This screen consists of two table windows that display concurrently, as follows:
Use the primary table window, Modules, to activate or deactivate organizational security for one or more specific Costpoint modules.
Use the second table window, Applications, to activate or deactivate organizational security for one or more specific Costpoint applications within each module.
|
|
Note: You may or may not wish to apply organizational security to Transactions screens (such as Enter A/P Vouchers, etc.). Specific flag information is stored at the module level in the ORG_SEC_BY_MODULE (Module Settings) table and at the application level (by module) in the ORG_SEC_BY_APPL (Applications Settings) table for ease of retrieval. There are additional flags in the System Module and System Application Function tables to indicate those modules and applications that have been Deltek-specified as always excluded from organizational security (such as Fixed Assets). |
Set up these screens before establishing organization security profiles and organization security groups.
|
|
Note: The Organization Security Profiles and Organization Security Groups screens are not yet available in Costpoint web. You can access them in the client server version through the following paths, respectively: Others\System Administration\Organizational Security\ Maintain Org Security Profiles; and Others\System Administration\Organizational Security\ Maintain Org Security Groups. |
You can invoke organizational security by company in the System Settings screen in the Configure menu in the Administration domain by selecting the Apply Organization Security checkbox in the Company Settings group box. By default, this company-wide org security system setting will apply to all users. You can, however, establish an organizational profile and an organization security group that effectively acts as an override by removing organization security for users assigned to that organization security group.
If you implement organizational security by selecting the Apply Organization Security checkbox in the System Settings screen after you are live on Costpoint, you may first want to establish org security profiles and org security groups to avoid interrupting processing functions.
|
|
Note: The System Settings screen is available in both Costpoint web and Costpoint client/server. If you choose to activate the organization security feature in Costpoint client/server's System Settings screen, however, you must return to Costpoint web to run the process from the Reload Global Settings screen in the Utilities menu in the Administration domain to enable the system to establish continuity between the Costpoint web and client/server environments. |
What is organizational security?
Organizational security provides a mechanism for users to enforce security at the organization level. Its primary purpose is to prevent unauthorized reporting or inquiry on specific organizations (rather than to prevent transaction entry).
This feature is enabled on a system-wide, company-specific basis, and is entirely optional.
"Project security" and "employee security" are both implied by organizational security. For example, if you have rights to the owning org of a project, you will have rights to all the information relating to that project if you also have access to all the screens necessary to obtain that information. Similarly, if you have rights to an employee's home organization, you will also have rights to all information about that employee if you also have access to the necessary information screens. Labor suppression can be set individually by user.
If the existing screen rights security is more restrictive, then it supersedes organizational security.
What are organization security profiles?
|
|
The Organization Security Profiles screen is not yet available in Costpoint web. You can access it in the client/server version through this path: Others\System Administration\ Organizational Security\ Maintain Org Security Profiles. |
Organization security profiles give you the opportunity to set up groups of organizations to which you can grant or deny access. This feature is particularly useful for entities that run multiple companies in a single database.
Profiles are set up as "Inclusive," "Exclusive," or "Both," as follows:
The "Inclusive" method is intended to make each organization listed accessible for this profile. Only "Full" rights can be assigned to the orgs when using this method.
The "Exclusive" method is intended to provide a list of organizations to which there will be no access. Only "No rights" can be assigned when using this method.
The "Both" method allows profiles to be set up that can be assigned either "Full rights" or "No rights."
With any of the above methods, the relations "equal to" or "begins with" must be used. To make it easier to create the profile table (from the Costpoint client/server select Others\System Administration\ Organizational Security\ Maintain Org Security Profiles), you must identify whether the organization you are assigning to a profile begins with the value entered in the field or equals that value.
The "begins with" relation method will allow you to establish access to all org levels beneath the one you enter on the screen:
If you use the "begins with" relation method and enter org "1" in the table, you can access any org that begins with "1."
If you use the "equal to" relation method and enter org "1.1" in the table, you can only access org "1.1."
For example, if organizations beginning with "01" represent the Washington division and organizations beginning with "02" represent the California division, a profile might be set up of "01" using a "begins with" relation method. This profile would allow access to any organizations beginning with "01." It would also prevent reporting or inquiry into organizations beginning with "02."
