For more slides and tutorials visit www.p6academy.com Source: Collaborate 14

1. REMINDER
Check in on the
COLLABORATE mobile app
Multi-Project Security Exception
Reports
Prepared by:
Robert C Monks, PMP
President & CEO
Monks Project Solutions
Keeping Your Users Happy and Your
Data Safe
Session ID#: 15463

2. Abstract
■ Managing project security permissions in PCM can be a
daunting task, and the software doesn't make it any
easier. This presentation shows how custom reports can
be used to audit user security, if you administer a PCM
solution. Solutions will be demonstrated using both
InfoMaker and BI Publisher making the content valuable
to a wide audience of PCM administrators. Participants
will be offered the opportunity to receive the reports
demonstrated.

3. Presenting Today
■ Robert Monks
▪ Project Management Institute, Project Management Professional
▪ Oracle University Certified P6 and PCM Instructor
▪ Oracle Certified P6 Implementation Consultant
▪ Oracle Certified PCM Implementation Consultant
▪ FAA Certificated Commercial Pilot, Instrument Airplane
▪ FAA Certificated Instrument Flight Instructor
▪ Father of two amazing daughters (Mary, 24 and Emily, 22)
▪ Husband of an amazing wife of 25 years (Cate)
▪ President & CEO of Monks Project Solutions

4. Monks Project Solutions
■ Oracle Gold Partner
■ Established in 1985
■ Primavera Partner since 1987
■ Located in Denver, Colorado
■ Providing value driven, sustainable organizational change
▪ Aligning people, process and technology

5. Security in Primavera Contract
Management

6. Security Overview
■ Access Templates
■ User Settings
■ Project Assignments

7. PCM Security

8. PCM Security

9. PCM Security

10. PCM Security

11. Access Templates
■ Contain permissions for modules
■ Process permissions
■ Approval authority and monetary limits

12. User Accounts
■ Are assigned a company abbreviation and initials
■ Are assigned user level access privileges
■ Are assigned access templates
■ Are assigned projects using an associated access template

13. Projects
■ Have a project administrator assigned
■ Have users with access rights from an access template
■ Can have user access permissions which differ from the
applied access template
■ Can further restrict a user’s access by company abbreviation

14. What Could Possibly Go Wrong?

15. Project Security Exposure Points
■ Incorrect access template assigned to project
■ Project access rights not aligned with access template
▪ Access template changed, but not reapplied to all project
assignments
▪ Access rights subsequently modified for a user on one or more
individual projects
■ Failure to assign company restrictions after assigning project
and template in PCM Administration module
■ Mismatch between company abbreviation in user account
and company restriction assigned at project
■ Project administrators gone wild

16. Requirements to Manage Project Security
■ We need to know what users are assigned to what projects
and which access templates users are assigned
■ We need to know what privileges each access template
confers upon a user
■ We need to know which project access privileges differ from
the assigned privileges from the access template

17. Security Exception Reports

18. Standard Security Reports Available in PCM
■ Details Security Report (r_sec_login_group_report_01)
■ Security Access Report (r_sec_access_report_01)

19. Standard Security Reports Available in PCM
(cont.)
■ Details Security Report (r_sec_login_group_report_01)
▪ Accessed from the PCM Administration module
▪ Reports on all projects assigned to a user
▪ Does NOT show the access template used
▪ Shows NOTHING about the access granted to the project

20. Existing Details Security Report
r_sec_login_group_report_01

21. Standard Security Reports Available in PCM
(cont.)
■ Security Access Report (r_sec_access_report_01)
▪ Accessed from the PCM Projects module
▪ Reports on all rights granted to each user on a project
▪ Prints one page per user per project
▪ Single Project Report therefore, must be run for each project
▪ Provides no easy way to compare project rights versus access
template rights

22. Existing Security Access Report
(r_sec_access_report_01)

23. Existing Security Access Report
(r_sec_access_report_01)

24. So How Did We Improve These Reports?

25. Improved Details Security Report
■ Modified existing report’s Data Model to include
▪ Security table
▪ User_Projects table
■ Added group_name field to SELECT statement
▪ aliased as template_name
■ Added template_name to existing report body

