Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Integration / Customization
S3 Customization/Development
Rights needed in LID for Development Tasks
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
167
Members:
0
Total:
167
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Integration / Customization
S3 Customization/Development
Rights needed in LID for Development Tasks
Please
login
to post a reply.
6 Replies
0
Subscribed to this topic
17 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Woozy
Veteran Member
Posts: 709
7/21/2009 5:55 PM
We are part-way into our implementation, and we will soon be starting our custom development in 4GL. Some of the development will be done in-house, and some will be done by Lawson developers.
Our infrastructure and security folks are (understandably) concerned about giving users unix accounts and rights - particularly offshore developers. However, we know that we will have to use LID to do what needs to be done.
The developers would be happy with full access to everything, while the infrastructure and security folks would prefer no access at all for anyone. We need to find a happy medium that will allow the developers to do their work, but with only the access that they really will need to have.
Our development tasks will include:
Creating new batch (interface) processes
Creating new forms/screens
Creating new tables
Modifying existing form/screens to add PFI triggers and additional functionality
ESS/MSS Mods
PFI development (including DataStage, SQL, XML, etc.)
Can anyone provide me with a document (preferably) or some guidelines around what access is typically required for development tasks?
Is it reasonable to suggest developers need read/write/change/delete rights within $LAWDIR, $GENDIR, and $WINDIR and leave it at that, or are there other areas we'll need as well?
Anything you can share would be helpful. Thanks!
Ben Coonfield
Veteran Member
Posts: 146
7/21/2009 7:35 PM
Can you keep your developers, or most of them, on a test server only? Then security might be more comfortable with the required level of access. If you have test and production on the same box then security is more difficult.
Developers will need access to the directories you named -- but not necessarily write access. With additional effort, you could limit developer write access to certain subdirectories. for example, in LAWDIR/PL/*src, developers will need write access in a development product line, but probably not in production .
John Henley
Posts: 3353
7/21/2009 8:01 PM
They would likely need write access to certain src and metadata folders, access to env utilities, etc. The easiest way to accomplish this, and in addition build your source control procedures, etc. would be to keep them on dev server and have them write detailed deployment instructions. Then put one of your people in the position of deploying/promoting to test and production. Given the scope of the modifications you are anticipating would warrant 3 (dev/test/prod) servers/environments.
Woozy
Veteran Member
Posts: 709
7/21/2009 8:38 PM
Thanks Ben and John. I should have clarified what our landscape looks like. We will have separate Development and Production boxes, and developers will only have rights on the Development box.
On the Development box, we will have 3 product lines: TRN (training), DEV (development), and TEST (testing/functional sandbox). All of the development and unit testing will be done in DEV, and the objects will be moved to TEST for the system/business testing.
On the Production box, we will likely have 2 product lines - VER (Verification) and PROD (Production). Verification will be used to validate the changes on the new box, and Production will be Production.
Deployment and source control discussions are planned, but we are on a Managed Services contract so we know they will be responsible for moving objects from the Dev server to the Production server. Whether they will move the objects between product lines on the same server has not yet been discussed.
Based on our setup, I assume we could limit access to the folders relating to the DEV product line - but I think there are some things that cross product lines. How can we find out what we really need access to? Where are the src, metadata, utilities, etc that we will need to access, and what rights do we need on those folders?
It seems to me that Lawson would have something like this documented, but I sure can't find anything.
Thanks for your thoughts.
John Henley
Posts: 3353
7/21/2009 9:16 PM
Have you looked at using the different options with permsmaint? That--combined with the "LAWDEV" group is probably sufficient.
Ben Coonfield
Veteran Member
Posts: 146
7/22/2009 12:01 PM
permsmaint can be used to implement a security policy, but Lawson doesn't provide much guidence on how to configure it. I have never seen any good documentation on who really needs access to what, especially permissions on files/directories. Lawson provides default settings, but not much explanation.
Having remote developers is one thing, but I personally would feel very uncomfortable having offshore developers moving code to my production server.
Generally, I think that just about everything a developer would need to UPDATE would be product line specific for development activities. But moving code accross product lines or servers requires access to other utilities that I don't think of as part of normal developer access.
Woozy
Veteran Member
Posts: 709
7/22/2009 2:17 PM
I'll point our sysadmin to the permsmaint utility documentation to get him pointed in the right direction. I have noticed that most of the available Lawson documentation (for everything) does a good job of describing what tools/forms/settings are, but there is almost nothing that describes how to USE the tool/form/setting/etc to do what needs to be done. Very odd.
I know none of the developers will be moving anything to Production themselves - Managed services will be responsible for moving everything into production.
Thanks for your help. Hopefully this will get us going in the right direction.
Please
login
to post a reply.