PPM has a complete set of capabilities to support security, access, and visibility.
Security makes sense for both the organization and the end-user. For the organization, having security means protecting data (not everyone should see the financial numbers) and objects (not everyone should be able to manipulate the value-lists). For the individual user, having security is a means to filter the vast amounts of information that is irrelevant to you. Instead, you have access only to what pertains to you and your work. The data is organized in hierarchies in a logical way that clearly presents the tasks you need to perform, and the objects you need for that task.
Access and visibility settings not only secure the PPM application, they make it easier to use the entire system. Access and visibility can be controlled for any module, application, or object in the system, including those on the server. Based on your permissions, you view a filtered set of modules and trees for a selected object.
Hierarchies support the process of applying and managing system security. The hierarchical storage of objects enables you to assign permissions to several high level objects, and then propagate those settings to any object down the hierarchy. This process saves time, while providing a systemized and logical approach for dealing with security issues in a complex enterprise environment.
Objects may appear in multiple containers (folders or portfolios). This allows information to be shared by different processes. However, each object has a single home folder. All other instances of that object are referenced objects. A red dot next to an object's icon (
) indicates that the active folder is the object's home folder.
By default, all created objects inherit their security settings from their home folder. Security settings are propagated down to lower objects in the hierarchy.
There are two rules for determining security settings:
- Distance - An object may have BOTH inherited permissions AND permissions defined explicitly on the object at the same time. Permissions defined on the object override permissions defined further away. The distance rule states that permissions closer to the object override those further removed from the object.
- Weight - Security permissions can be assigned by groups. The weight rule says that all members of a group - All (which is a special group), Roles, Users, and User Groups have the same weight.