Security modules include the following special tasks and features:
- Alert Scope may include the entire system: This option allows the creation of alerts for all items and/or all portfolios in the entire system. Designated for configurators and/or special users who need to create such alerts. When this security module is enabled, the [Entire System] option appears in the Scope field of the alert.
- Allow/deny users to override cells: This option determines the users who can override cells in a scorecard. Users who are denied overriding cells, have read-only permissions.
Note: To override cells, users must also have the Edit data permission at the category security level and the module security level.
- Always have admin permission on all objects: This feature allows users to change the security settings for all elements in the system. Its purpose is to allow you to reset security permissions in the event that access is accidentally denied. By default, a user with Admin permission can provide View & Read permission to a user which will allow them access to this feature. Enabling this feature puts the user in a special mode which allows the user to change the security settings of all elements in the system without being able to access data.
This module is very different from other modules. Other modules give you additional permissions, for example, you can now access the investor module. With this module you have access to ALL objects in PPM, but ONLY with View & read and Admin permissions. Also, this module causes you to enter a special mode. All your permissions change. You now have a completely new set of permissions. You get view & read permissions for all objects, but you cannot edit even your own items.
This module was created to allow administrators to fix security lockout situations in which a user has denied access to objects in the system. It should be used only when a rescue operation is required. For example, if someone mistakenly blocked access to all items and portfolios by denying access to All in the items & portfolios security policy, then the admin can temporarily grant a user (or themselves) the Always have admin permission on all objects permission module.
Since the user then has Admin permission on the items & portfolios security policy, the user (or the admin) is then able to change the properties of the items & portfolios security policy by removing the permission on the All security row. Since, in this mode, the user (or admin) has no edit rights to any objects, the user (or the admin) is forced to remove himself from the Always have admin permission on all objects module, reverting security permissions to the regular set of permissions.
- Create Alerts: Determines who is allowed to create alerts.
- Create Import Categories: This feature allows users to create categories for imported data. By default, administrators have Full Access permission to use this feature. No other user or group has a default permission to use this feature.
- Create Public Snapshots: Snapshots is a feature of the Investor module that allows you to take static snapshots of Investor maps at a particular point in time. A snapshot is an image of an investor map and can be saved in the Investor module history for future reference. Snapshots also contain data relating to the items or portfolios that are displayed in the image. Snapshots can be either public or private. A public snapshot can be viewed by all users. A private snapshot can only be viewed by the user that created the snapshot and the administrator. Only users with permission in the Create Public Snapshots module can create public snapshots. By default, administrators have Full Access permission to create public snapshots. No other user or group has a default permission to create public snapshots. For more information on snapshots, refer to refer to Working with Snapshots in Working with Investor Maps.
- Paste Multiple Cells into Scorecard/Table/Dynamic List: This feature of the Copy and Paste functionality, allows the user to paste multiple cells into a scorecard, or a table and Dynamic List, in Forms.
- Permit Alerts to access all data: Allows users to create category alerts even when the user does not have access to the data related to in the alert. This security module is designated for use by the configurator who creates many alerts for which she will have permission for all objects related to in the Alert (Item, Portfolio, Category, etc.) but not necessarily to the data. The Read & View permission for the item must = Allow both during definition of the alert and when the alert is fired.
Note: Data refers only to cell data, including `Roles' which are also category cell data. It does not refer to deliverable, action item and phase field data.
- Permit Functions to access all data: PPM uses functions to calculate data in order to determine cell values. In order to work, the function must have access to the data. The Permit Functions to Access All Data module allows users for whom this permission is granted to create functions that can access data even if the user that creates the function cannot access this data. Without this permission, a user can only give the function security permission to access data that the user can access. By default, administrators have Full Access permission to use this feature. All other users have Read permission to use this feature. For more information on functions, refer to Advanced Function, in Working with Categories.
- Reset Permissions on all child objects: Users for whom this permission is granted can reset security permissions for all child objects and items in folders and portfolios for which the user has Admin permission. For example, if someone clears the Inheriting settings from field for an object, an administrator with Admin permission to the object's home folder can reset the object so that it inherits its security settings from the home folder. By default, administrators have Full Access permission to use this feature. No other user or group has a default permission to use this feature.
- Send Email or Alert messages: Controls the ability to use Send Page and Send Manager in addition to the dispatch of alert messages whose events have been fired. If the alert owner doesn't have read permission for Send Email or Alert Messages when the event is dispatched, the alert message will not be sent out to its recipients.
- Upload Documents: Users for whom this permission is granted can upload documents onto the server.
- Use Data as of control: Users for whom this permission is granted are able to use the Data as of control to select a date or a version of the data to be displayed.
- View Usage Reports: Users for whom this permission is granted can open and view the Usage Report for the selected category or table.