Security: An Overview
You control who has access to Deltek CRM by setting up each user as an employee and assigning each employee a unique user ID/password combination. You control the level of access that those employees have to Deltek CRM by creating security roles, defining the levels of access for each role, and then assigning the appropriate role to each employee.
Control Who Can Log In to Deltek CRM
Only those who are set up as employees in the Employees & Users area in the Configuration workspace and who are assigned a user ID and, optionally, a password can log in to Deltek CRM.
Deltek CRM treats user IDs and passwords as employee information. A user ID only exists through its association with a specific employee. If you delete an employee, the user ID and password is deleted also.
The relationship of an employee to a user ID/password combination is a one-to-one relationship. An employee can have only one user ID/password combination, and a user ID/password combination can only be assigned to one employee.
As a system administrator with access to Configuration, you can use the Force password change option on the User Set Up dialog box at any time to force an individual employee to change his or her password the next time they attempt to log in. For example, when you add a new employee, you can use that option to force that employee to set their initial password before they can log in the first time. You can also use the Disable Login option on the User Set Up dialog box to prevent an employee from logging in. (This happens automatically if you change an employee's status to Inactive or Terminated.)
Control Password Creation and Use: Password Policies
- Password "strength" (effectiveness in resisting theft)
- Minimum number of characters in the password
- How frequently passwords expire and must be changed
- The amount of time between when a password expires and when that password can be used again
- How many consecutive failed login attempts can occur before the user ID is locked out of Deltek CRM
Control Level of Access: Security Roles
When employees log in to Deltek CRM, their level of access, what they can do in Deltek CRM, depends on the security role they are assigned in the Employees & Users area in the Configuration workspace. The employee inherits the level of access granted to his or her security role.
You can assign the same security role to multiple employees if each of those employees requires the same level of access. You can change the access for a security role at any time, and that modified access automatically applies to all employees who are assigned that role the next time they log in. You cannot delete a security role if it is assigned to any employees.
- Grant or deny access to the individual Deltek CRM workspaces and workspace areas. Access to a workspace area also determines access to reports in the Reporting area that are related to that workspace area.
- For each type of record, give full access rights (add, change, delete, and view rights) or provide only some of these rights
- For each type of record, allow view access to all or a restricted set of records. For example, you have the option when defining access to opportunities to allow access to all opportunities, only opportunities with which the employee is associated, only opportunities for which the employee is the project manager, only opportunities assigned to the employee's organization, or only opportunities assigned to one of a group of selected organizations.
- For each type of record, allow update access to all or a restricted set of records.
- Grant or deny access to the Configuration workspace.
Default Employee
To provide initial access after you install Deltek CRM, the database contains an employee named Default Employee with the Admin user ID. That employee is assigned the Default security role and has full access rights to Deltek CRM, including the Configuration workspace.
Deltek strongly recommends that, as soon as possible, you go to the Employees & Users area of the Configuration workspace and assign a new password for Default Employee.
Access to Configuration
You control access to the Configuration workspace at the security role level. For each role that requires access to the Configuration areas, click in the MENU ACCESS field and select the Configuration check box in the Menu Access dialog box. Employees assigned a security role with that check box selected have full access to all areas in the Configuration workspace. Employees assigned a role with that check box cleared have no access to Configuration. You cannot grant partial access to Configuration.
Session Timeout
If a user leaves a session idle for 20 minutes, that session is automatically timed out, and he or she must log in again to continue working.