P6 EPPM contains a number of security settings at the application level. The P6 EPPM Application Administrator's Guide details these settings.
To help you organize your planning, the following are options Oracle recommends:
- In your production environment, opt for empty data instead of sample data during the P6 EPPM database setup.
- If using P6 EPPM native authentication, enable Password Policy in Application Settings.
- If using LDAP and SSO authentication, configure the LDAP and SSO components to enforce high quality passwords within their password policy settings.
- Enable firewall software on the application server and database server. Based on your installation, add exceptions for appropriate ports.
For instance, P6 EPPM SQL Server Database runs on 1433 port and Oracle Database runs on 1521 port by default. P6 EPPM and P6 Team Member Web run on 8203 and 8207 ports respectively in the default installation.
- In the Primavera P6 Administrator:
- evaluate the Login Lockout Count; the default is 5.
- set the Enable Cross Site Request Forgery Checking Filter setting to true.
- set the Enable Session Hijack Checking setting to true.
Caution: If this setting is set to true, the server will bind the user's IP Address with session id for authentication and authorization. If a user's IP address changes, this setting may cause authentication issues. Oracle recommends testing this setting thoroughly before implementation.
- keep Multiple User for the Content Repository authentication mode.
- use Security Accounts if using Oracle Universal Content Management for the Content Repository.
- use STRONG for the Directory Services security level.
- keep the Enable Cross Site Scripting Filter setting set to true.
- enable LDAP or WebSSO for authentication.
- if using WebSSO, set "Application\Logout URL" in the Primavera P6 Administrator to your SSO logout URL to ensure that the SSO sessions end.
Note: The HTTPS authentication setting requires that web server and application server settings support SSL.