1. Securing ERP
  2. Project Management Work Area Security

Project Management Work Area Security

Project Management work area is configured to give users projects access based on following criteria:

  • Signed in user must have a direct role on the project.
  • Project must be an active project as of the application date.

You can enhance this security configuration and grant a user access to more projects. For example:

  1. Allow users access to all projects without having a direct role on the projects.
  2. Allow project managers to have access to all active as well as upcoming projects.

You can change the default configuration of the Project Management work area to get access to projects based on your business needs.

To control project security based on security configuration, ensure you have opted in to the feature Expanded Project Access Configuration for the Project Management Work Area. Once you opt in to this feature, the security role configuration controls the project list access. Application administrators can define the data security policies and assign them to project roles to configure project access based on business needs.

The predefined project roles are configured to continue working as before. To get additional access, change the security configuration as explained with the examples in Grant Access to a User to All Projects Without a Direct Role on the Project and Grant Project Manager Access to Upcoming Projects.

If you have set up custom roles, review them and configure them appropriately before enabling this feature.

Grant Access to a User to All Projects Without a Direct Role on the Project

Workflow: Grant access to all projects to a user

The following steps grant access to all the projects to a user without having a direct role on the project. Let’s call the new role we are creating Project Management Office Administrator.

  1. Create a custom role from Project Manager job role:
    1. Log in as a project application administrator.

    2. Select Navigator > Tools > Security Console.

    3. On the Roles tab of the Security Console, select the Project Manager role.
    4. Copy the Project Manager role by selecting the Copy Top Role option.
    5. Specify the role name as Project Management Office Administrator.
  2. Add a new data security policy:
    1. For the new role Project Management Office Administrator, go to the Data Security Policy page.

    2. Click the Create Data Security Policy icon to create a new policy.

    3. In the Create Data Security window add the new data security policy:

      Grant a PM access upcoming projects create data security policy
      Field Value
      Policy Name <Name of your choice>
      Database Resource Project for Table PJF_PROJECT_ALL_VL
      Data Set All Values
      Actions Manage Project Work Plan Data
  3. Add additional data privileges:

    1. Add more data privileges to the policy created in step 2.

    2. The following is a recommended list of actions you should select to get access to planning and budgeting activities in the Project Management work area:

      • Manage Project Work Plan Baseline Data

      • Assign Project Resource to Project Data

      • Manage Project Task Structure

      • Manage Project Budget

      • Manage Project Work Plan Resource Assignments Data

  4. Assign the custom role to the users:

    1. You can select existing users in the Users page when creating the Project Management Office Administrator custom role.

    2. You can also add the new role to any users from the Users tab of Security console.

Grant Project Manager Access to Upcoming Projects

Workflow: Grant a PM access to upcoming projects

Application administrators can configure data security to grant project manager access to upcoming projects. In this example, let’s create a new role Senior Project Manager who will have access to active and upcoming projects.

To achieve this, the application administrators need to:

  1. Create a custom role from Project Manager job role:

    1. Log in as a project application administrator.

    2. Select Navigator > Tools > Security Console.

    3. On the Roles tab of the Security Console, select the Project Manager role.

    4. Copy the Project Manager role by selecting the Copy Top Role copy option.

    5. Specify the role name as Senior Project Manager.

  2. Add a new data security policy:

    1. For the new role Senior Project Manager, go to the Data Security Policy page.

    2. Click the Create Data Security Policy icon to create a new policy.

    3. In the Create Data Security window add the new data security policy:

      The Create Data Security window with data security settings to assign a PM access to upcoming projects
      Field Value
      Policy Name <Name of your choice>
      Database Resource Project for Table PJF_PROJECT_ALL_VL
      Data Set Select by instance set
      Condition Name Access current and upcoming projects in the table PJF_PROJECTS_ALL_VL where user is authorized
      Actions Manage Project Work Plan Data

  3. Add additional data privileges:

    1. Add more data privileges to the policy created in step 2.

    2. The following is a recommended list of actions you should select to get access to planning and budgeting activities in the Project Management work area:

      • Manage Project Work Plan Baseline Data

      • Assign Project Resource to Project Data

      • Manage Project Task Structure

      • Manage Project Budget

      • Manage Project Work Plan Resource Assignments Data

  4. Create a project role and assign it to the newly created enterprise role Senior Project Manager.
    1. From Setup and Maintenance, navigate to set up UI Manage Project Roles.
    2. Create a new project role Senior Project Manager and assign the new security role Senior Project Manager as Enterprise role.
      Manage project roles
  5. Log in as project administrator and assign a user this new role on an upcoming project with assignment start date as project start date.

Log in as Senior Project Manager to an upcoming project. Project Manager work area should show the upcoming projects.

Considerations for Project Management Work Area Security

  • The predefined roles have all the required setup and you need not modify them to get access to projects in the project list. If you have setup custom roles, review them and make necessary changes to it after enabling this feature.

  • When adding new data security policies to custom roles, ensure that the policies are directly associated to the role. Data security policies are not associated from inherited roles.

  • Once you opt in to the feature, areas such as Dashboards, Oracle Transactional Business Intelligence, and REST APIs honor the security configuration.

  • It is recommended you enable the feature Maintain a Single Source of Truth for Project Team Members and Labor Resources.

Related Topics