Hi @All,
Primavera database administration has always been the responsibility of the Project Controls Central team in XYZ Construction for many years.
One Monday morning, an IT Manager suddenly invoked an IT corporate policy prohibiting all non-IT Primavera Users from managing and administering to the database. This effectively say that Central Project Control no longer has full control of the database security access.
P6 Administration role stays under Project Control-Central despite the removal of full administration access and privileges. The removed privileges include the right to add, modify, delete, and put on hold User’s access. It also removed administrative rights to change project and global security profiles.
The degree of control that PC Central has over database security aspects was adversely affected; i.e. including the right to control P6 User’s security profile. The takeover has been in place for about three months as of January 7, 2015, yet it came as a complete surprise.
IT claims that changing to an IT controlled scheduling database is the right thing to do, not to mention that it is inherently theirs by virtue of their generic functions as custodians of all things related to computer application and software. The IT Group believes that they have resources qualified to manage Primavera access security as they do in other applications.
This case study shall attempt to go a layer deeper to the nature, and consequence of this sudden and impending permanent change to P6 Database Administration. Together, we will test the rationale in play, and come up with a conclusion as to whether PC Central should reclaim the lost full administration rights, or unquestioningly give IT the baton so they can carry on with whatever they want done. This brief business case is prepared to reclaim the lost administration rights.
Rufran (010815)
Copyright 2015
3. 010815-Case Study P6 Administration-A View to an IT Takeover Page 3 of 16
ABOUT THE AUTHOR
Rufran is the author of the book Risk-based Management in the World of Threats and
Opportunities: A Project Controls Perspective.
• https://youtu.be/LDESPW6OYkg
• http://www.amazon.com/RUFRAN-C.-FRAGO-PMI-RMP/e/B01055MPYI
• https://www.amazon.com/author/rufrancfrago
4. 010815-Case Study P6 Administration-A View to an IT Takeover Page 4 of 16
For those who are interested, please join Rufran at (click hyperlink) the following sites.
1) LinkedIn Risk-based Management (RBM) Group
https://www.linkedin.com/groups/6575331
2) My Oil Pro
http://oilpro.com/rufran
3) Risk-based Management and Services Inc. Facebook
https://www.facebook.com/RiskBasedManagement/
4) Your World, Our Risk Universe: WordPress
https://rufrancfrago.wordpress.com/tag/rufran-frago/
5) E-Touch Up: A Brand of RBM&S Inc.
https://www.facebook.com/ETouchUp/
6) Author Page: Amazon.com
http://www.amazon.com/RUFRAN-C.-FRAGO-PMI-RMP/e/B01055MPYI
7) LinkedIn Professional Website
https://www.linkedin.com/in/rufranfrago
Other articles authored by Rufran Frago.
1) Schedule Critical path
https://www.linkedin.com/pulse/schedule-critical-path?trk=pulse-det-nav_art
2) Primer to Good Schedule Integration
https://www.linkedin.com/pulse/primer-good-schedule-integration-rufran?trk=pulse-det-
nav_art
3) Project Schedule: P50, Anyone?
https://www.linkedin.com/pulse/project-schedule-p50-anyone-article-rufran-frago-
edmonton-section
4) Schedule Baseline Dilemma Part 1
https://www.linkedin.com/pulse/schedule-baseline-dilemma-part-1-rufran?trk=pulse-det-
nav_art
5) Schedule Baseline Dilemma Part 2
https://www.linkedin.com/pulse/schedule-baseline-dilemma-part-2-rufran?trk=pulse-det-
nav_art
6) 4D Scheduling Part 1: What is it about?
https://www.linkedin.com/pulse/4d-scheduling-my-vista-part-1-rufran?trk=pulse-det-
nav_art
7) Risks as a Function of Time
https://www.linkedin.com/pulse/risk-function-time-rufran-frago-p-eng-pmp-ccp-pmi-
rmp-?trk=pulse-det-nav_art
8) Oil Price, Recession: Causes, Issues and Risks
https://www.linkedin.com/pulse/oil-price-recession-causes-issues-risks-rufran?trk=pulse-
det-nav_art
9) Your World, Our Risk Universe
https://rufrancfrago.wordpress.com/tag/rufrans-blog/
10) Rufran Frago in the Global Risk Community Site
http://globalriskcommunity.com/profile/RUFRANCFRAGO?xg_source=activity
11) and more...
5. 010815-Case Study P6 Administration-A View to an IT Takeover Page 5 of 16
1.0 BACKGROUND
Primavera database administration has always been the responsibility of the Project
Controls Central team in XYZ Construction for many years.
