infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
"Super User" monitoring
unknown
We have been requested by external financial auditors to monitor any activity on our system including security updates by any one with a high level of access to the system similar to the 'lawson' id. Does anyone do this or have a suggestion for the best way to do this?
Find more posts tagged with
Infor Lawson Technology Group - Discussion
Comments
unknown
Are you on LSF9 security? There is the audit function under Server Management, where you can select users you want to monitor. We don't use this function, as it creates huge logs and have not been forced to do so.
lbecker
Not so much monitoring. If you know how you're being monitored, you can probably find a way to bypass it. Monitoring doesn't help if nobody reviews the logs. There's too much real work to do.
Mostly, we use separation of duties. System and Security Admin's can't use application screens, and business users can't get to system and security screens. We give the auditors screen prints showing various security violation messages or demonstrate that access is restricted.
unknown
Jack Vogel, very good response. I got a chuckle out of the request. If someone has high enough access to require monitoring as the auditors are looking at, and that person wants to do some nefarious skullduggery in the bowels of the beast, the only thing you'll find in the audit log will be the last entry, "Auditing OFF" ! Separation of duties is clearly a better idea.
unknown
Yet again, the lack of reporting from LS comes into question!
Separation/Segregation of duties is a godd idea to review 'Super User' access.
We also run Qtrly reports here, requesting Data Owners to Sign-off Users access to their data; sort of a level below.
We have attempted to use the Audit function previously, and due to the log-file being filled up, the system goes into a wait state.
Anyway - good luck on your reporting.
unknown
We use the AVAAP Security Dashboard to do reporting on users, the SOD is built in functionality that if you choose, you can set up reporting for those with PO20 and AP20 access for example.
You can run reports by user, role, attributes, etc.
It reads the log files as well and can report on the changes. We have rolled out access to our internal auditors who commonly review to make sure we are in compliance.
I know its not a home grown solution but works well for us.
todd-brown
Kind of off topic a little but I am being asked to supply the Lawson authentication log that shows successful and unsuccessful logins? I am not aware of a Lawson log that keeps that info. Am I missing something?
mpientak
There is a security_authen.log file in the system directory. Is this what they are asking for?
unknown
Check out: Infor Lawson Technology Group: Is there a way to document all used screens/forms in Lawson? and Hans' response to
blogs.infor.com/.../user-.html
. Seems if you are on version 9.0.1.11 or higher, there is a user monitoring feature for customers that use ISS. I was just reading up on it in the Infor Lawson System Foundation Release Notes for 9.0.1.12. States that it can
'Tracking of high-level information about users' interaction with the
system (session, connectivity, application modules accessed)'. Hope you find this helpful!
[Updated on 4/17/2015 9:40 AM]
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Popular Tags
Infor Lawson Human Resources Group - Discussion
Infor Lawson Technology Group - Discussion
General Discussions
VISUAL - Enterprise General Discussions
Infor Lawson Supply Chain Management - Discussion
Process Automation (IPA) - General Discussions
Pegasus - Partner General Discussions
Infor Lawson Supply Chain Group - Discussion
Infor Lawson Financials Group - Discussion
Infor EPM Discussions