The Deltek EPM Security Administrator (EPM SA) allows you to define the security rights for Deltek PPM applications. The applications offer different options, but they all follow the same premise. The EPM SA is installed when you install the corresponding PPM application.
Application |
To access EPM SA, click... |
Acumen Touchstone |
You must have access rights to the app server where the Acumen Touchstone application is hosted. You need to manually run the .exe file, which is usually stored in <Install Drive>\Program Files\Deltek\EPMSecAdmin. |
Cobra |
Start » All Programs » Deltek Cobra <version> » Deltek EPM Security Administrator |
Open Plan |
Start » All Programs » Deltek Open Plan <version> » Security » Deltek EPM Security Administrator |
wInsight Analytics |
Start » All Programs » Deltek wInsight Analytics » Deltek EPM Security Administrator |
Deltek EPM Security Administrator (SA) helps you maintain license keys, users, groups, roles, and access to the various EPM applications. It allows you to define the security rights for Deltek PM Compass, Cobra, and Open Plan. These Deltek applications offer different options, but they all follow the same premise. You can access EPM SA using a shortcut in the Windows Start menu. This shortcut is created when you perform the Administrator workstation installation.
The EPM SA documentation uses the following terms:
This term refers to individuals who are given rights to log on to the application.
This term defines the operations a user can perform, such as update baselines, set budget equal to actual costs, and update data. You assign each user to a primary role, such as scheduler, analyst, or project manager. You can override the primary role if the user has a different role on another project.
This term usually represents major programs or projects within an organization, or functional groups, such as the project management office. You assign users to groups, which you then assign to data objects (such as projects) within the applications. Users can have different roles within a group.
Each securable item within the product allows you to assign the list of groups who have access to the object. You can also override options to assign a user and a role, or a group and a role, to the object.
Example
You have eight users of an application. Each user fits into one of the following roles:
Scheduler: It refers to a super user with limited access to baseline and cost information.
Analyst: It refers to a super user with access to all areas of the application.
Project Manager: It refers to a user with read access to all data but few rights to modify data.
Let us also assume that there are currently two major projects occurring within the company. You create two groups, one for each of the projects. You also assign users to the appropriate groups, based on the projects they are working on. To prevent users working on project A from being able to see data associated with project B, use the access control list within the product to specify which groups have rights to the file. All files (projects, rate files, code files, and so on) have access rights within the applications.
If a user has a different role on a project, you can assign the user ID and a role to the access control list.
Use the roles to identify what menu items a user has access to perform. For example, a cost analyst role on the project may have access to perform processes such as Replan where you set actual costs equal to the budget. A CAM role may not have rights to this option. Once you define the access control each role has, then you assign the primary role for each user. All of the cost analysts and CAMs on project A have rights to update the project data, but primary role for the user defines what menu items they have access to.
You can always override the primary role by entering the user ID on the access control grid and providing an overriding role. Similarly, you can provide an overriding role for the entire group.
The read only flag is provided in each row of the access control list to allow you assign read only access.
While the Help button is included only on dialog boxes in the EPM SA, the entire help system is context sensitive. This means that if you need quick information about the area of the Security Administrator that you are using, press F1.
Once you log on, the EPM SA allows you to complete following procedures:
Connect to a data source
Define or import a user
Define groups
Define roles and permissions
Define data objects
Manage a product
Assign a user to a product
Enable or disable user logins
EPM SA also allows you to perform the following tasks:
Define custom menu items for Cobra
Configure Authentication Option settings
However, you need to ensure first that you have a corresponding user account in the system by either importing the account from Active Directory or manually creating the account.