multi project security exception reports - oracle primavera p6 collaborate 14
Post on 14-Apr-2017
296 Views
Preview:
TRANSCRIPT
REMINDER
Check in on the COLLABORATE mobile app
Multi-Project Security Exception Reports
Prepared by: Robert C Monks, PMP President & CEO Monks Project Solutions
Keeping Your Users Happy and Your Data Safe
Session ID#: 15463
Abstract
■ Managing project security permissions in PCM can be a daunting task, and the software doesn't make it any easier. This presentation shows how custom reports can be used to audit user security, if you administer a PCM solution. Solutions will be demonstrated using both InfoMaker and BI Publisher making the content valuable to a wide audience of PCM administrators. Participants will be offered the opportunity to receive the reports demonstrated.
Presenting Today
■ Robert Monks ▪ Project Management Institute, Project Management Professional ▪ Oracle University Certified P6 and PCM Instructor ▪ Oracle Certified P6 Implementation Consultant ▪ Oracle Certified PCM Implementation Consultant ▪ FAA Certificated Commercial Pilot, Instrument Airplane ▪ FAA Certificated Instrument Flight Instructor ▪ Father of two amazing daughters (Mary, 24 and Emily, 22) ▪ Husband of an amazing wife of 25 years (Cate) ▪ President & CEO of Monks Project Solutions
Monks Project Solutions
■ Oracle Gold Partner ■ Established in 1985 ■ Primavera Partner since 1987 ■ Located in Denver, Colorado ■ Providing value driven, sustainable organizational change
▪ Aligning people, process and technology
Security in Primavera Contract Management
Security Overview
■ Access Templates ■ User Settings ■ Project Assignments
PCM Security
PCM Security
PCM Security
PCM Security
Access Templates
■ Contain permissions for modules ■ Process permissions ■ Approval authority and monetary limits
User Accounts
■ Are assigned a company abbreviation and initials ■ Are assigned user level access privileges ■ Are assigned access templates ■ Are assigned projects using an associated access template
Projects
■ Have a project administrator assigned ■ Have users with access rights from an access template ■ Can have user access permissions which differ from the
applied access template ■ Can further restrict a user’s access by company abbreviation
What Could Possibly Go Wrong?
Project Security Exposure Points
■ Incorrect access template assigned to project ■ Project access rights not aligned with access template
▪ Access template changed, but not reapplied to all project assignments
▪ Access rights subsequently modified for a user on one or more individual projects
■ Failure to assign company restrictions after assigning project and template in PCM Administration module
■ Mismatch between company abbreviation in user account and company restriction assigned at project
■ Project administrators gone wild
Requirements to Manage Project Security
■ We need to know what users are assigned to what projects and which access templates users are assigned
■ We need to know what privileges each access template confers upon a user
■ We need to know which project access privileges differ from the assigned privileges from the access template
Security Exception Reports
Standard Security Reports Available in PCM
■ Details Security Report (r_sec_login_group_report_01) ■ Security Access Report (r_sec_access_report_01)
Standard Security Reports Available in PCM (cont.) ■ Details Security Report (r_sec_login_group_report_01)
▪ Accessed from the PCM Administration module ▪ Reports on all projects assigned to a user ▪ Does NOT show the access template used ▪ Shows NOTHING about the access granted to the project
Existing Details Security Report r_sec_login_group_report_01
Standard Security Reports Available in PCM (cont.) ■ Security Access Report (r_sec_access_report_01)
▪ Accessed from the PCM Projects module ▪ Reports on all rights granted to each user on a project ▪ Prints one page per user per project ▪ Single Project Report therefore, must be run for each project ▪ Provides no easy way to compare project rights versus access
template rights
Existing Security Access Report (r_sec_access_report_01)
Existing Security Access Report (r_sec_access_report_01)
So How Did We Improve These Reports?
Improved Details Security Report ■ Modified existing report’s Data Model to include
▪ Security table ▪ User_Projects table
■ Added group_name field to SELECT statement ▪ aliased as template_name
■ Added template_name to existing report body
Improved Details Security Report with linked access template shown
What Did We Change?
