services required

to complete the project. We will do as much as

you want or let you take the lead!

» Token Listener» Security Builder» Segregation of Duties» LAUA Reporting» LS9 Dashboard

TOOLSYou will have access

to all of these products during the

project.

HIGHLIGHTS» Takes advantage of the knowledge already put into LAUA security

» Utilizes actual form usage to fine tune security setti ngs

» Re-engineers LAUA to automatically build your LS9 security model

» Includes all Custom Forms created in your system

» Leverages Lawson’s uti liti es for building LDAP

» Takes signifi cantly less ti me than other methods

» Requires less of your resources

» It ’s built around your business practi ces

These highlights are what make us

different.

Guy HensonVP Business Developmentcell: 757-621-8236g.henson@kinsey.comwww.kinsey.com

And as we like to think, it’s not about

converting LAUA, it’s about building a better

model!