Prev
Next
Forums Infor / Lawson Platforms S3 Security

LS Reporting

 9 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Frank Z
Advanced Member
Posts: 32
Advanced Member
6/11/2009 3:28 PM

    Good day, all.

    I have been browsing and searching mylawson.com and here for two days looking for a simple answer to question for my auditors.  We are on LSF9, using LS security, and our auditors hate the reporting functionality that comes with LS Administrator. 

    They would like a smart note or bursted report to come out every day with changes made to users' roles and classes.  Our security implementation is in its toddler stages, so there are still quite a few kinks and SOD issues that I am resolving; but they want to see the changes to check my documentation.  We do have LBI, Crystal Embedded XI(and a Bus Obj server that supports a different system but at my disposal), OLE DB, and MS Addins.  Which tables should I look for that will give me:

    • Users
    • Roles assigned to users
    • Classes assigned to roles
    • Changes made to users, classes, and roles.

    If what I am asking is impossible, please feel free to share that too so I can tell them to scrap this project .

    Thanks in advance!

    MattM
    Veteran Member
    Posts: 82
    Veteran Member
    6/11/2009 3:54 PM

      You will need to go against your LDAP for the information you are listing.  None of the traditional DB utilities you listed will work for this.

      John Henley
      Posts: 3353
      6/11/2009 4:13 PM
        I think you're asking the (nearly) impossible.

        First of all, LS is not stored in a database (it's stored in an LDAP container), so
        you won't be able to report against it.

        There is an "audit" report in LS, that might be sufficient--but it's specific to users (i.e. which users were added), and objects (which objects were accessed), but, as far as I know, doesn't report changes to security setup/rules.
        Thanks for using the LawsonGuru.com forums!
        John
        Frank Z
        Advanced Member
        Posts: 32
        Advanced Member
        6/11/2009 5:13 PM

          Matt-

          Yes, I can access the data using JXplorer, but I (the auditors, more specifically) would like an automated process to do this. 

          John-

          We are using the audit logging functionality, but LS limits us to 39 users to audit and it is my understanding that running audit all the time can be detrimental.  I will stick with your original answer:  This is impossible (edited for content).

          Thank you guys for the info!

          DQ Phan
          Basic Member
          Posts: 19
          Basic Member
          6/12/2009 7:31 AM
            Hi All,
            If i'm not wrong, IBM Tilovi LDAP stores data in DB2, a RDBMS.
            In this case, if someone with DB2 knowledge, can login then browse thru all tables / indexes, then with third party tools for RDBMS browsing like Business Objects , you can get all reports you need.
            That are my guess, if ever IBM Tivoli uses Oracle, i would do in this way.

            Dinh-Qui
            John Henley
            Posts: 3353
            6/12/2009 10:28 AM
              Well, good luck with that. Take a look at the DB2 database that TDS uses, and you will see more trouble than it's worth. One way to satisfy the auditors is to just run the security reports and save a copy of them when you make changes. Put them in version control, and hand them ever to the auditor. You will never hear from them again ;)
              Thanks for using the LawsonGuru.com forums!
              John
              mark.cook
              Veteran Member
              Posts: 444
              Veteran Member
              6/15/2009 2:20 PM
                We contracted with a consulting group (AVAAP) that built a reporting tool and LBI dashboard around LS security reporting. It was a great buy and really helped with the Audit and made reporting of this easy.
                John Henley
                Posts: 3353
                6/15/2009 3:11 PM
                  Very interesting. What types of info does it provide, and what was the cost?
                  Thanks for using the LawsonGuru.com forums!
                  John
                  mark.cook
                  Veteran Member
                  Posts: 444
                  Veteran Member
                  6/24/2009 12:58 PM
                    Avaap developed the Security Dashboard as a turnkey solution specifically for the purpose of audit reports, segregation of duties and general LS reporting. Out of the box it provides great value and can be implemented in just 1 day. It is working great for us and I am sure they would give you a free demo if you contacted them (http://www.avaap.com/contactUs.php ). Some of the key features include:

                    • View standard and custom reports based on user names, user id’s, form codes, business function, security class or role
                    • Easy to Access and Use security reporting from the Web (LBI, Crystal Reports or Lawson Portal)
                    • Export security and access reporting to Excel, PDF or Word for further analysis or presentation
                    • Easy to install and configure (1 day)

                    jrbledsoe001
                    Veteran Member
                    Posts: 91
                    Veteran Member
                    7/25/2009 8:40 PM
                      Hi,  I'm new to LawsonGuru.  I can certainly share your pain regarding reports and Lawson Security.  I just started using LDAP a few months ago.  A consultant used the LDAP browser to extract information from LDAP.  I used a tool called Monarch to crunch the data.  I tried to hook Crystal up to LDAP but could not get the connection string correct.  Recently we upgraded to the latest greatest Security Administrator and now I can write more meaningful queries.  The output is limited and I still have to crunch the data to get it into a format that end users can use.  I attended a Lawson ask the expert session where David Tashima used the PF Integrator to run LDAP queries.  My customer does not have the PF Integrator so I can not use that tool.  Please share if you have found any tricks to extracting data from LDAP.