Additional Protection for Resource Information

This section addresses how users can gain unauthorized access to sensitive resource information (including billing rates), and how to prevent this unauthorized access.

Users Who Are Assigned the Configurator License

Users who have the Configuration license can create entities such as reports, and then use those entities to query the database for sensitive data. To prevent this activity, remove the Configuration license. For information about how to remove licenses from a user or set of users, see Removing Licenses Using the Assign Licenses Wizard.

Note: Technically, users are not required to have the Configuration license in a production environment.

Members of Security Groups with View or Edit Access to Cost Data

Users who belong to a security group that is assigned to one of the following access grants:

  • Cost: View Project, Program, and Time Sheet Cost Data

  • Cost: Edit Work Plan Cost Data

can see or edit skill rates, resource rates, or project costs. The user could divide the actual cost of a task by the actual effort to calculate the billing rate for a resource. Without one of these access grants, a user cannot see the actual cost of a task. Therefore, we recommend that you remove these access grants from all security groups and assign them only to individual project managers.

Members of Security Groups with View or Edit Access to Resource Data

Users who belong to security groups with one of the following Resource Management access grants assigned to it can access the user attribute window and view all attributes except for cost:

  • Resource Management. Edit All Resources

  • Resource Management. Edit only resources that I manage

  • Resource Management. View all resources

  • Resource Management. View my personal resource info only

To prevent such unauthorized access to resource attributes, remove these access grants from all security groups, and assign them only to the users within Human Resources who are responsible for providing cost rate information in the system.

Users Who Have the Administrator Password

To migrate code from the development environment to the staging environment, and then to the production environment, the administrator password is required. A user with Administrator access can assign licenses or security groups to grant visibility to resource attributes. We recommend that, in the staging and production environments, you give the "admin" user password only to an administrator level user within the IT organization.

Users Who Run the Unsecured "User Detail Report"

The User Detail Report queries the database for information, and then displays some user attributes. (It does not report on resource rate.) Because this report is not secured, anyone who runs it can potentially access sensitive resource information. To prevent this from occurring, secure this report to the "admin" user only and to Human Resources members.

Note: Secure all reports to their intended audiences. For information about how to secure reports, see the Reports Guide and Reference.

Users with the Sys Admin: Server Tools - Execute SQL Runner Access Grant

Users who belong to a security group that has the Sys Admin: Server Tools - Execute SQL Runner access grant assigned, can access resource data by running database queries from the PPM Workbench. To ensure that this access grant is not misused, make sure that you link it only to the PPM Administrator security group, and to no other.