oracle projects suite- security options (a security journey from forms to html) timothy cronin...

Oracle Projects Suite- Security Options (A

security journey from Forms to HTML)

Timothy Cronin

Cronin Business Solutions

Agenda…• Introduction to the Oracle Projects Suite• Forms versus HTML• Elements of PA Security

– Functions– Menus– Responsibilities– Multi Org/HR Security– PA Profile Options– User Profile Security

• Configuration Considerations• Quick Reference Configuration Guide

– Project Access Control– Organizational Authority– Role Based Security– Security Extension– MS Project Security– Personalizations

Security Options Matrix…

Walking the line, the Projects line…

Introduction to the Oracle Projects suite

History of Oracle Applications…

1984 19861987

199019931991 19951983

19981985

19881989

1992 1994 19961997 1999

20002001

20022003

20042005

Oracle Founded (Originally named RSI)

Creation of AppsDivision

(Version MPL3) Version9.3 Version

10.7NCA

Version11.5.10

Version10.7 GUI

Version10.4

Version11.03

Version11i

Version10.7

Character

Client/Server HTML Based

e-Business Suite

Version8.6

Project Billing/Costing

Enterprise Project Management

200720082006

Rollup1 to 4

Version12

The Projects Suite…Oracle Projects Intelligence

Oracle Project Foundation

Oracle Project Billing

Oracle Project Costing

Oracle Project Collaboration

Oracle Project Resource

Management

Oracle Project Management

Oracle Project Portfolio Planning

Oracle Project Contracts

Oracle Project Manufacturing

Oracle Timeand Labor Global Project

Repository

HTML versus Forms

Self Service Web Applications vs. Professional Forms

HTML vs. Forms…• Oracle is migrating away from Forms towards HTML• Oracle Projects suite is on the leading edge• A significant % of the Oracle Projects suite is now in

HTML– In many cases, a function can be performed in both Forms

and HTML

• Security features are sometimes related to either HTML or Forms

HTML vs. Forms…• Some modules are primarily designed for

HTML others for Forms

HTML vs. Forms…• Selected functionality by HTML or Forms

HTML vs. Forms…

• Project creation is HTML and Forms:

Function Security

Function Security…Function Security• Function security controls user access to

Oracle Projects functions• Functions are assigned to Menus

– Thus providing access to specific functionality in PA

• Managed via System Administrator

Function Security…• Functions control access to most features within PA• Examples include:

– Ability to see a button– Ability to baseline a workplan– Ability to view cost rates– Ability to update progress– Etc…

Menu Security

Menu Security…

Menu Security• Build from either other

menus or functions• Grant access to specific

PA functionality• Menus are assigned to

either Responsibilities or Roles

• Managed via System Administrator

Function and Menu Security…

• Steps to create a function loaded menu1. Navigate to System Administrator- Menu

2. Either create a new menu or query an existing menu

3. Add/Remove Functions as necessary

Responsibility Based Security

Responsibility Based Security…

• A user’s logon determines what a user can do within Oracle• Configured and managed in System Administrator

Responsibility Based Security…

• Responsibilities contain the following attributes:– Menu– Request Group– Function and Menu

Exclusions

Responsibility Based Security…

• HTML versus Forms differences…

Responsibility Based Security…

• HTML versus Forms responsibilities…

Responsibility Based Security…

• The Oracle Projects Suite contains the following predefined responsibilities:– HTML Based

• Project Super User• Project Manager• Project Administrator• Resource Manager• Staffing Manager• Operations Manager • Team Member

– Forms Based• Project Costing Super User• Project Billing Super User• Projects Implementation Super User• Project Manager (Non-HTML)

Responsibility Based Security…

• Steps to create a responsibility1. Navigate to System Administrator – Responsibilities

2. Enter name

3. Assign Application

4. Determine: Forms vs HTML

5. Assign Menu

6. Assign Request Group

7. Enter any function or menu exclusions

Multi Organization and HR Security

MO and HR Security…• The responsibility is the primary means of

defining security

• All Oracle Applications users access the system through a responsibility that is linked to a security profile

• The security profile determines which records the user can access

MO and HR Security…• Multi Organizational Security can be based

on the following hierarchy:

Set of Books

Business Group

Operating Unit

Organizations

HR: Cross Business Group…

• HR: Cross Business Group Profile option:

– Allows partial visibility of information across business groups

Security Profile…• Oracle Human Resources Security Profile • Enables data to be secured in a variety of ways including:

– Organization level

– Operating unit level

MO Operating Unit…• If the Security Profile calls for operating unit security:

– Operating Unit is determined using the operating unit specified in the MO: Operating Unit profile option

• Allow or restrict access by operating unit

MO Security Profile…

• Security for applications that use organizations and organization hierarchies in their business views