One Monday morning, an IT Manager suddenly invoked an IT corporate policy
prohibiting all non-IT Primavera Users from managing and administering to the database. This
effectively say that Central Project Control no longer has full control of the database security
access.
P6 Administration role stays under Project Control-Central despite the removal of full
administration access and privileges. The removed privileges include the right to add, modify,
delete, and put on hold User’s access. It also removed administrative rights to change project and
global security profiles, It also affected the degree of control PC Central has over database
security aspects, including the right to control P6 User’s security profile. The takeover has been
in place for about three months as of January 7, 2015.
IT claims that changing to an IT controlled scheduling database is the right thing to do,
not to mention that it is inherently theirs by virtue of their generic functions as custodians of all
things related to computer application and software. The IT Group believes that they have
resources qualified to manage Primavera access security as they do in other applications.
Project Controls pushed back vigorously claiming that IS/IT do not have enough
specialized knowledge and appreciation of what is in the database. They do not have their finger
on what needs to be protected, what portfolio, and project strategies are in place, what level of
confidentiality is required by each group nodes, what working relationship exists between project
teams, what degree of criticality is there in the joint venture, and what purpose each schema has
to mention a few.
6. 010815-Case Study P6 Administration-A View to an IT Takeover Page 6 of 16
2.0 OBJECTIVE
This case study shall attempt to go a layer deeper to the nature, and consequence of this
sudden and impending permanent change to P6 Database Administration. Together, we will test
the rationale in play, and come up with a conclusion as to whether PC Central should reclaim the
lost full administration rights, or unquestioningly give IT the baton so they can carry on with
whatever they want done. This brief business case is prepared to reclaim the lost administration
rights.
3.0 PRIMAVERA (P6) ADMINISTRATOR
The Primavera Database Administrator is an essential linking pin in the overall project
organization because he is responsible for developing, and supporting the projects vision,
mission, strategy, and plan. The function is practically a fulltime job considering the scope
although an expert and knowledgeable person with deep cross-sectional knowledge of project
management, risk management, and the Primavera tool can do it as part of his main
responsibility.
The Administrator is instrumental in developing overall risk-based best practices,
concepts, and philosophies that govern the process of project planning and scheduling. Part of his
vital contribution to his company is managing the pool of P6 Users, their corresponding licenses,
access, security profiles, and security matrix. He supervises critical schedule database processes
such as import and export, and EPS/OBS/Responsible Managers alignment.
He supervises super Users, their activities, and their database privileges in accordance to
governing guidelines, standards, procedures, manuals, work instructions, forms, and templates.
He advices project planners and schedulers on many aspect of the planning and scheduling
process such as how to properly create, configure, develop, implement, and align schedules in
their respective schemas.
A P6 Admin makes sure that there is a continuous and sustainable development,
maintenance, review, update, and improvement of existing guidelines, standards, procedures,
manuals, work instructions, forms, and templates. It is not unusual to see him participate in
checkpoint reviews (Gate Reviews) as a subject matter or peer expert to check project
compliance with respect to schedule quality, assumptions, issues, risks, content, level of
7. 010815-Case Study P6 Administration-A View to an IT Takeover Page 7 of 16
definition, achievability, completeness, clarity, fairness, accuracy, and level of integration. Such
exercise is possible only through the special privileges available to the P6 Database
Administrator.
The Administrator develops in-house Primavera training materials and conduct
corresponding training. He educates Primavera users on how to validate project schedules based
on the approved “schedule quality criteria”, orients new Users, issues instructional bulletins or
announcement to communicate threats and opportunities concerning the scheduling process, and
the scheduling environment as a whole.
Other duties include:
• Facilitate and chair the in-house collaboration community
• Manage licenses, access and database
• Manage related applications such as Oracle Primavera Risk Analysis (OPRA
previously PertMaster), Deltek Acumen Fuse, and P6 Auditing Tools
• Create, develop, establish, maintain, and manage a “consistent” Primavera
Enterprise Project Structure.
• Coordinate with project subject matter experts in implementing governing
standard, procedure, manual, and work Instructions
• Lead, spearhead, and manage/coordinate upgrades, trouble-shooting and process
improvements
• Prepare plans and business cases as necessary to improve existing methodologies.
