The PM Compass security features enable the system administrator to grant or restrict your access to forms and processes in PM Compass. To define your rights to the application, the system administrator creates user "roles" that reflect your organization's business rules using the Deltek EPM Security Administrator (SA). The system administrator then assigns each user or a group of users to a role.
The EPM SA allows you to define the security rights for all EPM applications, such as PM Compass, Cobra, and Open Plan. These applications offer different options but they all follow the same premise.
You use the EPM SA to perform several tasks, such as the following:
Define or import users
Define groups
Define roles and permissions
Send users a message
Disable or enable user login
Since you can use the EPM SA for all EPM products, you do not have to create and maintain separate user lists for any of the EPM products. When you first install the EPM SA, you must define the system settings. You must define the email configuration before using workflow in PM Compass.
To implement security quickly in EPM SA, take the following actions:
Use the active directory to import the list of users.
Specify users who have a license to PM Compass.
Create groups to define the major programs that separate file access.
Add the users to the appropriate groups.
If you want to control menu level access, define various roles and provide each user with a primary role. Assign the users to a product license. In various EPM applications, add the appropriate group to the Access Control of each file.
There are reports provided in EPM products to show who has access to what data in the products. In addition, EPM SA includes reports for security auditing.
The PM Compass documentation uses the following terms:
Users — This term refers to individuals who are given rights to log on to the application.
Roles — This term defines the type of operations a user can perform, such as access to certain menu areas, tabs in a dialog box, or even elements of a view (for example, actual costs). Cobra and Open Plan support the option to override the primary on specific data elements in the event that the user has a different role on another project. If the user’s primary role is blank, then the DEFAULT role is used.
Groups — This term usually represents major programs or projects in an organization, or functional groups, such as the project management office. You assign users to groups, which are used to provide access to data, such as projects in Cobra or Open Plan. Users can have different roles in a group. Only Open Plan uses the Default role on the group.
Access Control List — Each securable entity (such as project, workflow, and report) in the product allows you to assign a list of users or groups of users who have access to the entity. The primary role for each user in the group defines the operations that a user can perform. In Cobra and Open Plan, you can also the primary role override option to assign a role to the user or group.