Understanding Grants Portal Security
This topic discusses:
Security layers.
Access-level tables
The Generate Award process.
The Grants portal security is set up in two layers.
First Layer of Security
The first layer of security is based on the users who are assigned to an award. The award PI and the grants administrator roles for the award are automatically granted access to award, project, and personnel pages when a new award is created in PeopleSoft Grants. This is performed by means of the Generate Award process and selecting the Add to Grants Portal Security check box.
An award PI can view all awards for which he or she is the project PI. The valid role is PROJECT_TEAM.PLAN_PROJROLE = PI.
A grants administrator can view all awards for which he or she is the grants administrator on the award. The valid role is GM_AWARD.GM_ADMIN_CNTCT.
Second Layer of Security
The second layer of security is based on the users who are assigned to a project. The project PI and the department administrator roles for the project are automatically granted access to project and personnel pages when a new project is created in PeopleSoft Grants. This is performed by means of the Generate Award process as long as the Add to Grants Portal Security check box is selected.
If a user is not assigned the role of project PI or department administrator, then the user is not granted access to view awards in the award portal pages.
During the Generate Award process, the system only gives access to project team members who:
Have a role that matches a role on the Grants Portal Security – Access Rights page.
Have the appropriate access rights, meaning:
The Award Page check box is selected.
The Access Code is Read Only Access or Read/Write Access.
An administrator can view all projects for which he or she is assigned as the department administrator. Valid roles include: GM_PRJ_DEPT.EMPID or PROJECT_TEAM.PLAN_PROJROLE = PROJ_ADMIN.
Note: The field for the project role is configurable for your organization. Your organization must assign the delivered configuration of PI to the principal investigator and the delivered configuration of project administrator to the administrator on the Project Team page. If your organization is not using the delivered configuration setup on the Grants Portal Security – Access Rights page for these roles, then security for the department administrator must be granted manually through the Award or Project Access pages.
Security to the Grants portal can be set up using these pages:
The Global Security Access page.
The PI/Project Manager Access page.
The Division Access page.
The Award Access page.
The Project Access page.
The Employee Access page.
Use the Global Security Access page to grant access to all awards and projects in the Grants portal. Employees entered on this page have access to all awards and projects. Additional employees (Emp ID) are granted access through one or more of four access pages: PI/Project Manager, Division, Award, and Project.
When using the PI/Project Manager Access page or the Division Access page, you grant access to users using the Assigned to Emplid. When selecting:
Award or Project, you grant access to users by business unit and award ID or business unit and project ID.
Employee, you view access to users by the union of Level 2 and Level 3 tables.
Access-level tables are created when the Access Authority page is saved. Three access-level tables are available: Level 1, Level 2, and Level 3.
When you create the Level 1 table, the employee ID at the top of the page (Emp ID 1) is associated with all employee IDs that are in the grid (Emp ID 2).
Example of Access-Level Tables
This example displays how employee PI001 (Emp ID 1) is associated with employees EM001 and EM002 (Emp ID 2).
Level 1 table:
|
Assigned By Employee ID |
Employee ID |
|---|---|
|
PI001 |
PI001 |
|
PI001 |
EM001 |
|
PI001 |
EM002 |
The level 1 table populates the level 2 and level 3 tables. The level 2 table is used to access awards through the portal.
Level 2 table - Award:
|
Employee ID |
Award ID |
|---|---|
|
PI001 |
CON021 |
|
PI001 |
CON022 |
|
PI001 |
CON023 |
|
EM001 |
CON021 |
|
EM001 |
CON022 |
|
EM001 |
CON023 |
|
EM002 |
CON021 |
|
EM002 |
CON022 |
|
EM002 |
CON023 |
The level 3 table is used to access projects through the portal.
Level 3 table - Project:
|
Employee ID |
Project ID |
|---|---|
|
PI001 |
PROJ115 |
|
PI001 |
PROJ116 |
|
PI001 |
PROJ117 |
|
EM001 |
PROJ115 |
|
EM001 |
PROJ116 |
|
EM001 |
PROJ117 |
|
EM002 |
PROJ115 |
|
EM002 |
PROJ116 |
|
EM002 |
PROJ117 |
The Generate Award process, as it relates to security, performs different tasks assuming the Add to Grants Security check box is selected and whether the Pre-award Spending check box is selected.
If the Add to Grants Security and the Pre-award Spending check boxes are selected, the system:
Inserts all employees from the project team whose role matches the role in Grants Portal Security - Access Rights page into the level 3 table for the project (projects security).
Inserts all employees who have global access into the level 3 table for the project.
Inserts all employees who have division access into the level 3 table for the project if the major subdivision field on the project matches the division.
If the Add to Grants Security check box is selected and the Pre-award Spending check box is not selected, therefore an award is created, the system:
Finds the department administrator and:
Inserts that employee into the level 2 table for the award.
inserts the employee ID of the department administrator into all associated projects for that award.
Inserts the grant administrator into the level 2 table for the award.
Finds all project team members who have a role that matches a role defined on Grants Portal Security - Access Rights page and:
Inserts those employees who have rights to access the award page into the level 2 record for the award.
Inserts those employees who have rights to access the project page into the level 3 record for the project.
Finds all employees with global access and:
Inserts those employees into the level 2 record for the award;
Inserts those employees into the Level 3 record for all projects associated with the award.
Finds all employees with division access and inserts those employees into the level 3 record for all projects associated to the award where the major subdivision on the project matches the division in the security.