• Review and capture Lessons Learned
• Help set-up and coordinate schedule and portfolio integration
• Resolve technical and functionality issues by pulling together qualified resources
• Point of contact between Users and IT on all major issues concerning the P6
database management
• Update and manage in-house Primavera SMEs
8. 010815-Case Study P6 Administration-A View to an IT Takeover Page 8 of 16
• Get all minor maintenance and troubleshooting P6 issue resolved through the
SMEs rather than automatically going to IS/IT for everything
4.0 IT/IS SUPPORT
The IS/IT Business Adviser is responsible for assisting the PC Central-Primavera
Administrator in the overall management, maintenance, and administration of the Primavera
database. He provides the direction and right technical support required for more complex issues
and/or Service Order for escalation. He is also responsible in mapping and coordinating all future
P6 upgrade.
5.0 DEFINITION
5.1 The term “User” in this document is any project person actively using the Primavera
scheduling tool. He can be the Planner, scheduler, contractor, Project Manager, or
anyone using the P6 database environment.
5.2 This write up is applicable to all Primavera Versions involving a common work
environment using concurrent licenses.
6.0 APPLICATION
Primavera V6.7 (all P6 installation with concurrent work environment)
7.0 ISSUES
The following outstanding issues came about after the sudden IT takeover. They
underline many of the reasons why full administration control needs to come back to PC
Central.
7.1 Issue 1
Simple task of getting access for new Users has taken substantially longer, adding more
works to both the IT Support and the Primavera Administrator. Based on an internal
report of XYZ P6 New User access requests tallied in the last three months (October
2014 to January 2015, the time it takes to gain correct and proper access to requested
projects is a high of 41 days; i.e. including corrections, modifications, & reworks.
9. 010815-Case Study P6 Administration-A View to an IT Takeover Page 9 of 16
Previous to the takeover, the addition of new Users to the scheduling database takes no
longer than half a day, down to as short as an hour or a few minutes once the employee’s
network ID and database group is added by IT Support.
Risks = R1, R2, R3, R4
7.2 Issue 2
Generation of multiple service requests for a simple task of getting P6 access, or
modifying User access. One service request can result from three to a high of eight
service orders (Figure 1). As such, it causes not only confusion, but also wasted time and
effort. Third party IT contractors are paid on a per service order basis. Therefore, it
works for them and works against the client. The value return is not worth the money
spent because of the wasted hours resolving a very simple request.
Risks = R1, R2, R3, R4, R7
7.3 Issue 3
The way IT Support Team processes a request is too simplistic and largely depends on
the request form alone and without in-depth understanding of the need, versus the
current enterprise set up. An IT Support person seldom take enough time to check
deeper, trace the requestor, or validate the request. He will look at the request in a
seemingly Boolean fashion, and make a decision based on what is on paper. He does not
know what is at stake. He focused on gate access, and the request made rather than the
objectives.
If the User requestor or the User’s Manager made the wrong request, IT will take it at
face value. If lacking in information, the work just stops, and the ball passed around until
it takes days, weeks, and even months.
This is one reason why there are several service orders generated to complete the same
simple request. The new SOs is to address and fix the errors. On top of this, the Service
Request application/system of many companies automatically assigned a Service Order.
It can easily become a money mill for third party contractors. Aggravating the
aforementioned situation is the fact that a large percentage of Primavera access
requestors (if not all), submits a request that:
• is not properly accomplished
• is not what is actually needed
• is not what is authorized or approved
• is not actually approved by managers
• is approved but not a project team member
• is asking for the wrong database
• is already in the database
• … and many others
10. 010815-Case Study P6 Administration-A View to an IT Takeover Page 10 of 16
Risks = R1, R2, R3, R4, R5, R6, R7, R8, R10, R11
7.4 Issue 4
Service Orders involving Primavera access related items circles a loop a number of
times, going back to the P6 Administrator to address, investigate, provide right
information, troubleshoot, facilitate, coordinate, and resolve. Users are gravitating back
to the previous database administration set-up. This means that User’s concerns are not
being resolved promptly for some reason. The situation seems like a dog chasing its own
tail (Figure 1).
Risks = R1, R2, R3, R4, R5, R6, R7, R8
Figure 1 - Dog chasing its own tail
7.5 Issue 5
Generation of license monitoring report became inefficient compared to previous
because IT Support had not completed nor chased all information needed to complete the
User Profiles field. They bring in new Users without taking the pain of chasing
additional information from the Users and their Managers. Doing the report takes the
Administrator unnecessarily more time.
License tracking is important in order to comply with Oracle-XYZ licensing model
agreement.
