Security Area of Configuration

Use the Security area in the Configuration workspace to implement policies governing passwords and to define security roles and specify each role's levels of access.

Contents

Field Description
Password Policy fields Use these fields to specify how you want Deltek CRM to manage the use of passwords.
PASSWORD STRENGTH Click this field and select the level of "strength" (effectiveness in resisting theft) that you want to require:
  • Weak (no requirements): Users determine the types of characters they use in their passwords.
  • Medium (digit required): Passwords must contain at least one numeric character.
  • Strong (digit & special character required): Passwords must contain at least one numeric character and one special character.
MIN LENGTH Enter the minimum number of characters a password can contain.
EXPIRATION Click in this field and select the maximum length of time a user can use the same password without replacing it: Never (no maximum limit), 30 days, 90 days, 6 months, or 1 year.
Restrict Password Reuse To control how long a user must wait before he or she can reuse an old password, select this check box and enter the number of days in the associated field.
LOGIN LOCKOUT Enter the number of consecutive invalid login attempts after which the user ID will be locked out of Deltek CRM.

Field Description
Security Roles grid Use this grid to define security roles and specify each role's levels of access to workspaces, workspace areas, and types of records.
NAME

Enter a name or short description of the role.

Important: Once you leave this field, the name is saved and cannot be changed. If you want to change the name of a role, delete it and add it again with the correct name.

MENU ACCESS Click this field and use the check boxes in the Menu Access dialog box to specify the workspaces and areas that the security role will have access to:
  • Select All to grant access to all workspaces and areas.
  • Select Business Development or Resource Planning to grant access to all areas in those workspaces.
  • Select individual areas under Business Development or Resource Planning to grant access to some but not all of those areas.
  • Select Configuration to grant access to all areas of the Configuration workspace. You cannot give users partial access to Configuration. Granting this access means that users assigned this role have complete access to the Configuration workspace, including the ability to add or change all configuration settings.

If a role has no access to a workspace, the option for selecting that workspace does not display on the drop-down list that you use to navigate to a workspace. If a role has no access to an area of a workspace, the area icon along the left side of the workspace is not displayed for those users. In addition, they cannot display the related report in the Reporting area.

For the Resource Planning workspace, if a user has access to any area of the workspace, he or she also has access to the Dashboard. The data they can view on the Dashboard depends on the view access granted for generic assignments for their security role. If a user has menu access to either Resource View or Project View, he or she also has access to the Reporting area. The data they can view on the reports depends on the view access granted to their security role for project plans, employee assignments, and generic assignments.

For the Business Development workspace, a role's access to the Opportunities area determines its access to the Dashboard area. If a role does not have access to the Opportunities area, it also does not have access to the Dashboard area. Likewise, a user's access to reports in the Business Development workspace is based on their access to the corresponding workspace area. For example, if your role does not give you view access to the Opportunities area, you also cannot view opportunity reports.

RECORD ACCESS & RIGHTS Click in this field to display a drop-down grid in which you use the fields described below to define the role's access by record type.
Record types The first column in the grid displays the types of records for which you can specify the role's level of access:
  • If you have activated the Resource Planning module only, the grid contains rows for clients, opportunities, project plans, employee assignments, and generic assignments.
  • If you have activated the CRM module only, the grid contains rows for companies, contacts, and opportunities.
  • If you have activated both the Resource Planning module and the CRM module, the grid contains rows for companies, contacts, opportunities, project plans, employee assignments, and generic assignments.

Note that in addition to controlling access to plan data in Resource View and Project View in the Resource Planning workspace, the security settings you specify in a PROJECT PLANS row in the grid also control access to opportunity plan structures in the Resource Planning workspace.

RIGHTS On the OPPORTUNITIES, COMPANIES, CONTACTS, and CLIENTS rows, select the general actions users can carry out for that type of record:
  • Read: Display records only. If you select this option, RECORDS CAN UPDATE is set to None, and the users cannot add, change, or delete records.
  • Add Display, change, and add records but not delete them.
  • Modify Display and change records but not add or delete them.
  • Full Display, change, add, and delete records.

On the PROJECT PLANS row, select Can Modify if users can make changes to plans in the Resource Planning workspace. Note that security settings for PROJECT PLANS also apply to the role's access to opportunity plan structures in the Resource Planning workspace. If you do not select Can Modify, RECORDS CAN UPDATE is set to None, and the users cannot add, change, or delete records.

If you selected Can Modify on the PROJECT PLANS row, select Can Add on the EMPLOYEE ASSIGNMENTS and GENERIC ASSIGNMENTS rows if users can add new assignments to plans for employees or generic resources. If you do not select Can Add for a type of assignment, RECORDS CAN UPDATE is set to None, and the users cannot add new assignments. If Can Modify is selected on the PROJECT PLANS row, however, they can make changes to assignments for the employees they are given access to.