26. Improved Details Security Report
with linked access template shown

27. What Did We Change?
■ Original Data Model
SELECT LOGIN_NAME,
SECURITY_VIEW.GROUP_NAME,
SECURITY_VIEW.PROJECT_NAME,
GROUP_PROJECTS.PROJECT_TITLE
FROM SECURITY_VIEW,
GROUP_PROJECTS
WHERE SECURITY_VIEW.USER_NAME = :USER_NAME
AND GROUP_PROJECTS.project_name =
SECURITY_VIEW.PROJECT_NAME
ORDER BY LOGIN_NAME

28. What Did We Change?
■ Revised Data Model
SELECT V.LOGIN_NAME, V.GROUP_NAME, V.PROJECT_NAME, G.PROJECT_TITLE,
s.group_name AS template_name
FROM SECURITY_VIEW as V, GROUP_PROJECTS as G,
SECURITY as s,
USER_PROJECTS as u
WHERE V.USER_NAME = ‘:USER_NAME AND G.project_name = V.PROJECT_NAME
AND G.group_name = V.group_name
AND u.group_project_key = v.group_name + '_' + v.project_name
AND u.user_name = v.user_name
AND u.template_key = s.master_key
ORDER BY V.LOGIN_NAME

29. New Template Access Report
r_template_access_report_01
■ Modeled from Security Access Report
▪ Copied Report and Data Model
▪ Changed Data Model to select Template rows, not Project rows
■ Original Report used SECURITY_VIEW
■ Revised Report uses SECURITY
■ Original Report was project specific and linked users to
projects
■ Revised report selects
▪ WHERE is_template = 1

30. New Details Security Report for Templates

31. New Template Project Differences Report
■ New report, entirely build from scratch
■ Links each user’s project permissions back to the current
template definition assigned to that project and reports any
discrepancies
▪ Checks every module’s permissions
▪ Checks every processes permission
▪ Checks approval permissions and monetary limits
■ Reports any assignment whose template begins with “Ext-”
and doesn’t have a company restriction
▪ This implements a “Best Practice” for beginning all templates for
external users with “Ext-” and all templates for internal users
with an “Int-”
▪ May be disabled if this isn’t applicable to your situation

32. New Template Project Differences Report
(cont.)
■ Does not attempt to identify the discrepancy—merely reports
on it.

33. Use Cases for the New Template Project
Differences Report
■ Useful for identifying cases where an access template has
been modified and needs to be pushed out to users
▪ This is the Update Users feature in PCM 14.x
▪ Must be accomplished manually in PCM 13.1
■ Useful for identifying cases where a user’s assignment has
been modified subsequently so that it no longer matches the
standard template
■ Useful for identifying cases where a user (by virtue of his
access template) should be restricted by company, but isn’t
■ Useful for identifying a disconnect between the user’s
company abbreviation in his or her user account and the
company restriction abbreviation in an individual project
security assignment

34. Template/Project Security Differences Report

35. Template/Project Security Differences Report
(cont.)
■ Multi-Project Report
■ Does NOT observe PCM Project Security
▪ Will report on project exceptions—even if the user doesn’t have
rights to see those projects
▪ This seems a minor security risk, but judge for yourself

36. Have We Satisfied Our Defined
Requirements to Manage Project Security?
☑ We need to know what
users are assigned to what
projects and which access
templates users are
assigned
☑ We need to know what
privileges each access
template confers upon a
user
☑ We need to know which
project access privileges
differ from the assigned
privileges from the access
template

37. Applying this Concept to Other
Areas of PCM

38. Can We Apply to Other Areas of PCM?
■ Consistency and uniformity
are desirable in database
applications
■ Exception reports help
identify deviations from
standards
▪ Non-standard data
▪ Missing data

39. Create Multi-Project Exception Reports
■ Companies missing
▪ A Key Contact
▪ A Tax ID Number
■ Contacts missing
▪ Email address
▪ Mobile phone number
▪ Address information
■ Unapproved
▪ Budgeted Contracts
▪ Committed Contracts
▪ Purchase Orders
▪ Change Orders
■ Malformed Cost Codes

40. Questions?
■ Robert Monks
■ Rmonks@monks.com
■ 303-860-8870
Contact Information

41. Please complete the session
evaluation
We appreciate your feedback and insight
Session ID#: 15463
You may complete the session evaluation either
on paper or online via the mobile app