11. 010815-Case Study P6 Administration-A View to an IT Takeover Page 11 of 16
Risks = R1, R2, R3, R4, R5, R6, R7, R8
7.6 Issue 6
Unable to develop, manage, administer, and maintain the existing XYZ Primavera
schemas/databases especially the Benchmarking database where full administrative
access is necessary.
Requires more effort in dispensing the P6 Administration duties enumerated in Section
3.0
This includes supervision and control of who can work there, and the security access
allowed.
Risks = R1, R2, R3, R4, R5, R6, R7, R8, R9, R10, R11
7.7 Issue 7
Troubleshooting difficulty of minor problems due to limited access. A fully privileged
P6 Administrator has access to replicate the security profile of any User. If the User
encounters difficulty, the administrator can log in using the patterned access and go to
the bottom of the problem. This full access is no longer available creating constraints to
what he can do.
Risks = R1, R2, R3, R4, R5, R6, R7, R8, R9, R10, R11
8.0 RISKS
The following are the risks anticipated if full P6 database administration remains with
IT/IS and control not brought back to PC Central. They underline many of the reasons
why full administration needs to back to the control of PC Central.
8.1 Risk 1
High probability of unproductive period, by not only the P6 Users directly affected but
also some other members of the project team, and those relying on the scheduling output
required.
8.2 Risk 2
Low to medium probability of contractual dispute due to decision delays contributing to
overall project or a specific work package delay
High probability that during litigation, contractors will point to XYZ Construction as
being unreliable in their defense and/or in their claim
12. 010815-Case Study P6 Administration-A View to an IT Takeover Page 12 of 16
8.3 Risk 3
Medium to high probability of additional project and support cost due to inefficiency or
wasted work hours
8.4 Risk 4
Medium probability of reputational risk as client and operational partner; due to review
cancelation, unavailable and/or delayed reports, erroneous reports due to haste, slow
turnaround, indecisiveness, and similar others
8.5 Risk 5
Low to medium probability of security breach where some schedule information
becomes available to unauthorized employees. Note that an IS/IT support person
unfamiliar to the project portfolio, their type and relationships, and strategic
requirements will find it hard to appreciate the security requirement.
Without a dedicated XYZ Construction IS/IT person imbedded and familiar with Major
Projects, access request evaluation relies only on the face value of the request without
any crosscheck. An effective database administration is to catch a probable security
breach before it starts.
8.6 Risk 6
High probability of late identification concerning erroneous access and/or flawed access
request
High probability of generating Risk 5
8.7 Risk 7
Medium to high probability of substantial delay in User’s access to the right information
Medium to high probability of generating secondary risks such as Risks 5, 4, 3, 2, and 1
8.8 Risk 8
High probability of failure to effectively manage and secure MPG Primavera database
Medium to high probability of generating all the risks enumerated in this section
8.9 Risk 9
High probability of initiative slowing down (if not completely stopped), the MPG
Benchmarking initiative heavily reliant on full Administration access by PC Central
8.10 Risk 10
Medium to high probability of inadvertent, accidental, or even intentional deletion of
project information in the database
13. 010815-Case Study P6 Administration-A View to an IT Takeover Page 13 of 16
Medium to high probability of generating all the risks enumerated in this section
8.11 Risk 11
Medium to high probability of failure in securing overall confidential project database
information
9.0 BENEFITS
The benefits of returning full administration of XYZ Primavera databases are many. The
list below is not in any particular order.
Benchmarking database can go to next level without obstacle
Better tab on history, including information on P6 Users and User’s group
Enhance quick response to Users need
Facilitate needed changes to planning & scheduling documentations, standards,
procedures, work instructions, manuals, and forms/templates
Facilitates periodic database testing, and UAT
Faster and easier to conduct administrative database clean ups
Full and convenient PC control of all databases
Full control of data imports
Gives PC Central the ability to designate administration coverage
Help maintains the connections between Subject Matter Experts and PC Central
Helps capture more lessons learned
Helps to effectively sustains the in-house Primavera Knowledge Base
Improves PC Central’s ability to come up with training program & demonstration
Improves troubleshooting
Increased ability to do a what-if scenario impacting P6 administration
Increased reliability and data security
Less frustration when requests get delayed well beyond acceptable
14. 010815-Case Study P6 Administration-A View to an IT Takeover Page 14 of 16
Less money tied to Service Orders; i.e. savings to both MPG and IT/IS OPEX
Less Service Orders generated; i.e. savings to both MPG and IT/IS OPEX
Less steps to getting the right and proper Users access
Lesser certainty of listed risks from happening
No confusion, less questions, clear responsibility of all involved
Processes are simpler
Risk-based tracking of Project Super Users and their activities
The owner who appreciates the data, takes good care of the database
Third party contractor does not get involved with simple tasks
Unacceptable delays mitigated or prevented and many others
10.0 COST ESTIMATE
No cost involved in reinstating full P6 Database administration privileges back to Project
Control Central.