What are organization security groups?
|
|
The Organization Security Groups
screen is not yet available in Costpoint web. You
can access it in the client/server version by selecting the following
path from the Costpoint menu: Others\System Administration\Organizational
Security\Maintain Org Security Groups. |
Use this screen to assign organization security profiles to modules. Assign each user to an Org Security Group in the Users screen (Administration\Maintain\Users\Users), which enables different org security profiles to be if effect in different modules for different groups.
For example, a General Ledger accountant may need full access to all areas of Costpoint General Ledger, but should only have rights to his or her own home organization for labor. In this case, an org security profile with access to all orgs should be assigned to Costpoint General Ledger, while a profile containing only that employee's home org should be assigned for Costpoint Labor. This org security group could then be assigned to this employee in the Users screen.
What is the purpose of the related Update Org Security Profiles screen in Costpoint client/server?
|
|
The Update Organization Security Profiles screen process is not yet available in Costpoint web. You can access it in the client/server version by selecting the following path from the Costpoint menu: Others\System Administration\Organizational Security\Update Org Security Profiles. |
This process creates an Org Security Lookup table. During this process, the system merges all of the organizational profile information into a single table and also eliminates the wildcards to enhance the speed of data retrieval. The newly-streamlined table will contain all organizations to which each profile has access (regardless of "Inclusive" or "Exclusive" rights for the application method).
You should run this process only after all other screens which deal with org security have been set up. You must run this process before org security will work properly. The creation of this table will speed up system processing when org security is in place. All applications affected by org security must access this table to enforce org security.
This process should only be rerun when organizations are added or changed or new profiles are set up.
Which steps should I follow to set up organizational security?
The following steps comprise full utilization of the organizational security function:
Activate organizational security by company in the System Settings screen (Administration\Configure\System\System Settings) by selecting the Apply Organization Security checkbox in the Company Settings group box. By default, this company-wide org security system setting will apply to all users assigned to that company.
Create "organizational profiles," to which you will either grant or deny access to the listed organizations.
|
|
The Organization Security Profiles screen is not yet available in Costpoint web. Access this screen in Costpoint client/server by selecting the following path from the Costpoint menu: Others\System Administration\Organizational Security\Maintain Org Security Profiles. |
Assign the created profiles to org security groups by module. You can also further refine the security by disabling org security by application within modules.
|
|
The Organization Security Groups screen is not yet available in Costpoint web. Access this screen in Costpoint client/server by selecting the following path from the Costpoint menu: Others\System Administration\Organizational Security\Maintain Org Security Groups. |
Assign each user to an org security group in the Users screen (Administration\Maintain\Users\Users).
Use the table windows in this application (Module Organization Security) to activate or deactivate organizational security for one or more specific Costpoint modules and/or for one or more specific Costpoint applications within each module.
Once setup is complete, create an org security Lookup table by running the Update Org Security Profiles screen process. This table will speed up processing time when organizational security is in effect.
|
|
The Update Organization Security Profiles screen is not yet available in Costpoint web. Access this screen in Costpoint client/server by selecting the following path from the Costpoint menu: Others\System Administration\Organizational Security\Update Org Security Profiles. |
Which Costpoint applications contain organizational security functionality?
Please refer to Special Topic SA-5, Organizational Security, in Costpoint client/server for a complete list (by module and screen) of applications that contain organizational security functionality.
Use the fields in this table window to activate or deactivate organizational security for one or more specific Costpoint modules.
The system displays the Costpoint web domain name in this non-editable field.
The system displays the Costpoint client/server module name for each module to which organizational security can be applied in this non-editable field.
The system displays the two-letter module abbreviation for all Costpoint client/server modules to which organizational security can be applied in this non-editable field.
Select this checkbox to apply organizational security to the module displayed for this row.
This checkbox is unselected by default.
Use the fields in this table window to activate or deactivate organizational security for one or more specific Costpoint applications within each module.
The system displays the names of all applications to which organizational security can be applied within the module selected in the Modules table window in this non-editable field.
The system displays the application abbreviations of all applications to which organizational security can be applied within the module selected in the Modules table window in this non-editable field.
* A red asterisk denotes a required field.
Changes to the Modules table window update the ORG_SEC_BY_MODULE (Module Settings) table.
Changes to the Applications table window update the ORG_SEC_BY_APPL (Application Settings) table.
Module name and ID are system-maintained and are stored in the S_MODULE (Module) table.
Application name and ID are system-maintained and are stored in the S_APPL_FUNC (Module) table.
