PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 12/18/2007 8:44 AM by  John Costa
Security Class Review
 7 Replies
Sort:
You are not authorized to post a reply.
Author Messages
k-rock
Private
Private
Veteran Member
(416 points)
Veteran Member
Posts:142


Send Message:

--
09/19/2007 7:41 AM
    How do people do quarterly access reviews of each security class in LAUA? Anybody have anything better than the paper reports from LAUA?
    0
    John Henley
    Private
    Private
    Senior Member
    (9563 points)
    Senior Member
    Posts:3205


    Send Message:

    --
    09/20/2007 10:46 AM
    I work with a client who does a quarterly review as part of SOX 404. They run the various LAUA reports, dump them to a desktop, and then use Monarch to parse them up into a spreadsheet.
    Thanks for using the LawsonGuru.com forums!
    John
    0
    k-rock
    Private
    Private
    Veteran Member
    (416 points)
    Veteran Member
    Posts:142


    Send Message:

    --
    09/20/2007 3:01 PM
    That was what I did in my last job. My new employer doesn't have Monarch. Any other "free" or "open-source" alternatives? I even have an access database that does a lot of the analysis, I just need monarch to load it.
    0
    Chris Martin
    Private
    Private
    Veteran Member
    (825 points)
    Veteran Member
    Posts:277


    Send Message:

    --
    09/20/2007 3:20 PM
    Oracle has an external table feature, where you can use a delimited file as a table and and do sql queries against it. It's pretty cool. I've used this to do sql queries against gen tables.
    0
    John Henley
    Private
    Private
    Senior Member
    (9563 points)
    Senior Member
    Posts:3205


    Send Message:

    --
    09/21/2007 8:23 AM
    Kelly, given that you used Monarch in your previous job, it's a tool that will do what you want to do, it costs <$1000. They should buy it and be done with it.
    Thanks for using the LawsonGuru.com forums!
    John
    0
    John Costa
    Private
    Private
    Veteran Member
    (378 points)
    Veteran Member
    Posts:154


    Send Message:

    --
    12/11/2007 9:47 AM
    We've been hit hard by both internal and external auditing and they continually find problems with our security settings.

    As a result, over the past few months, I've developed my own Lawson security reporting process. Using Lawson KB article 91578 as a reference, I dump all of the security tables in GEN to CSV files, which are then uploaded to a SQL-Server database on a nightly basis.

    Once I was able to determine in detail what kind of information was in each table, I developed a series of Crystal reports that hit this database and pull data back out. The beauty of using Crystal (or any other reporting tool for that matter) is that I can devlop my own reports as needed. I have reports that show me settings for a single user, for a single form, a single program area, etc.

    In addition to the Crystal reports, I developed a nightly process that compares security settings at that time to those 24 hours prior. Any differences found are saved off to an external report that is then e-mailed to data owners for review and validation, giving them a chance to ensure security changes are appropriate. And since the data is captured in SQL, I have the means to go back and see what changes were made and when.

    It's not perfect, but it's far better than what's provided under LAUA.
    _______________________
    JohnC - Wichita, KS
    _________________ John - Wichita, KS
    0
    k-rock
    Private
    Private
    Veteran Member
    (416 points)
    Veteran Member
    Posts:142


    Send Message:

    --
    12/18/2007 8:23 AM
    How big is the nightly data? How big is your total database? I'm running into space issues, our data file is about 90 MB each time and the users want the data every 2 weeks.
    0
    John Costa
    Private
    Private
    Veteran Member
    (378 points)
    Veteran Member
    Posts:154


    Send Message:

    --
    12/18/2007 8:44 AM
    Our Lawson system consists of about 3,600 users with the vast majority of them in a "self-service" security class. We have about 300 back-office users distributed among 65 other security classes.

    My nightly data dump consists of 18 csv files consuming about 8mb of disk space. The SQL-Server database that these files are imported into is about 60mb in size, including the log file.

    Hope this helps.
    ________________________
    JohnC - Wichita, KS
    _________________ John - Wichita, KS
    0
    You are not authorized to post a reply.