■ Original Data Model SELECT LOGIN_NAME,
SECURITY_VIEW.GROUP_NAME,
SECURITY_VIEW.PROJECT_NAME,
GROUP_PROJECTS.PROJECT_TITLE
FROM SECURITY_VIEW,
GROUP_PROJECTS
WHERE SECURITY_VIEW.USER_NAME = :USER_NAME
AND GROUP_PROJECTS.project_name = SECURITY_VIEW.PROJECT_NAME
ORDER BY LOGIN_NAME
What Did We Change?
■ Revised Data Model SELECT V.LOGIN_NAME, V.GROUP_NAME, V.PROJECT_NAME, G.PROJECT_TITLE,
s.group_name AS template_name
FROM SECURITY_VIEW as V, GROUP_PROJECTS as G,
SECURITY as s,
USER_PROJECTS as u
WHERE V.USER_NAME = ‘:USER_NAME AND G.project_name = V.PROJECT_NAME
AND G.group_name = V.group_name
AND u.group_project_key = v.group_name + '_' + v.project_name
AND u.user_name = v.user_name
AND u.template_key = s.master_key
ORDER BY V.LOGIN_NAME
New Template Access Report r_template_access_report_01 ■ Modeled from Security Access Report
▪ Copied Report and Data Model ▪ Changed Data Model to select Template rows, not Project rows
■ Original Report used SECURITY_VIEW ■ Revised Report uses SECURITY ■ Original Report was project specific and linked users to
projects ■ Revised report selects
▪ WHERE is_template = 1
New Details Security Report for Templates
New Template Project Differences Report ■ New report, entirely build from scratch ■ Links each user’s project permissions back to the current
template definition assigned to that project and reports any discrepancies ▪ Checks every module’s permissions ▪ Checks every processes permission ▪ Checks approval permissions and monetary limits
■ Reports any assignment whose template begins with “Ext-” and doesn’t have a company restriction ▪ This implements a “Best Practice” for beginning all templates for
external users with “Ext-” and all templates for internal users with an “Int-”
▪ May be disabled if this isn’t applicable to your situation
New Template Project Differences Report (cont.) ■ Does not attempt to identify the discrepancy—merely reports
on it.
Use Cases for the New Template Project Differences Report ■ Useful for identifying cases where an access template has
been modified and needs to be pushed out to users ▪ This is the Update Users feature in PCM 14.x ▪ Must be accomplished manually in PCM 13.1
■ Useful for identifying cases where a user’s assignment has been modified subsequently so that it no longer matches the standard template
■ Useful for identifying cases where a user (by virtue of his access template) should be restricted by company, but isn’t
■ Useful for identifying a disconnect between the user’s company abbreviation in his or her user account and the company restriction abbreviation in an individual project security assignment
Template/Project Security Differences Report
Template/Project Security Differences Report (cont.) ■ Multi-Project Report ■ Does NOT observe PCM Project Security
▪ Will report on project exceptions—even if the user doesn’t have rights to see those projects
▪ This seems a minor security risk, but judge for yourself
Have We Satisfied Our Defined Requirements to Manage Project Security? ☑ We need to know what
users are assigned to what projects and which access templates users are assigned
☑ We need to know what privileges each access template confers upon a user
☑ We need to know which project access privileges differ from the assigned privileges from the access template
Applying this Concept to Other Areas of PCM
Can We Apply to Other Areas of PCM?
■ Consistency and uniformity are desirable in database applications
■ Exception reports help identify deviations from standards ▪ Non-standard data ▪ Missing data
Create Multi-Project Exception Reports
■ Companies missing ▪ A Key Contact ▪ A Tax ID Number
■ Contacts missing ▪ Email address ▪ Mobile phone number ▪ Address information
■ Unapproved ▪ Budgeted Contracts ▪ Committed Contracts ▪ Purchase Orders ▪ Change Orders
■ Malformed Cost Codes
Questions?
■ Robert Monks ■ Rmonks@monks.com ■ 303-860-8870
Contact Information
Please complete the session evaluation We appreciate your feedback and insight
Session ID#: 15463
You may complete the session evaluation either on paper or online via the mobile app
top related