Security: An Overview

Control Who Can Log In to Deltek CRM

Only those who are set up as employees in the Employees & Users area in the Configuration workspace and who are assigned a user ID and, optionally, a password can log in to Deltek CRM.

Deltek CRM treats user IDs and passwords as employee information. A user ID only exists through its association with a specific employee. If you delete an employee, the user ID and password is deleted also.

The relationship of an employee to a user ID/password combination is a one-to-one relationship. An employee can have only one user ID/password combination, and a user ID/password combination can only be assigned to one employee.

As a system administrator with access to Configuration, you can use the Force password change option on the User Set Up dialog box at any time to force an individual employee to change his or her password the next time they attempt to log in. For example, when you add a new employee, you can use that option to force that employee to set their initial password before they can log in the first time. You can also use the Disable Login option on the User Set Up dialog box to prevent an employee from logging in. (This happens automatically if you change an employee's status to Inactive or Terminated.)

Control Password Creation and Use: Password Policies

Users can click on the Deltek CRM toolbar and change their password at any time. The Security area in the Configuration workspace provides options that you can use to establish and enforce corporate policies to control how secure those passwords are. You can control the following:

• Password "strength" (effectiveness in resisting theft)
• Minimum number of characters in the password
• How frequently passwords expire and must be changed
• The amount of time between when a password expires and when that password can be used again
• How many consecutive failed login attempts can occur before the user ID is locked out of Deltek CRM

Control Level of Access: Security Roles

When employees log in to Deltek CRM, their level of access, what they can do in Deltek CRM, depends on the security role they are assigned in the Employees & Users area in the Configuration workspace. The employee inherits the level of access granted to his or her security role.

You can assign the same security role to multiple employees if each of those employees requires the same level of access. You can change the access for a security role at any time, and that modified access automatically applies to all employees who are assigned that role the next time they log in. You cannot delete a security role if it is assigned to any employees.

Default Employee

To provide initial access after you install Deltek CRM, the database contains an employee named Default Employee with the Admin user ID. That employee is assigned the Default security role and has full access rights to Deltek CRM, including the Configuration workspace.

Deltek strongly recommends that, as soon as possible, you go to the Employees & Users area of the Configuration workspace and assign a new password for Default Employee.

Access to Configuration

You control access to the Configuration workspace at the security role level. For each role that requires access to the Configuration areas, click in the MENU ACCESS field and select the Configuration check box in the Menu Access dialog box. Employees assigned a security role with that check box selected have full access to all areas in the Configuration workspace. Employees assigned a role with that check box cleared have no access to Configuration. You cannot grant partial access to Configuration.

Session Timeout

If a user leaves a session idle for 20 minutes, that session is automatically timed out, and he or she must log in again to continue working.