• Create a security profile and then assign to the site or application level

Levels for setting Profile Options…

Site

Application

Responsibility

User

Defaulting Order Order of Precedence

MO Security…

• Steps to configure MO Security1. Navigate to Human Resources- Security Profiles

2. Either create a new security profile or update an existing profile

3. Navigate to System Administrator – Profile System Values

4. Enter appropriate values for:– HR: Cross Business Group– MO: Operating Unit– MO: Security Profile

PA Profile Options

PA Profile Options…• The following profile options provide an

additional level of security for a responsibility

– PA: Cross Project User – Update– PA: Cross Project User – View– PA: View All Project Resources– PJI: Organizational Security Profile

PA: Cross Project User – Update…

• This profile provides update all projects access

• Applies to all operating units where the MO: Operating Unit profile option is enabled

PA: Cross Project User – View…

• This profile provides view all projects access• The default is set to “Yes”

PA: View All Project Resources…

• This profile enables users to view all resources in Oracle Projects and perform resource-related functions, as granted by their responsibilities.

PJI: Organizational Security Profile…

• Used to provide security access to Project Intelligence

• Based on the Security Profile

PA Profile Options…• Steps to define the PA Profile Options

1. Navigate to System Admin- Profile System Values

2. Query each of the following profiles an update as necessary• PA: Cross Project User – Update• PA: Cross Project User – View• PA: View All Project Resources• PJI: Organizational Security Profile

Personal Profile Values

User Profiles…

• Users have limited ability to modify specific profile options

• Accomplished via the Personal Profile Values form

User Profiles…• Steps to update a User Profile

1. Navigate to the appropriate responsibility; (Example: Project Billing Super User- Other - Profile

2. Query the values for the user

3. Update the profile with the appropriate values

Project Access Control

Project Access Level…

• Project Access Levels allow control of who can search and view specific projects

• There are two access levels for projects:– Secured: Users need role or organizational

access to view the project– Enterprise: Project can be viewed by any user in

your enterprise regardless of their role

Project Access Level…

• The project access level is assigned via HTML

• The UPG: Update Project Access Level concurrent process to update the access levels of several projects at once

Project Access Level…

• Steps to enable Project Level Access1. Navigate to Project Super User

2. Query a Project or Template

3. Set the access level to either:• Enterprise• Secured

Organizational Authority

Organizational Authority…

• Access for users at an organizational level

• Users with Organizational based security do not need roles

• Each individual organization must be assigned to the user

Organizational Authority…

• Organization based security provides the following organizational authorities:– Project Authority: Perform Project Manager functions on

all projects in the organization– Resource Authority: View and update resource

information for all resources in the organization– Utilization Authority: Calculate and view utilization for all

resources in the organization– Forecast Authority: Generate and view forecast

information for all projects in an organization

Organizational Authority…

• Steps to enable Organizational Based Security1. Navigate to Project Billing Super User – Organizational

Authority

2. Enter the name of the user that needs organizational access

3. Enter the organizations the user should see

4. Set the users authority for each Organization by checking the authority check boxes

Role Based Security

Role Based Security…

• Role based security controls access based on the role the user plays on a project

• Access for a user can be different on each project

• Role based security overrides responsibility based security for individual users

• Provides additional features for specific modules such as Resource MGT and Contracts

Role Based Security…

• Role Based Security assigns menus to roles – Menus with roles are considered secured roles– Unsecured roles use the Responsibility to determine project

access

• Menus are build from:– Functions– Sub-menus– Etc...

Roles– Controls Tab…

• Controls grant access to specific features including:– Allow Scheduling– Allow as a Task Member– Allow labor Cost Query– Allow as a Contract

Member– Allow as a Project

Member

Role Lists…• Role lists to categorize

roles into logical groupings

• For example, you may have a role list called Consulting to which all roles relating to consulting are assigned.

Roles– Role Lists Tab…• The role lists to

which you want the role assigned

Roles– Jobs Tab• Project roles are the templates for

creating resource requirements

• For each project role, enter the default for job information for resource requirements created based on the role

• Job levels are used for requirements search, and job groups and jobs drive forecasting

Roles- Competencies Tab

• Project roles are the templates for creating resource requirements

• For each project role, enter the default competency information used on resource requirements

• Competencies are used for requirements search

Roles- Project Status

• Provides an additional level of security based on Project Status

• Example: Allows a user to change classifications in unapproved status, but not in approved status

Roles- Access Rules

• Provides the set default access levels for Project Contracts

• Any person associated with this role will inherit these default settings

Role Based Security…

• After the role has been created

• Assign a user as a key member/team member to the project

• Note that key members/team members can be established in both:– Forms– HTML

Role Based Security…• Steps to enable Role Based Security

1. Navigate to Project Billing Super User- Setup- Project Roles

2. Create a new role• Create Name• Assign Menu for Role based security• Enter appropriate controls• Enter further information:

– Role Lists– Jobs– Competencies– Project Status

3. Assign users to the roles in either HTML or Forms

Security Extension

Security Extensions…

• The Project Security extension allows customized business rules for project and labor cost security

• Only applies to non-HTML architecture• Examples:

– Responsibilities can view or update only capital projects

– Use a DFF to define access to a project

Security Extensions…

• Steps to create a Security Extension1. Define your requirement

2. Update the body and package respectively• Body: PAPSECXB.pls• Package: pa_security_extn

3. Test the extension

4. “Go Live” with the extension

Microsoft Project Security

MS Project Security

• The Oracle Projects suite provides standard integration with MS Project

• Role Based Security is honored by the MS Project Interface

• For example, we have the ability to restrict rates from interfacing to MS Project based on project role assignments

MS Project Security

This data may be controlled includes:– Person ID– Job ID– Organization ID– Organization Name– Standard Rate– Overtime Rate– Cost Per Use Rate

MS Project Security

Steps to enable MS Project Security:

• Update the PA_AMG_RESOURCE_INFO_V

• Any column value that receives a “Y” indicates that MS Project integration will receive the column

• The default value is “N”

Personalizations

Personalizations…

• Provide the ability to modify specific HTML features

• The forms can be personalized at the following levels:– Responsibility– Organization– Site

Personalizations…• Determine the HTML screen that you would like to

modify. • Click on the Personalize Page Link• Examples of modifications that are possible include:

– Reorder a view– Create a button – Add a column– Etc

Personalizations…

• After enabling the following Personalize profile option, a HTML user will have access to the personalize features :– Personalize Self-Service Defn = “Yes“

Navigate to the HTML form that needs modification

Click Personalize

Enter the Personalization Page

Find the Personalization and click the edit pencil

Determine where the personalization should be applied: Site, Org, Responsibility

Scroll down to the “Rendered” row- Set the value to False

Return to the Application and notice that the personalization…

Before After

Personalizations…• Steps to enable Personalizations

1. Set the “Personalize Self-Service Defn” profile option = “Yes“

2. Determine where a Personalization is necessary

3. Click the Personalize Page Link

4. Make the appropriate Personalization

5. Assign the personalization to any of the following:• Responsibility

• Organization

• Site

6. Save Changes

Configuration Considerations

Configuration Considerations…• Spend time to understand the range of security

options within the Oracle Projects Suite• Understand your user requirement

– Who will use Oracle Projects– What information they require– How they use it

• Limit the number of roles to a manageable level• Recognize that Oracle provides multiple ways to

achieve a security objective

Configuration Considerations…

• Develop a security matrix document that supports configuration, audit and ongoing maintenance

• When building and testing menus based on role based security, it is recommended to have access to bounce the Apache Server– Changes/updates will not immediately appear

unless Apache is bounced

Quick Reference Configuration Guide

Security Options Matrix…

Projects Security Summary…

Reference Material…• Metalink• User and Implementation Guides

– Daily Business Intelligence Implementation Guide– Human Resources User Guide– Projects Implementation Guide– Projects Fundamentals User Guide – Project Management User Guide– Resource Management User Guide– Project Management User Guide– Project Contracts User Guide– Project Contracts Implementation Guide– Projects API, Client Extensions, Open Interfaces

Function and Menu Security…

• Steps to create a function loaded menu1. Navigate to System Administrator- Menu

2. Either create a new menu or query an existing menu

3. Add/Remove Functions as necessary

Responsibility Based Security…

• Steps to create a responsibility1. Navigate to System Administrator – Responsibilities

2. Enter name

3. Assign Application

4. Determine: Forms vs HTML

5. Assign Menu

6. Assign Request Group

7. Enter any function or menu exclusions

MO Security…

• Steps to configure MO Security1. Navigate to Human Resources- Security Profiles

2. Either create a new security profile or update an existing profile

3. Navigate to System Administrator – Profile System Values

4. Enter appropriate values for:– HR: Cross Business Group– MO: Operating Unit– MO: Security Profile

PA Profile Options…• Steps to define the PA Profile Options

1. Navigate to System Admin- Profile System Values

2. Query each of the following profiles an update as necessary• PA: Cross Project User – Update• PA: Cross Project User – View• PA: View All Project Resources• PJI: Organizational Security Profile

User Profiles…• Steps to update a User Profile

1. Navigate to the appropriate responsibility; (Example: Project Billing Super User- Other - Profile

2. Query the values for the user

3. Update the profile with the appropriate values

Project Access Level…

• Steps to enable Project Level Access1. Navigate to Project Super User

2. Query a Project or Template

3. Set the access level to either:• Enterprise• Secured

Organizational Authority…

• Steps to enable Organizational Based Security1. Navigate to Project Billing Super User – Organizational