11.0 PRECAUTION
Retention of P6 Database Administration is a part-time role of the designated PC Central
Specialist, and potentially, will add load to his work. The work involved in database
administration easily qualifies as a full time job. It has been successfully working up to now
because of the scheduling framework, structure, and available pool of subject matter experts,
plus the knowledge and skills of the designated administrator resource/s already in place.
A point in time will come that in order to sustain the successful management of the tool
and its database, a qualified, dedicated, full-time person has to do the job for PC Central.
12.0 CONCLUSION
It is clear that the removal of full administrative access from PC Central P6 Database
Administrator did not provide any benefit or improvement to the existing process and security
protocol. Instead, it unnecessarily complicates simple matters mostly revolving around Users and
15. 010815-Case Study P6 Administration-A View to an IT Takeover Page 15 of 16
Administrators access. The monitoring report covering service request and service order in the
last three months can attest to it.
Simple tasks have taken substantially and unacceptably longer, adding more works to
both the IT Support and the Primavera Administrator causing wasted effort, confusion, and
unnecessary expenses. Example: Issue 3, row 3 shows eight service orders generated, taking
twenty three (23) days to close them. If the XYZ is paying per Service Order at $100 each, then
it already cost CAD$800 instead of just CAD$100. That is eight times more than acceptable, not
to mention the risks it brings.
The way IT Support Team processes a request is too simplistic, and largely depends on
the request form alone and without in-depth understanding of the need, versus the current
enterprise set up. It was found that an IT Support person seldom take enough time to check
deeper, trace the requestor, or validate the request. He will look at the request in a seemingly
pure Boolean fashion, and make a decision based on what is on paper.
If the User requestor or the User’s Manager made the wrong request, IT will take it at
face value because he has no specialized knowledge of what he is trying to secure, the people
involved, the structure, and how he is going to do it. He is not familiar with what at stake.
If lacking in information, the work just stops, and the ball passed around until it takes
days, weeks, and even months. The project team requires quick one-point contact with
knowledge to act, and give direction right away. Without full control of the information and
security of the Major Project’s P6 database, PC Central cannot create value, nor will they be able
to address all the deficiencies created by the new set-up.
13.0 RECOMMENDATION
It is imperative to reinstate full Administration privileges back to the designated P6
Administrator. This includes all administration privileges taken away last October 2014.
Going forward, IT shall provide initial read only access unless requested by the P6
Administrator to do more. Only the designated Primavera Administrator and/or his assignee can
authorize or provide specific access to the Users. He will do it in coordination with the User’s
Planning Lead.
16. 010815-Case Study P6 Administration-A View to an IT Takeover Page 16 of 16
14.0 INDEX
administrative access ................................ 14
BACKGROUND ........................................ 5
Boolean fashion ........................................ 15
checkpoint reviews...................................... 6
CONCLUSION................................... 13, 14
contractual dispute .................................... 11
crosscheck................................................. 12
duties........................................................... 7
erroneous access........................................ 12
fully privileged.......................................... 11
getting access .............................................. 8
INDEX...................................................... 16
inefficiency ............................................... 12
intentional deletion.................................... 12
ISSUES ....................................................... 8
IT Support ................................................... 9
IT Support Team......................................... 9
IT/IS SUPPORT.......................................... 8
lacking in information............................... 15
license monitoring..................................... 10
licensing model ......................................... 10
multiple service requests............................. 9
OBJECTIVE ............................................... 6
Primavera SMEs ......................................... 7
privileges................................................... 15
protocol ..................................................... 14
quality criteria............................................. 7
RECOMMENDATION............................ 15
reputational risk ........................................ 12
RISKS....................................................... 11
secondary risks.......................................... 12
security breach .......................................... 12
Service Orders........................................... 10
Simple tasks .............................................. 15
specialized knowledge ................................ 5
TABLE OF CONTENTS ......................... 2
third party contractors................................. 9
User............................................................. 8
User Profiles field ..................................... 10
value return ................................................. 9
work package delay................................... 11
wrong request............................................ 15
XYZ Construction....................................... 5