View in Presenter Mode for Discussion Points & Transition Control

1

December 2014 v9.1

Security Framework

Dan Gallagher

Hewlett-PackardProject & Portfolio

Management

The Five Levels of Effective Security

Management• Resource Configuration• Request Access Controls• Request Status Dependencies• Field Level Controls• Request Rules

View in Presenter Mode for Discussion Points & Transition Control

2

Resource Set-up

Resources

Added to Directory for selection (LDAP, XMLS, Manual)

$ Time Management (Entry & Approval)

$$ Demand (Requests, SP & FS)

$$$ Project Management (Work plans)

$$$$ Program Management

Proposals, Projects, Consolidation

$$$$$ Portfolio Management

Proposal, Projects Demand Management

$$$$$$ Administration; Configuration

License

High Level Functional Capability.Annual Maintenance Cost.

Members with a Common Functional or Security Need.

Security Group

• Time Sheet Functions• Request Processing Functions• Project Management Functions• Resource Management Functions• Cost Management Functions• Program Management Functions• Portfolio Management Functions• PMO Management Functions• System Administration Functions• System Configuration Functions

• Contact Information• Organizational Membership• Manager• Time Sheet Approver & Policy• Project Role and Skills• Calendar and Assignments• Resource Pool Associations

HP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

3

Security Groups

The Functionality

• Security Groups Provide Specific Capabilities to it’s members through Access Grants. These Grants are the tools of the Group.

• You must have both the License and Associated Security Group to execute your stakeholder role.

• Create Projects• Edit Projects• Edit All Projects• Delete Projects• View Projects

• 165 Access Grants are defined. • They can be associated with any Security Group.• They can be inherited through license dependencies

• Security Groups can also provide common access to facilitate Group Responsibility for action (Field Edit, PMO Workflow Control)

• Security Groups is one of many methods to provide cloaking functionality to hide Initiatives except from a select group.

• Edit Requests• Create Resource Pools• Edit All Staffing Profiles• Edit Financial Summaries• Edit All Roles• Edit Cost Rate Rules

HP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

4

Field Level SecurityHP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

5

Status DependenciesHP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

6

Interactive RulesHP-PPM Security Framework

• When the Business Unit value is changed, then pre-defined stakeholders and Approvers are auto-populated.

• Fields that will be required prior to the exit of the Workflow step are highligthed to help the active Stakeholders.

View in Presenter Mode for Discussion Points & Transition Control

7

Request Level AccessHP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

8

December 2014 v9.1

Thank You!

Dan Gallagher

Hewlett-PackardProject & Portfolio

Management

The Five Levels of Effective Security

Management• Resource Configuration• Request Access Controls• Request Status Dependencies• Field Level Controls• Request Rules

View in Presenter Mode for Discussion Points & Transition Control

9

Resource ProfileHP-PPM Security Framework

John Wayne

CIMple Business Sys

North America

International, South America, Europe

Dan.Gallagher@CIMpleBS.com

17569 Enterprise PMO

Enterprise PMO SupportEnterprise Finance

Enterprise PMO

Release Planning

Atlanta, GA

Process Improvement40 Hour TS Required

John Wayne

Daffy Duck

Jon Daily

John Newman

John McCaan

John Wayne

CIMple Business Sys

North America

International, South America, Europe

Dan.Gallagher@CIMpleBS.com

17569 Enterprise PMO

Enterprise PMO SupportEnterprise Finance

Enterprise PMO

Release Planning

Atlanta, GA

View in Presenter Mode for Discussion Points & Transition Control

10

Resource Security Groups

Time Entry

Time & Request ManagementProject Management

Resource Management

Program ManagementPortfolio Management

Financial Management

Resource & Release Planning

Acquisition PlanningConfidential Initiatives

• Resources Added are available for selection on Requests.

• License Assignment based on PPM Stakeholder Role.

• Assign Standard Security Groups for Functionality based on PPM Stakeholder Role

• Assign Access Security Groups as Appropriate.

HP-PPM Security Framework

JWayne

Jwayne@customer.com

John Wayne

123-456-7890

View in Presenter Mode for Discussion Points & Transition Control

11

Request Field Level Security

These settings will determine what users can View and\or Edit a field on a Request.

• Level 4– Every Field is defined for Access & Edit Security

HP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

12

Field Attributes

A No on Enabled over-rides all higher level settings. If the field is Enabled, but the Display is NO, you’re left to wonder if it is being utilized or not. Difficult to determine. We would call that a Hidden Field.

• Display: Yes or No.

HP-PPM Security Framework

• Display Only: Yes or No A Yes here would indicate that the field is not editable through the User Interface, and is therefore populated based on a Rule or some other mechanism. Often utilized for data from other data sets that is related.

• Who Can See the Field?Anyone that has the appropriate License (Demand); Security Group (Demand for functionality); Security Group membership that may be involved in cloaking the specific field or Request (Project Organization today, but applied at a higher level (Request).

• Who Can Edit the Field?

This is defaulted to All Users in the OOTB “Best Practice” Requests. It is most effective from an End User Experience and Control , as well as a system maintenance and support perspective, to set this field as the token value of a field which is displayed on the Request itself. By giving the Request Owner (or PMO, or Finance) edit capability over the identified field, then that person, associated with the particular Request, now has control over who can do what with THEIR Request. This requires a complete understanding and integration of the 5 levels of Security.

View in Presenter Mode for Discussion Points & Transition Control

13

Status Dependencies

• In the “New” Step Status the “Contact Name” field is Editable and required.

• Field definitions, behavior, security and population considerations should be clearly defined in the on-line field HELP.

HP-PPM Security Framework

View in Presenter Mode for Discussion Points & Transition Control

14

Request RulesHP-PPM Security Framework

• Every Time the Business Unit field is changed, all of these fields are updated based on the new Business Unit value.

• When the Proposal moves out of the Defining Proposal Status, the two fields are set to Required.