Security-related features in PPM
To control data and process security and secure the PPM system, you use a combination of the following features:
-
Licenses
After you assign a license to a user, you can grant that user access to a set of PPM user interface and functionality. Licenses determine available behavior but must be used with access grants to enable specific fields and functions. For example, a user with a Demand Management license, but with no access grants, can log on to the system, but cannot create requests.
provides instructions on how to assign licenses to individual users or to groups of users. License types provides information about the specific access that each license provides. Licenses and User Roles contains detailed information about product licenses.
-
Access grants
Access grants are linked to users through security groups. They determine the windows and functions in which users can view information or perform actions. Access grants also provide levels of control over specific entities and fields. Users and Security Groups contains information on how to create users and give them access to information and functionality in PPM. The tables in Access grants provide information about all of the access grants used to control user access to specific features and parts of the PPM user interface.
-
Entity-level restrictions
Settings on the entity that specify who can create, edit, process, and delete PPM entities (such as requests, packages, or projects). Entity-level restrictions also let you determine which request types and object types can be used with certain workflows. These restrictions are often set in the configuration entities (workflows, request types, object types, and so on).
-
Field-level restrictions
For each custom field that you define in the PPM, you can configure when it is visible or editable. For some fields, you can also specify who can view or edit the field.
-
Configuration-level restrictions
To specify who can modify configuration entities in the system, you can use ownership group settings. For example, you can control who can edit existing workflows. This ensures that only qualified users can modify your PPM–controlled processes. For information about the security settings and permissions required to configure PPM, see Configuration Security.
It is recommended that you maintain two levels of system administrators for your organization. Service Provider Functionality contains information about how to create administrator-level users whose records cannot be modified by other users.