Authority

2. Enter the name of the user that needs organizational access

3. Enter the organizations the user should see

4. Set the users authority for each Organization by checking the authority check boxes

Role Based Security…• Steps to enable Role Based Security

1. Navigate to Project Billing Super User- Setup- Project Roles

2. Create a new role• Create Name• Assign Menu for Role based security• Enter appropriate controls• Enter further information:

– Role Lists– Jobs– Competencies– Project Status

3. Assign users to the roles in either HTML or Forms

Security Extensions…

• Steps to create a Security Extension1. Define your requirement

2. Update the body and package respectively• Body: PAPSECXB.pls• Package: pa_security_extn

3. Test the extension

4. “Go Live” with the extension

MS Project Security…

Steps to enable MS Project Security:

• Update the PA_AMG_RESOURCE_INFO_V

• Any column value that receives a “Y” indicates that MS Project integration will receive the column

• The default value is “N”

Personalizations…• Steps to enable Personalizations

1. Set the “Personalize Self-Service Defn” profile option = “Yes“

2. Determine where a Personalization is necessary

3. Click the Personalize Page Link

4. Make the appropriate Personalization

5. Assign the personalization to any of the following:• Responsibility

• Organization

• Site

6. Save Changes

Where to find more information…

• Timothy Cronin, President

www.CroninINC.comtcronin@CroninINC.com

954.243.3101

• Experts in the Oracle Projects Suite

Oracle Project Costing…

• Create Projects from templates

• Integrate with multiple sources

• Manage cost via a WBS

• Track cost against budget

• Burden/Allocate/Transfer Cost

• View Commitments

• Drill Down features

• Capitalize Assets

• Generate Accounting

CollectModifyReport

GL

FA

3rd Party Apps

Cash Management

PO

T&Li-Expense

AP

Inventory

Cost Inputs Cost OutputsOracle Project Costing

Oracle Project Billing…

• Track agreements / Fund Projects

• Manage Revenue Budgets

• Generate Invoices • Generate Revenue

• Supports the following billing/revenue methods:

–T&M–% Spent–% Complete–Events–Custom methods

Oracle Project BillingFunding /

Agreements

Revenue Budgets and Forecasts

Generate Revenue

Generate Invoices

Interproject/

Interorg

BillingGenerate

AutoAccounting

Oracle Project Management…

• Create, manage and version workplans• Track progress against plan• Integrate with MS Project• Create budgets / forecasts to completion• Provide real time project overview via HTML

• Manage issues at a project or task level

• View Gantt charts• Create work plan dependencies • Manage change orders

Oracle Project Management

Integrate withMS Project

ManageWorkplans

ManageBudgets

Forecasts

Assign taskweighing

View GanttCharts

HTML Portal /

Dashboard

Oracle Project Collaboration…

• Provides a secure collaborative workspace• Visibility to assigned tasks, issues and deliverables• Single document repository with versioning capabilities• Related to Oracle Project Management

Oracle Project Collaboration

CollaborativeWorkspace

Visibility to tasks, issues and deliverables

SecureHTML

Document Versioning

Oracle Resource Management…

• Track resources and availability • Nominate / Assign resources to a

project• Search for open requirements• Generate financial forecasts

• Used by all members of your project based organization

• Calculate organization / resource utilization

• Managing team schedules

Oracle Project Resource

Management

Supports the following functions:•Project Managers •Resource Mangers •Staffing Managers

Calculate Utilization

Manage team schedules

Track resources and availability

Nominate and assign resources to a project

GenerateForecasts

Oracle Project Contracts…

• Provides the ability to manage complex contracts• Provides role based security• Supports the ability to track and manage customer:

– Deliverables– Contract Line Items

• Workflow Based Contract Management

Manage Contractual

Obligations

Manage Relationships

between customers

Contract Authoring Tool

Deliverable

Tracking

Oracle Project Contracts

Oracle Project Intelligence…

• Provides Project based operational and financial metrics, reporting and analytics

• Provides role based security• Drill down to transactions• Dashborad and KPI’s• Manage by exception

Operation and Financial Project

Metrics

Real time

On-line reporting

Prepackaged

Reports

Dashboard

And KPI

tools

Oracle Project Intelligence

Oracle Project Portfolio Planning…

• Release Date: May 2005• Evaluate, analyze, prioritize potential projects• Establish common metrics for potential projects

– NPV, ROI, strategic or financial fit• Score and rank projects• Create and compare “What if” scenarios

Oracle Project Portfolio Planning

Score and Rank

Projects

“What if” Scenarios

EstablishCommonMetrics

Evaluate & Analyze Projects