Options that a user has no rights to use are generally hidden from that user. For example, if a user's security role does not have Add or Full access to opportunities, the + Add Opportunity link is not displayed.

RECORDS CAN VIEW Click this field for each record type, and select which records of that type users can view:
  • For the COMPANIES, CLIENTS, or CONTACTS row, select one of the following:
    • All: All records of that type.
    • Associated With Employee: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member, project manager, principal, or supervisor.
  • For the OPPORTUNITIES or PROJECT PLANS row, select one of the following:
    • All: All records of that type.
    • Associated With Employee: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member, project manager, principal, or supervisor.
    • Project Manager: Only records of that type for which the user is the project manager.
    • Employee's Organization Only records associated with the organization to which the user is assigned. This option is only available if you have set up organizations.
    • Custom: Only records associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.

    View record access for project plans applies to Project View and project reports, and is based on the project level (the top level) of the WBS for the plan. For example, if view access is based on the employee's organization, Resource Planning grants view access to the entire plan if the organization at the project level is assigned to the employee's organization, even though lower-level WBS elements are assigned to other organizations.

  • For the EMPLOYEE ASSIGNMENTS row, select one of the following to indicate :
    • All: All employee resource assignments.
    • Employee Supervisor: Only assignments for employees for whom the user is the supervisor.
    • Employee's Organization Only assignments for employees associated with the organization to which the user is assigned. This option is only available if you have set up organizations.
    • Custom: Only assignments for employees associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.

    View record access for employee assignments applies to Resource View and resource reports.

  • For the GENERIC ASSIGNMENTS row, select one of the following:
    • All: All generic resource assignments.
    • Employee's Organization: Only generic resource assignments associated with the organization to which the user is assigned. This option is only available if you have set up organizations.
    • Custom: Only generic resource assignments associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.

    View record access for generic assignments applies to Resource View, resource reports, and the generic assignments displayed on the Dashboard.

If you select Custom in RECORDS CAN VIEW for a record type and select a set of organizations in the Organizations dialog box, this icon displays next to the RECORDS CAN VIEW field. To review or change the selected organizations, click this icon to display them in the Organizations dialog box.
RECORDS CAN UPDATE Click this field for each record type, and select which records of that type users can update.
  • For the COMPANIES, CLIENTS, or CONTACTS row, select one of the following:
    • Same as View: Same records to which you give the user view access in RECORDS CAN VIEW.
    • Associated With Employee: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member, project manager, principal, or supervisor.
  • For the OPPORTUNITIES or PROJECT PLANS row, select one of the following:
    • Same as View: Same records to which you give the user view access in RECORDS CAN VIEW.
    • Associated With Employee: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member (for opportunities only), project manager, principal, or supervisor.
    • Project Manager: Only records of that type for which the user is the project manager.
    • Employee's Organization Only records associated with the organization to which the user is assigned. This option is only available if you have set up organizations.
    • Custom: Only records associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.

    Note that update record access for project plans is based on the project level (the top level) of the WBS for the plan. For example, if update access is based on the employee's organization, Resource Planning grants update access to the entire plan if the organization at the project level is assigned to the employee's organization, even though lower-level WBS elements are assigned to other organizations.

  • For the EMPLOYEE ASSIGNMENTS row, select one of the following:
    • Same as View: Same records to which you give the user view access in RECORDS CAN VIEW.
    • Employee Supervisor: Only assignments for employees for whom the user is the supervisor.
    • Employee's Organization Only assignments for employees associated with the organization to which the user is assigned. This option is only available if you have set up organizations.
    • Custom: Only assignments for employees associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.
  • For the GENERIC ASSIGNMENTS row, select one of the following:
    • Same as View: Same records to which you give the user view access in RECORDS CAN VIEW.
    • Employee's Organization: Only generic resource assignments associated with the organization to which the user is assigned. This option is only available if you use organizations.
    • Custom: Only generic resource assignments associated with one or more of a selected list of organizations. When you select this option, the Organizations dialog box displays so you can select the organizations. This option is only available if you have set up organizations.
If you select Custom in RECORDS CAN UPDATE for a record type and select a set of organizations in the Organizations dialog box, this icon displays next to the RECORDS CAN UPDATE field. To review or change the selected organizations, click this icon to display them in the Organizations dialog box.
Can Hard Book If you have turned on the soft and hard booking option and users with this security role are authorized to hard book resource assignments for plans to which they have access, select this check box on the PROJECT PLANS row of the grid. (Can Modify must be selected for the row also.) If you have not turned on soft and hard booking, the Can Hard Book check box is not available.

To delete a security role that you no longer want to use, hover over the row and click this icon.

If the security role is assigned to employees, you must remove or change those assignments before you can delete the role.

+ Add Security Role To add a new role, click + Add Security Role below the Security Roles grid to display a blank grid row for entering role information.