Set Up Access Based on Security Roles

To define security roles and specify each role's levels of access, go to the Security area in the Configuration workspace.

To set up a new security role, complete the following steps:
  1. In the Configuration workspace, click on the left edge of the Deltek CRM page to go to the Security area.
  2. Click + Add Security Role below the Security Roles grid. A blank row displays so you can enter role information.
  3. In NAME, enter a name or short description of the role.

    Important: Once you leave this field, the name is saved and cannot be changed. If you want to change the name of a role, delete it and add it again with the correct name.

  4. Click the MENU ACCESS field.
  5. Use the check boxes in the Menu Access dialog box to specify the workspaces and areas that the security role will have access to:
    • Select All to grant access to all workspaces and areas.
    • Select Business Development or Resource Planning to grant access to all areas in those workspaces.
    • Select individual areas under Business Development or Resource Planning to grant access to some but not all of those areas.
    • Select Configuration to grant access to all areas of the Configuration workspace. You cannot give users partial access to Configuration areas.

    If a role has no access to a workspace, the option for selecting that workspace does not display on the drop-down list that you use to navigate to a workspace. If a role has no access to an area of a workspace, the area icon along the left side of the workspace is not displayed for those users.

    For the Resource Planning workspace, if a user has access to any area of the workspace, he or she also has access to the Dashboard. The data they can view on the Dashboard depends on the view access granted for generic assignments for their security role. If a user has menu access to either Resource View or Project View, he or she also has access to the Reporting area. The data they can view on the reports depends on the view access granted to their security role for project plans, employee assignments, and generic assignments.

    For the Business Development workspace, a role's access to the Opportunities area determines its access to the Dashboard area. If a role does not have access to the Opportunities area, it also does not have access to the Dashboard area. Likewise, a user's access to reports in the Business Development workspace is based on their access to the corresponding workspace area. For example, if your role does not give you view access to the Opportunities area, you also cannot view opportunity reports.

  6. Click the RECORD ACCESS & RIGHTS field.
  7. In RIGHTS for each record type listed in the drop-down grid, do one of the following:
    • In the OPPORTUNITIES, COMPANIES, CONTACTS, or CLIENTS row, select the general actions users can carry out for that type of record: Read (display only), Add (display, change, and add), Modify (display and change), Full (display, change, add, and delete).
    • If the row contains PROJECT PLANS, select Can Modify if users can make changes to plans in the Resource Planning workspace. Note that, in addition to controlling access to plan data in Resource View and Project View in the Resource Planning workspace, the security settings you specify in a PROJECT PLANS row in the grid also control access to opportunity plan structures in the Resource Planning workspace.
    • If the row contains EMPLOYEE ASSIGNMENTS or GENERIC ASSIGNMENTS and you selected Can Modify on the PROJECT PLANS row, select Can Add if users can add new assignments to plans for employees or generic resources.
  8. Click the RECORDS CAN VIEW field for each record type, and select which records of that type users can view:
    • For the COMPANIES, CLIENTS, or CONTACTS row, select one of the following:
      • All: All records of that type.
      • Associated With User: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member, project manager, principal, or supervisor.
    • For the OPPORTUNITIES or PROJECT PLANS row, select one of the following:
      • All: All records of that type.
      • Associated With User: Only records with which the user is associated. An employee is associated with a record if he or she is linked to the record as a team member, project manager, principal, or supervisor.
      • Project Manager: Only records of that type for which the user is the project manager.
      • Employee's Organization Only records associated with the organization to which the user is assigned. This option is only available if you use organizations.
      • Custom: Only records associated with one or more of a selected list of organizations. This option is only available if you use organizations.
    • For the EMPLOYEE ASSIGNMENTS row, select one of the following:
      • All: All employee resource assignments.
      • Employee Supervisor: Only assignments for employees for whom the user is the supervisor.
      • Employee's Organization Only assignments for employees associated with the organization to which the user is assigned. This option is only available if you use organizations.
      • Custom: Only assignments for employees associated with one or more of a selected list of organizations. This option is only available if you use organizations.
    • For the GENERIC ASSIGNMENTS row, select one of the following:
      • All: All generic resource assignments.
      • Employee's Organization: Only generic resource assignments associated with the organization to which the user is assigned. This option is only available if you use organizations.
      • Custom: Only generic resource assignments associated with one or more of a selected list of organizations. This option is only available if you use organizations.
  9. If you selected Custom for one of the record types in the previous step, the Organizations dialog box displays. In that dialog box, expand the upper levels of the organization structure to get to the lowest level, and click Add for each of the organizations for which the role will be able to view records. Click Save when you have selected all of the organizations for that record type.
  10. Click the RECORDS CAN UPDATE field for each record type, and select which records of that type users can update. The options are the same as those described for the RECORDS CAN VIEW field above, with the addition of a Same as View option. Select Same as View if you always want update access to be the same as view access.
  11. If you selected Custom for one of the record types in the previous step, the Organizations dialog box displays. In that dialog box, expand the upper levels of the organization structure to get to the lowest level, and click Add for each of the organizations for which the role will be able to update records. Click Save when you have selected all of the organizations for that record type.
  12. If you have turned on the soft and hard booking option and users with this security role are authorized to hard book resource assignments, select the Can Hard Book check box on the PROJECT PLAN row of the grid. (Can Modify must be selected for the row also.)

    If you have not turned on soft and hard booking, the Can Hard Book check box is not available.

Parent Topic: How to...