Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
User Experience
Lawson Design Studio
Securing DS in PROD
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
523
Members:
0
Total:
523
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
User Experience
Lawson Design Studio
Securing DS in PROD
Please
login
to post a reply.
8 Replies
0
Subscribed to this topic
12 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
mark.cook
Veteran Member
Posts: 444
12/22/2010 1:14 PM
We are looking at options to install DS in PROD but securing it from the common Lawson users.
To date we have only had it installed in DEV and move the forms to PROD updating the product line,etc as needed.
Has anyone been successful in securing DS in a PROD environment?
David Williams
Veteran Member
Posts: 1127
12/22/2010 1:24 PM
I think you have to secure the URL. I don't think you can secure it through Lawson Security.
mark.cook
Veteran Member
Posts: 444
12/22/2010 3:27 PM
Thanks Davidfor the quick response, We did find a KB article that references securing the URL.
I included that in case anyone else in interested but it sounds like what we see and you are confirming, we have to secure the URL to make it work.
Securing the Lawson Design Studio
Description:
Does Lawson provide a way to secure Design Studio so that only specific users can access it?
Resolution:
No, Lawson does not deliver a mechanism to secure the Design Studio (DS) application. By default, everyone that has access to the Lawson Portal can also access DS. However, an alternative is to grant or deny access by restricting access to the DS URL (
http://hostname/lawson/portal/studio)
or the /lawson/portal/studio directory via your web server.
KK - Infor
Veteran Member
Posts: 61
12/22/2010 4:37 PM
Hello Mark,
Per Lawson's best practices, Design Studio being a customization tool is NOT installed in Production. You develop and test in other environments and migrate the file to PROD.
Roger French
Veteran Member
Posts: 549
12/22/2010 4:44 PM
My take on this is that you should not use or install DS in PROD environment.
But, in the event that you do or need to, you could possibly try securing the URL for DS within IIS (if on Windows), or Apache (if on Unix).
Terry P
Veteran Member
Posts: 234
12/22/2010 10:15 PM
I've brought this up before to Lawson at CUE, with the same response as above. I find it very difficult to believe though with all the security in the system they can't seem to control access to a tool that allows you to make changes by someone with just a little knowledge. Case in point: I switched jobs where I no longer do Design Studio modifications or even have access to most forms. But I KNOW how to get access to make changes if I so desired.
Tell me it can't take that much to add a flag to RM security.
Roger French
Veteran Member
Posts: 549
12/23/2010 2:16 PM
Then you might want to explore having a single, general, login which has access to DS, which is accessible by using a URL - it's a web-based tool (yes we all know that.
)
For example, if you have a login called 'dslogin', and set it up in Sec Admin, it will give you access to DS, as well as Portal. You can further secure login access to Sec Admin, Pflow admin, LBI, RM... so those tools are only accessible to specific logins besides 'dslogin'.
But, when you have other IDs besides 'dslogin' which have access to Portal, etc. those other IDs also have access to DS as well.
Another option (which I have not tried) would be to explore securing the executible for DS on your severs by using groups (Windows or Unix groups) and put the dslogin ID(s) only in that group which has access. (
http://server/lawson/studio)
It's not against the law to have DS in a PROD environment, but it's with caution, because having access to change web files, forms, etc.using DS (for example) in PROD is a no-no to many IT departments, auditors, etc. When you make a customization you do it in DEV or TEST first, then move the files to PROD, and then use the Portal Admin tools to change the PL, etc.,
mark.cook
Veteran Member
Posts: 444
12/23/2010 3:18 PM
Thanks for all the suggestions, We have not installed DS in PROD during the 4 plus years of development here do to exactly what you all have pointed out with the difficulty to secure.
The issue of having pages (not forms) that are developed not changing product lines without manual intervention may still be a better long term solution than opening up DS in PROD.
We will most likely try a few things to secure DS on the server. When we get around to this, I will update this post with results in case anyone else is interested.
Nick
Veteran Member
Posts: 50
1/3/2011 3:58 PM
I believe that Lawson has made some strides in allowing DS to be secured through Lawson Security. I'm not sure which version of the Lawson Administration: Resources and Security guide I'm looking at, but it is under Chapter 22.
It looks like you need to create an executable for FileMgr using tokendef, and then you can create a security class to allow access to it for those users who need it.
Nick
Please
login
to post a reply.