infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
Operating System User Accounts and Infor Lawson 10
Robert Canham
We are planning an upgrade to Infor Lawson S3 10 starting this fall. One of the features that was noted was the removal of LAUA security completely. This part isn't of concern since we are already on Lawson Security. However, in the current LSF9 environment, we still need to have an Operating System account attached to the law9 identity in Lawson Security.
Does anyone know if the operating system accounts are still necessary? Our auditor wants us to implement password policy, but if we can get rid of the account completely, that would be the best option. We run Lawson on AIX 7.
Find more posts tagged with
Comments
Legacy Contributor
You can setup a Privileged Identity called "ONLINE" to eliminate the need for the OSID. We have actually done that now on LSF9. Just have to create a generic user ID for that purpose on the OS, then run loadusers -g domainusername. The OSID for the users can then be removed and it will use this new account instead.
It's our understanding that LID users still need an LAUA account, so they would still need the OSID. I heard that Lawson was going to fix that somehow, but haven't heard anything.
lbecker
Unix O/S accounts are needed to run batch jobs because the processes and files need an Unix owner. The owner is the Unix account attached to the person that submitted the job.
For users that don't run reports in the job scheduler, a Unix account isn't needed.
The auditor can have the toughest Unix password policy he can imagine, because the users never need to login, anyway. We have only 2 business users who login to Unix. This is to transmit files to the server, such as the FBUDGETREL interface file. Other than those two, all the lawson business user accounts are locked. They can't login to Unix under any circumstances.
Robert Canham
What about running batch programs audit records? Does the priviledged identity cover that as well?
Robert Canham
Thank you Vince, that is extremely helpful. We also have a few people who log in to transfer files. Did you just train them how to log in and change their password?
Legacy Contributor
You can also setup a priviliged ID called BATCH for job users. This has a few more steps, I believe there was an instruction on it in the RM Admin guide. We always had to use that usersatts Password resetter before, and this new pirv ID has worked well.
We are Windows platform here, so not sure on Unix/Linux side, may be some differences, or maybe not supported.
Also not sure on the transfer, but I would think they could use the
http://server/sso/useratts.htm
to manage the PW themselves OK.
lbecker
I suggest the users use "WinSCP" as the windows client program.
Unix is supposed to prompt you when the password has expired. The users wait until they get prompted before changing, or else request a password reset, which will force another prompting to change it.
0911060553270289.pdf
Hans Mueller
I think others have chimed in, but there is really no difference between 9 and 10 with regard to your question. OS Accounts are still required for users running batch or report programs.
From the guide...
The user must have a unique OS ID that will be linked to the Lawson RM ID.
Hans Mueller
With regard to your question about changing passwords, why not just link your OS IDs to an LDAP repository so that passwords could be just maintained in one place?
Legacy Contributor
I caught this statement in an earlier posting:
"It's our understanding that LID users still need an LAUA account, so they would still need the OSID. I heard that Lawson was going to fix that somehow, but haven't heard anything."
Let me say, that regular users of Lawson/Infor, should not be using LID at all to do things such as bring up forms, run batch jobs, etc. They should use Workspace/Portal.
Many of you may not know that in v10.0.x (at least in 10.0.2) that you actually can bring up forms in LID. Thought LID was "going away" in v10 for 'regular users'?? Well they brought it back, for debugging purposes is what I understand, but not for day to day purposes. But regular users should not use it, because again, there is no LAUA security in V10. And, LS Security only works for WORKSPACE/PORTAL. It does not work for LID.
Legacy Contributor
I haven't seen 10 yet but my understanding was that LID was no longer supported for regular users - not that it was "going away." Only LAUA security is going away.
Legacy Contributor
Many clients and users I've spoke with have the impression that it "goes away" because they've been told it's no longer supported, it's no longer used BY REGULAR USERS and that since LAUA is no longer in v10, they shouldn't be using LID. Yes we know that LID is still there for system admins, but again, it really does "go away" from the stand point that users are being trained or should be trained to use workspace/portal instead in V10.
VID019_SASTZ Setup_and how to Bind to a Dropdown, part of a User and a LU.zip
sriman-shivakoti
Is workspace now rebranded as min.gle?
Hans Mueller
Yes...
Workspace is now Infor Ming.le Foundation (free). Infor Ming.le Enterprise is a paid for upgrade that incorporates a lot more functionality built on ION. The Workspace name is being phased out.
Legacy Contributor
Hans, is there a place where we can review the functionality enhancements that Ming.le Enterprise offers. As we plan for version 10 and have budgets to submit for well in advance, understanding the long term impacts to our decisions is key.
thanks
Ford GTL.pdf
Important Links
Community Hubs
Discussion Forums
Groups
Community News
Popular Tags
ION Connect
ION Workflow
ION API Gateway
Syteline Development
CPQ Discussion Ask a Colleague
Infor Data Fabric
Infor Document Management (IDM)
LN Development
API Usage
FAQs, How-To, and Best Practices
