|
Costpoint Analytics security enables you to control the following:
The most common approach is to base security on user groups. You set up user groups, specify the access you want each group to have, and assign each individual user to the appropriate group. You can import existing user groups and the users assigned to those groups from Costpoint, you can add user groups and users in Costpoint Analytics, or you can combine the two methods. If you decide to provide access to Costpoint Analytics data for some users based on project manager, you specify that access on a user-by-user basis. Costpoint Analytics SaaS: If you have a Costpoint Analytics SaaS Subscription, it is recommended that you configure the analytics with Apply Security set to No. That configuration gives all authorized users complete access to the analytics tabs and analytics data. Security provided by Deltek Cloud Operations prevents access by any unauthorized users. However, if you find that you need to restrict the access of some authorized users, you can change Apply Security to Yes, and set up security within Costpoint Analytics as described in this topic and related topics. |
In this topicAbility to Run Costpoint Analytics Access to Data Based on Organization Access to Data Based on Project Manager Ability to Modify Costpoint Analytics Security During Costpoint Analytics Implementation |
Costpoint Analytics fully supports “single sign on” authentication with Microsoft Windows Active Directory Services (ADS). Currently, the product does not support single sign on with directory services other than ADS. It also does not support any authentication other than single sign on.
When you set up Costpoint Analytics security, you provide each user’s network user ID. Then, when someone runs Costpoint Analytics, the system confirms that that network user corresponds to a user set up in Costpoint Analytics. If that is the case, Costpoint Analytics opens without requiring an additional log-on procedure.
If Costpoint Analytics cannot find a user with a matching network user ID, that person cannot open Costpoint Analytics.
For each user group, you can do either of the following:
Give the group complete access to all of the analytics tabs, including the Summary Dashboard tab and all of the User Options tabs.
Give or deny the group access to each of the tabs individually.
If your firm does not want to monitor one of the analytic areas that Costpoint Analytics provides, you can essentially remove that area by denying all groups access to the corresponding tab. Costpoint Analytics will not display either the detailed analytics tab or the related summary analytics.
You control access to data in Costpoint Analytics primarily by specifying the organizations for which each user group can view data.
For each user group, you can do either of the following:
Give the group complete access to the data for all organizations.
Restrict the group’s access to selected organizations.
To facilitate this task, you can import your existing organization security from Costpoint. If necessary, you can modify that organization access as part of the import process. You can also specify organization access in Costpoint Analytics without first going through the import process.
In addition, for user groups with access to the Labor Utilization tab, you can specify whether or not the users can view labor cost information.
While Costpoint Analytics is primarily intended for executives, some firms want to make the project analytics (Revenue, Profit, Backlog, and Projects at Risk) available to project managers or program managers for analyzing data for the projects for which they are responsible. For those users, data access based on project manager assignments is often more appropriate than access based on organization.
To implement access based on project manager, you link each user’s network user ID to his or her project manager ID from Costpoint. In Costpoint Analytics, that user can then only view and analyze data for his or her projects. If you have program managers who are responsible for a group of project managers, you can link that person’s network user ID to the project manager IDs for each of their project managers. That gives the program manager access to data for all of the projects for which his or her project managers are responsible.
Costpoint Analytics is designed to be modified to provide the analysis that your firm needs. However, you need to control carefully the users who are allowed to add or modify analytical objects and tabs. To do that, you specify for each user group whether or not members of that group have modification rights.
During implementation of Costpoint Analytics, as you load data and verify that the product is functioning as you want it to, having security in place can slow that process. You have two options for disabling or partially enabling security to facilitate implementation:
No security — In Costpoint Analytics – Project Configuration and in Costpoint Analytics – Employee Configuration, select No in Apply Security. This disables all Costpoint Analytics security. Anyone with network access to the Costpoint Analytics files can open Costpoint Analytics, display all tabs, and view all available data.
Non-SSO security — In Costpoint Analytics – Project Configuration and in Costpoint Analytics – Employee Configuration, select Yes in Apply Security and select Yes in Prompt Users for Login and Password under Single Sign On. You may want to do this while you are testing security settings. Because it bypasses single sign on authentication, it enables you to log into Costpoint Analytics more quickly using various user IDs to confirm that they have the correct access. If you instead implement single sign on, you have to log out of the network and log back on each time you want to test another user ID.
Deltek strongly recommends that you implement single sign on user authentication when you are ready to make Costpoint Analytics generally available to your users. Deltek does not recommend or support making the analytics available with either of these security configurations still in place. If you have a Costpoint Analytics SaaS Subscription and you decide to use security in Costpoint Analytics, you must implement single sign on authentication.
The standard procedure for setting up security during implementation of Costpoint Analytics commonly involves the following basic steps:
Import security-related information from Costpoint.
Export selected security information to the security extraction Excel files.
Copy the information from the security extraction files to the security setup Excel files.
Edit the data in the security setup files to provide the users and user groups with the access that you want them to have.
Use the security-related configuration options to activate security in Costpoint Analytics.
Run an update process to apply the access specified in the security setup files to Costpoint Analytics.
For detailed instructions, see Set Up Security.
When you import security data from Costpoint, the process retrieves the following:
User groups that are set up to provide access to Project Inquiry and Reporting (PI), General Ledger (GL), and Labor (LD)
Each imported user group’s access to organizations
Users that are assigned to each imported user group
Project managers
You then use this information as a starting point for specifying user access to Costpoint Analytics.
To facilitate the process of setting up security for Costpoint Analytics, Deltek provides a special application to import security information from Costpoint. You can then use that information as a basis for Costpoint Analytics security. After you import Costpoint security information, you work with it in Microsoft Excel spreadsheets to tailor it for Costpoint Analytics.
To control access to the import application and to the resulting Excel files, be sure you take the steps necessary to secure the following files:
CpA_Import_Security_From_Costpoint.qvw
OrgSecurityExtraction.xls
PMSecurityExtraction.xls
CostpointAnalyticsOrgSecuritySetup.xlsx
CostpointAnalyticsPMSecuritySetup.xlsx
Costpoint Analytics provides no internal security for the configuration applications and related files. Be sure that only the appropriate persons have access to the network folders in which you installed Costpoint Analytics.