Security Tables

There are tables (to an extent).... If you can figure out how to get the Lawson AD structure set up as a data source.
You'd have to go through the AD structure for Lawson. Not your corporate AD, but just the one for Lawson that contains the information.

I've got a shell script that uses ldapsearch commands to create a static html file... since the data doesn't change all that often, we can just refresh the html file once a day or even less often...

 

Attached should give you an idea at least...  creates an html file of all of the groups and their members.

Carla,
Roles and Groups from which part of the product, LSF or LTM? If you’re referring to LSF, then Greg is correct. If you’re referring to LTM, then some of it is in the LTM productline, and some in the Landmark GEN productline.

Oh, yeah... sorry. Way to keep me honest, Kwane.

Thank you both

Both: S3 roles and groups, and LTM roles

I need to review each user's roles and groups to determine if they need a change in a few permissions based upon other criteria like job code, pay grade, etc. We do not have Infor OS implemented. 

As I write this, I am relaizing the lookup tables would not help, So, this dicussino helped me clear my mind around that part.

Thank you anyway!

Whether or not InforOS is implemented won't matter to my script.

Hi Carla. You did say you wanted to do this in a flow, and you're on-prem. So, you do probably have the option of configuring the Lawson S3 LDAP in IPA configuration, which requires a server, port, credentials, and LDAP root. You then use the LDAP query node in your flow to retrieve the roles and groups, etc. Very bare metal, but it will work for what you want. Depending on your configuration, you'll likely need to work with your network folks to get a port opened to your desktop for testing--or use an RDP connection into a server that has IPD installed--and has network connectivity to the ldap server/port. (Once you have your flow working, you can have this rescinded, and make sure that similar path is available from the IPA server to LSF server -- which is usually not an issue).

As S3 and LTM are synched , the user (Actor) roles will end up in LTM tables. I have an Excel refreshable spreadsheet that uses a SQL query to retrieve all Actors and roles and displays in a Pivot. I can send the SQL along if anyone interested.

yes, correct, from both products: S3 and LTM

Yes, I found the LDAP tables. This will reruire a loop to gather each role and group for each user correct?

Hello

Yes please. I am interested, thank you.

Carla - Not sure if you wanted this/or if this is what you need. WHen the excel sheet data is refreshed, All LTM actor/security roles will populate the Data/Pivot sheets.

Attached files.

SQL file s/b self explanitory. Run it in SSMS/Query tool to verify.

Excel FIle will need some changes and hopefully will just refresh. Goto Data/COnnections and select the properties on stored connection "LWS-DB-1". In the Definition tab change all the particulars to your LTM/S3 DB server. You need to change the SERVER=, UID=,PWD= and DATABSE= to match your envirenment. UID/PWD must be SQL Server login credentials. Yes, Excel stores PWD info, but no getting around that. If you make the changes and refresh, verything should repopulate with your data. You will be asked to save password with connection, just say yes.

DRIVER=SQL Server;SERVER=LWS-DB-1;UID=lbireport;PWD=sqlpwd;APP=Microsoft Office 2010;;DATABASE=LWSProd

Carla, earlier in your post you said you were trying to query/update within a flow. So I would caution you against using too much custom scripts/SQL, etc. and just stick to the tools that are available to you within IPA. This is important particularly if you ever intend to go to hosted CloudSuite, since you only can use supported tools. In particular, if you are looking for *defined* roles and groups, then you need to look at the LDAP data using LdapQuery node. If you are looking for the roles and groups *assigned* to users, then use ResourceQuery.