Who owns LS9 Security Maintenance

Sort:
You are not authorized to post a reply.
Author
Messages
Brian Veldhouse
Basic Member
Posts: 9
Basic Member
    Who maintains the LS9 security in your organization?  Does anyone have it maintained by one of the end-users?  If so, is it one person per suite?

    Greg Moeller
    Veteran Member
    Posts: 1498
    Veteran Member
      Brian: What we do here at Genesis Health System is IT handles it. We have an automated process for setting up users (new or re hire) with Employee Self Service... but any other roles has first got to come from the hiring manager. They fill out an access request form, it gets forwarded to IT. From there, if the user needs core access, or etc, me and/or a co-worker deal with it.
      For simple group/role/name changes, I've created a SecuritySubAdmin role which I've granted to a couple of business analysts --- but they are still in the IT department.
      mark.cook
      Veteran Member
      Posts: 444
      Veteran Member
        All security changes happen in IT here at Moffitt. We do not let security out to the end users. It does two things for us, 1.) we can monitor the changes and react when issues arise. Without that, changes would happen in the business area and you are trying to troubleshott an issue without know the change made to security. 2.) it protects the business area during audit. The separation of duties is key to being successful here. If you allow the business area to make changes to security and that opens up the system to the possability of fruad, etc. then auditors will want to close that loop. I would run this discussion by your internal or external auditors before turning over the system to the business area to protect all party's from both perspectives.
        John Desmarais
        Basic Member
        Posts: 18
        Basic Member
          In our IT orginaization we have a group who handles security provisioning (setting up users) and a group that handles Lawson application support and administration (my team). My team maintained the Roles and Classes, the provisoning team assigns them to people. Audit reports are run periodically to verify that this separation is maintained.
          Robert C. Lingle
          New Member
          Posts: 1
          New Member
            Brian: Yes, our security is handled by Super users within other depts and generally by suite, going on 3+ years & we have clean Audits. We have ~ 5,000 employees. The Super user is entirely responsible for their suites design, updates, upgrade testing, new users & troubleshooting existing user issues. I report to the Accounting dept & manage GL, CB, AC & AM. I also cross manage AP. Additionally we have Materials, HR & Payroll. Each suite has a related Lawson IT support person to assist with security or any Lawson issue. This was a big change for our organization given we've been on Lawson 11 years & prior to LSF9, our IT dept handled all Lawson security. Similar to Greg's process, the manager sends an online form to our IT dept but then if Lawson Financial, the request is sent to me. IT sets up the user, I do everything else including creating new roles, security classes, conditional rules & assigning to users. Only if I'm unable to fill the request do I invoke help from our Lawson IT support team however I’m either then updating the system upon their advice or they update & I test it (no changes are made without my knowledge). Procedurally, if I setup a new role or class, I request IT to "secure" it to my view only (each Super user can only see their related roles, classes). Thus I cannot in example give myself HR access.
            You are not authorized to post a reply.