Hi:

My company just completed the Baan distribution module implementation. The IT department created some usernames for our customers as they required. By using those usernames, our customers can log on to certain sessions of our Baan system via the internet.

Our customers have concerns of the BaaN security when access over the internet, and may hire some professional IT auditing companies to conduct an audit on our internet Baan security control.

What do we need to consider for this security control. And what can we say to them to improve their confidence on this. Or could you provide some links that have the Baan internet security control documentations.

I sent inquiries to Baan, and they relied me some PDF files with theories only. While, what I actually need is the detailed steps - what should we perform to pass the audit.

Thanks in advance.

If you could send the pdf docs baan supplied then I can guide you step by step how to achieve what mentioned in the document.

I think the Authorisation matrix should do everything plus if yours is a Unix setup then Sticky bit can stop users accessing $BSE files.
Also user management restictions like no run command.

Customer should be able to run what they are allowed to and database field authorisation should make them happy that no other user can see their information with a different login name.

But I could guide you more from the baan document.

Thanks for your reply.

We are currently running Baan V on Win NT, not Unix. And attached is the PDF file I mentioned in my post.

However, the document is too brief. :(