LAWSON S3 SECURITY WELL-CHECK |
Contact Us |
It's not unusual to question if your security model is as secure as it could be. During the Well-Check process Kinsey's security consultants will perform a detailed analysis of your Lawson S3 security model to determine where your organization may be vulnerable to fraudulent activity or improper user access. The evaluation will also include recommendations for streamlining your Roles and Security Classes in order to make the model more secure and easier to maintain going forward. At the conclusion of the review process you will receive a report with recommendations on where you model could be improved.
The areas included in the review process: |
SECURITY PROFILES
APPLICATION PROFILE
- Validate which Profiles are in use
- Identify Unused Objects (Roles, Security Classes, etc.)
- Review User-Role assignments
- Evaluate SoD issues
- Review Role definitions
- Check for Role duplication
- Review design
- Review E/MSS Roles
- Evaluate over provisioning (i.e. SuperAdminRole, AllAccessRole)
- Review Role-Security Class Assignments
- Evaluation SoD issues
- Review Security Classes
- Check for Class duplication
- Review Form Class setup (i.e. Setup, Reporting, Processing, Batch jobs)
- Review Table Class setup
- Review Invoked Programs & Menus setup
- Provide recommendations
ENV PROFILE
This profile contains the executables needed at the environment level. Several of the executables are required for batch job processing for updates as well as reports.
This profile contains the executables needed at the environment level. Several of the executables are required for batch job processing for updates as well as reports.
- Review Batch Class design
- Review Batch Class assignments
- Review Printer Class design
- Review Printer Class assignments
- Provide recommendation
GEN PROFILE
Objects in the Gen profile are the high level system files. Many of these files are required for batch job processing. It is used in conjunction with the Batch class in the ENV profile.
Objects in the Gen profile are the high level system files. Many of these files are required for batch job processing. It is used in conjunction with the Batch class in the ENV profile.
- Review Batch Class design
- Review Batch Class assignments
- Provide recommendation
LGN PROFILE
The LGN profile contains the objects needed from the Logan product line. Logan controls the system bookmarks.
The LGN profile contains the objects needed from the Logan product line. Logan controls the system bookmarks.
- Review Class design
- Review Class assignments
- Provide recommendation
USER SETUP
SYSTEM USER ACCOUNTS
Generally clients have system user accounts defined for job automations. Any account such as these will be identified and reviewed
REVIEW USER SETUP
Generally clients have system user accounts defined for job automations. Any account such as these will be identified and reviewed
REVIEW USER SETUP
- Review Attribute assignments
- Review Identity assignments
- Provide recommendation
DRILL AROUND AND SELECTS
Providing access to tables is required in order to see data in Drill Arounds and Selects, which allows users to select records from drop-down selection lists, and allows drilling from various screens into detailed data.
- Review conditional table logic
- Discuss any existing Issues
- Provide recommendation
CRITICAL FIELDS
- Review form access to critical fields (i.e. of PII and PHI data items)
- Review Drill (table) access to critical fields
- Provide recommendation
ELEMENTS AND ELEMENT GROUPS
While elements (ELM) are global definitions of a field, element groups (ELG) are securable objects themselves and defined by more than one element. User defined element groups are not delivered by Infor/Lawson and must be called by specific functions from forms and/or files. However, Lawson defined element groups can provide a solid foundation in the creation data level security for your business.
- Review use of Element and Element Groups
- Provide recommendation
CONFLICTING AND MULTIPLE FORM ACCESS
This is the common problem of a user having access to a form through more than one Role or Security Class.
- Provide report of multiple form access per user
- Provide report of conflicting form access per user
- Provide recommendations of resolve potential issues.
SECURABLE TYPES
Provide global access to forms or files.
- Review use of Securable Types in the security model
- Provide recommendations of resolve potential issues.
SELF-SERVICE
EMSS – Employee and Manager Self Service are a set of “self-evident” applications or bookmarks that allow you to inquire or update HR, LP, BN, PA, or PR data in Lawson.
- ESS – review that only the employee can see themselves
- MSS – review that the Manager can see themselves and those in their chain of command only.
- Provide recommendations of resolve potential issues.
INQUIRY ONLY ROLES
- Review rules on Inquiry-only Roles
- Provide recommendations of resolve potential issues.
ACCESS REQUIRMENTS
- Remote access to all Lawson environments included in the evaluation.
- Security credentials for viewing security settings
SOFTWARE APPLICATION
For the evaluation Kinsey will provide free of charge their Security and Segregation of Duties reporting applications in a hosted environment. The customer will have full access to the following report types:
- Users – All Objects (13 reports)
- Roles – All Objects (8 reports)
- Security Classes - All Objects (10 reports)
- Segregation of Duties report by User
- Segregation of Duties report by Role
OPTIONAL SERVICE
Assistance with the following topics is not within the scope of this proposal. Any help in these areas will require additional time beyond this 3 day engagement.
- Reviewing the Organization’s Onboarding Process and Automating Procedures.
- Landmark Security Review
- PHI/PII Security Review
- Demonstrate usage of ISS and assist with the sync.
- Any other issues you are currently experiencing
- EMSS Review Role and Security Class setup
- EMSS Review ELG use for securing data
- EMSS Review User Identity assignments
- EMSS Review Privileged User assignments
- EMSS Review your current setup for HR Record level or Data level security setup within the HR application.