This section addresses how users can gain unauthorized access to sensitive resource information (including billing rates), and how to prevent this unauthorized access.
Users who have the Configuration license can create entities such as reports, and then use those entities to query the database for sensitive data. To prevent this activity, remove the Configuration license. For information about how to remove licenses from a user or set of users, see Removing Licenses Using the Assign Licenses Wizard.
Note: Technically, users are not required to have the Configuration license in a production environment.
Users who belong to a security group that is assigned to one of the following access grants:
Cost: View Project, Program, and Time Sheet Cost Data
Cost: Edit Work Plan Cost Data
can see or edit skill rates, resource rates, or project costs. The user could divide the actual cost of a task by the actual effort to calculate the billing rate for a resource. Without one of these access grants, a user cannot see the actual cost of a task. Therefore, we recommend that you remove these access grants from all security groups and assign them only to individual project managers.
Users who belong to security groups with one of the following Resource Management access grants assigned to it can access the user attribute window and view all attributes except for cost:
Resource Management. Edit All Resources
Resource Management. Edit only resources that I manage
Resource Management. View all resources
Resource Management. View my personal resource info only
To prevent such unauthorized access to resource attributes, remove these access grants from all security groups, and assign them only to the users within Human Resources who are responsible for providing cost rate information in the system.
To migrate code from the development environment to the staging environment, and then to the production environment, the administrator password is required. A user with Administrator access can assign licenses or security groups to grant visibility to resource attributes. We recommend that, in the staging and production environments, you give the "admin" user password only to an administrator level user within the IT organization.
The User Detail Report queries the database for information, and then displays some user attributes. (It does not report on resource rate.) Because this report is not secured, anyone who runs it can potentially access sensitive resource information. To prevent this from occurring, secure this report to the "admin" user only and to Human Resources members.
Note: Secure all reports to their intended audiences. For information about how to secure reports, see the Reports Guide and Reference.
Users who belong to a security group that has the Sys Admin: Server Tools - Execute SQL Runner access grant assigned, can access resource data by running database queries from the PPM Workbench. To ensure that this access grant is not misused, make sure that you link it only to the PPM Administrator security group, and to no other.