LS Reporting - LawsonGuru.com - LawsonGuru.com Forums

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3288
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1348
Roger French	1311
mark.cook	1244

Frank Z

Advanced Member

Posts: 32

6/11/2009 3:28 PM

Good day, all.

I have been browsing and searching mylawson.com and here for two days looking for a simple answer to question for my auditors. We are on LSF9, using LS security, and our auditors hate the reporting functionality that comes with LS Administrator.

They would like a smart note or bursted report to come out every day with changes made to users' roles and classes. Our security implementation is in its toddler stages, so there are still quite a few kinks and SOD issues that I am resolving; but they want to see the changes to check my documentation. We do have LBI, Crystal Embedded XI(and a Bus Obj server that supports a different system but at my disposal), OLE DB, and MS Addins. Which tables should I look for that will give me:

Users
Roles assigned to users
Classes assigned to roles
Changes made to users, classes, and roles.

If what I am asking is impossible, please feel free to share that too so I can tell them to scrap this project .

Thanks in advance!

MattM

Veteran Member

Posts: 82

6/11/2009 3:54 PM

You will need to go against your LDAP for the information you are listing. None of the traditional DB utilities you listed will work for this.

John Henley

Senior Member

Posts: 3348

6/11/2009 4:13 PM

I think you're asking the (nearly) impossible.

First of all, LS is not stored in a database (it's stored in an LDAP container), so
you won't be able to report against it.

There is an "audit" report in LS, that might be sufficient--but it's specific to users (i.e. which users were added), and objects (which objects were accessed), but, as far as I know, doesn't report changes to security setup/rules.

Frank Z

Advanced Member

Posts: 32

6/11/2009 5:13 PM

Matt-

Yes, I can access the data using JXplorer, but I (the auditors, more specifically) would like an automated process to do this.

John-

We are using the audit logging functionality, but LS limits us to 39 users to audit and it is my understanding that running audit all the time can be detrimental. I will stick with your original answer: This is impossible (edited for content).

Thank you guys for the info!

DQ Phan

Basic Member

Posts: 19

6/12/2009 7:31 AM

Hi All,
If i'm not wrong, IBM Tilovi LDAP stores data in DB2, a RDBMS.
In this case, if someone with DB2 knowledge, can login then browse thru all tables / indexes, then with third party tools for RDBMS browsing like Business Objects , you can get all reports you need.
That are my guess, if ever IBM Tivoli uses Oracle, i would do in this way.

Dinh-Qui

John Henley

Senior Member

Posts: 3348

6/12/2009 10:28 AM

Well, good luck with that. Take a look at the DB2 database that TDS uses, and you will see more trouble than it's worth. One way to satisfy the auditors is to just run the security reports and save a copy of them when you make changes. Put them in version control, and hand them ever to the auditor. You will never hear from them again ;)

mark.cook

Veteran Member

Posts: 444

6/15/2009 2:20 PM

We contracted with a consulting group (AVAAP) that built a reporting tool and LBI dashboard around LS security reporting. It was a great buy and really helped with the Audit and made reporting of this easy.

John Henley

Senior Member

Posts: 3348

6/15/2009 3:11 PM

Very interesting. What types of info does it provide, and what was the cost?

mark.cook

Veteran Member

Posts: 444

6/24/2009 12:58 PM

Avaap developed the Security Dashboard as a turnkey solution specifically for the purpose of audit reports, segregation of duties and general LS reporting. Out of the box it provides great value and can be implemented in just 1 day. It is working great for us and I am sure they would give you a free demo if you contacted them (http://www.avaap.com/contactUs.php ). Some of the key features include:

• View standard and custom reports based on user names, user id’s, form codes, business function, security class or role
• Easy to Access and Use security reporting from the Web (LBI, Crystal Reports or Lawson Portal)
• Export security and access reporting to Excel, PDF or Word for further analysis or presentation
• Easy to install and configure (1 day)

jrbledsoe001

Veteran Member

Posts: 91

7/25/2009 8:40 PM

Hi, I'm new to LawsonGuru. I can certainly share your pain regarding reports and Lawson Security. I just started using LDAP a few months ago. A consultant used the LDAP browser to extract information from LDAP. I used a tool called Monarch to crunch the data. I tried to hook Crystal up to LDAP but could not get the connection string correct. Recently we upgraded to the latest greatest Security Administrator and now I can write more meaningful queries. The output is limited and I still have to crunch the data to get it into a format that end users can use. I attended a Lawson ask the expert session where David Tashima used the PF Integrator to run LDAP queries. My customer does not have the PF Integrator so I can not use that tool. Please share if you have found any tricks to extracting data from LDAP.