1. REMINDER
Check in on the
COLLABORATE mobile app
Multi-Project Security Exception
Reports
Prepared by:
Robert C Monks, PMP
President & CEO
Monks Project Solutions
Keeping Your Users Happy and Your
Data Safe
Session ID#: 15463
2. Abstract
■ Managing project security permissions in PCM can be a
daunting task, and the software doesn't make it any
easier. This presentation shows how custom reports can
be used to audit user security, if you administer a PCM
solution. Solutions will be demonstrated using both
InfoMaker and BI Publisher making the content valuable
to a wide audience of PCM administrators. Participants
will be offered the opportunity to receive the reports
demonstrated.
3. Presenting Today
■ Robert Monks
▪ Project Management Institute, Project Management Professional
▪ Oracle University Certified P6 and PCM Instructor
▪ Oracle Certified P6 Implementation Consultant
▪ Oracle Certified PCM Implementation Consultant
▪ FAA Certificated Commercial Pilot, Instrument Airplane
▪ FAA Certificated Instrument Flight Instructor
▪ Father of two amazing daughters (Mary, 24 and Emily, 22)
▪ Husband of an amazing wife of 25 years (Cate)
▪ President & CEO of Monks Project Solutions
4. Monks Project Solutions
■ Oracle Gold Partner
■ Established in 1985
■ Primavera Partner since 1987
■ Located in Denver, Colorado
■ Providing value driven, sustainable organizational change
▪ Aligning people, process and technology
11. Access Templates
■ Contain permissions for modules
■ Process permissions
■ Approval authority and monetary limits
12. User Accounts
■ Are assigned a company abbreviation and initials
■ Are assigned user level access privileges
■ Are assigned access templates
■ Are assigned projects using an associated access template
13. Projects
■ Have a project administrator assigned
■ Have users with access rights from an access template
■ Can have user access permissions which differ from the
applied access template
■ Can further restrict a user’s access by company abbreviation
15. Project Security Exposure Points
■ Incorrect access template assigned to project
■ Project access rights not aligned with access template
▪ Access template changed, but not reapplied to all project
assignments
▪ Access rights subsequently modified for a user on one or more
individual projects
■ Failure to assign company restrictions after assigning project
and template in PCM Administration module
■ Mismatch between company abbreviation in user account
and company restriction assigned at project
■ Project administrators gone wild
16. Requirements to Manage Project Security
■ We need to know what users are assigned to what projects
and which access templates users are assigned
■ We need to know what privileges each access template
confers upon a user
■ We need to know which project access privileges differ from
the assigned privileges from the access template
18. Standard Security Reports Available in PCM
■ Details Security Report (r_sec_login_group_report_01)
■ Security Access Report (r_sec_access_report_01)
19. Standard Security Reports Available in PCM
(cont.)
■ Details Security Report (r_sec_login_group_report_01)
▪ Accessed from the PCM Administration module
▪ Reports on all projects assigned to a user
▪ Does NOT show the access template used
▪ Shows NOTHING about the access granted to the project
21. Standard Security Reports Available in PCM
(cont.)
■ Security Access Report (r_sec_access_report_01)
▪ Accessed from the PCM Projects module
▪ Reports on all rights granted to each user on a project
▪ Prints one page per user per project
▪ Single Project Report therefore, must be run for each project
▪ Provides no easy way to compare project rights versus access
template rights
25. Improved Details Security Report
■ Modified existing report’s Data Model to include
▪ Security table
▪ User_Projects table
■ Added group_name field to SELECT statement
▪ aliased as template_name
■ Added template_name to existing report body
27. What Did We Change?
■ Original Data Model
SELECT LOGIN_NAME,
SECURITY_VIEW.GROUP_NAME,
SECURITY_VIEW.PROJECT_NAME,
GROUP_PROJECTS.PROJECT_TITLE
FROM SECURITY_VIEW,
GROUP_PROJECTS
WHERE SECURITY_VIEW.USER_NAME = :USER_NAME
AND GROUP_PROJECTS.project_name =
SECURITY_VIEW.PROJECT_NAME
ORDER BY LOGIN_NAME
28. What Did We Change?
■ Revised Data Model
SELECT V.LOGIN_NAME, V.GROUP_NAME, V.PROJECT_NAME, G.PROJECT_TITLE,
s.group_name AS template_name
FROM SECURITY_VIEW as V, GROUP_PROJECTS as G,
SECURITY as s,
USER_PROJECTS as u
WHERE V.USER_NAME = ‘:USER_NAME AND G.project_name = V.PROJECT_NAME
AND G.group_name = V.group_name
AND u.group_project_key = v.group_name + '_' + v.project_name
AND u.user_name = v.user_name
AND u.template_key = s.master_key
ORDER BY V.LOGIN_NAME
29. New Template Access Report
r_template_access_report_01
■ Modeled from Security Access Report
▪ Copied Report and Data Model
▪ Changed Data Model to select Template rows, not Project rows
■ Original Report used SECURITY_VIEW
■ Revised Report uses SECURITY
■ Original Report was project specific and linked users to
projects
■ Revised report selects
▪ WHERE is_template = 1
31. New Template Project Differences Report
■ New report, entirely build from scratch
■ Links each user’s project permissions back to the current
template definition assigned to that project and reports any
discrepancies
▪ Checks every module’s permissions
▪ Checks every processes permission
▪ Checks approval permissions and monetary limits
■ Reports any assignment whose template begins with “Ext-”
and doesn’t have a company restriction
▪ This implements a “Best Practice” for beginning all templates for
external users with “Ext-” and all templates for internal users
with an “Int-”
▪ May be disabled if this isn’t applicable to your situation
32. New Template Project Differences Report
(cont.)
■ Does not attempt to identify the discrepancy—merely reports
on it.
33. Use Cases for the New Template Project
Differences Report
■ Useful for identifying cases where an access template has
been modified and needs to be pushed out to users
▪ This is the Update Users feature in PCM 14.x
▪ Must be accomplished manually in PCM 13.1
■ Useful for identifying cases where a user’s assignment has
been modified subsequently so that it no longer matches the
standard template
■ Useful for identifying cases where a user (by virtue of his
access template) should be restricted by company, but isn’t
■ Useful for identifying a disconnect between the user’s
company abbreviation in his or her user account and the
company restriction abbreviation in an individual project
security assignment
35. Template/Project Security Differences Report
(cont.)
■ Multi-Project Report
■ Does NOT observe PCM Project Security
▪ Will report on project exceptions—even if the user doesn’t have
rights to see those projects
▪ This seems a minor security risk, but judge for yourself
36. Have We Satisfied Our Defined
Requirements to Manage Project Security?
☑ We need to know what
users are assigned to what
projects and which access
templates users are
assigned
☑ We need to know what
privileges each access
template confers upon a
user
☑ We need to know which
project access privileges
differ from the assigned
privileges from the access
template
38. Can We Apply to Other Areas of PCM?
■ Consistency and uniformity
are desirable in database
applications
■ Exception reports help
identify deviations from
standards
▪ Non-standard data
▪ Missing data
39. Create Multi-Project Exception Reports
■ Companies missing
▪ A Key Contact
▪ A Tax ID Number
■ Contacts missing
▪ Email address
▪ Mobile phone number
▪ Address information
■ Unapproved
▪ Budgeted Contracts
▪ Committed Contracts
▪ Purchase Orders
▪ Change Orders
■ Malformed Cost Codes
41. Please complete the session
evaluation
We appreciate your feedback and insight
Session ID#: 15463
You may complete the session evaluation either
on paper or online via the mobile app