Post on 22-Dec-2015
Oracle Projects Suite- Security Options (A
security journey from Forms to HTML)
Timothy Cronin
Cronin Business Solutions
Agenda…• Introduction to the Oracle Projects Suite• Forms versus HTML• Elements of PA Security
– Functions– Menus– Responsibilities– Multi Org/HR Security– PA Profile Options– User Profile Security
• Configuration Considerations• Quick Reference Configuration Guide
– Project Access Control– Organizational Authority– Role Based Security– Security Extension– MS Project Security– Personalizations
Security Options Matrix…
Walking the line, the Projects line…
Introduction to the Oracle Projects suite
History of Oracle Applications…
1984 19861987
199019931991 19951983
19981985
19881989
1992 1994 19961997 1999
20002001
20022003
20042005
Oracle Founded (Originally named RSI)
Creation of AppsDivision
(Version MPL3) Version9.3 Version
10.7NCA
Version11.5.10
Version10.7 GUI
Version10.4
Version11.03
Version11i
Version10.7
Character
Client/Server HTML Based
e-Business Suite
Version8.6
Project Billing/Costing
Enterprise Project Management
200720082006
Rollup1 to 4
Version12
The Projects Suite…Oracle Projects Intelligence
Oracle Project Foundation
Oracle Project Billing
Oracle Project Costing
Oracle Project Collaboration
Oracle Project Resource
Management
Oracle Project Management
Oracle Project Portfolio Planning
Oracle Project Contracts
Oracle Project Manufacturing
Oracle Timeand Labor Global Project
Repository
HTML versus Forms
Self Service Web Applications vs. Professional Forms
HTML vs. Forms…• Oracle is migrating away from Forms towards HTML• Oracle Projects suite is on the leading edge• A significant % of the Oracle Projects suite is now in
HTML– In many cases, a function can be performed in both Forms
and HTML
• Security features are sometimes related to either HTML or Forms
HTML vs. Forms…• Some modules are primarily designed for
HTML others for Forms
HTML vs. Forms…• Selected functionality by HTML or Forms
HTML vs. Forms…
• Project creation is HTML and Forms:
Function Security
Function Security…Function Security• Function security controls user access to
Oracle Projects functions• Functions are assigned to Menus
– Thus providing access to specific functionality in PA
• Managed via System Administrator
Function Security…• Functions control access to most features within PA• Examples include:
– Ability to see a button– Ability to baseline a workplan– Ability to view cost rates– Ability to update progress– Etc…
Menu Security
Menu Security…
Menu Security• Build from either other
menus or functions• Grant access to specific
PA functionality• Menus are assigned to
either Responsibilities or Roles
• Managed via System Administrator
Function and Menu Security…
• Steps to create a function loaded menu1. Navigate to System Administrator- Menu
2. Either create a new menu or query an existing menu
3. Add/Remove Functions as necessary
Responsibility Based Security
Responsibility Based Security…
• A user’s logon determines what a user can do within Oracle• Configured and managed in System Administrator
Responsibility Based Security…
• Responsibilities contain the following attributes:– Menu– Request Group– Function and Menu
Exclusions
Responsibility Based Security…
• HTML versus Forms differences…
Responsibility Based Security…
• HTML versus Forms responsibilities…
Responsibility Based Security…
• The Oracle Projects Suite contains the following predefined responsibilities:– HTML Based
• Project Super User• Project Manager• Project Administrator• Resource Manager• Staffing Manager• Operations Manager • Team Member
– Forms Based• Project Costing Super User• Project Billing Super User• Projects Implementation Super User• Project Manager (Non-HTML)
Responsibility Based Security…
• Steps to create a responsibility1. Navigate to System Administrator – Responsibilities
2. Enter name
3. Assign Application
4. Determine: Forms vs HTML
5. Assign Menu
6. Assign Request Group
7. Enter any function or menu exclusions
Multi Organization and HR Security
MO and HR Security…• The responsibility is the primary means of
defining security
• All Oracle Applications users access the system through a responsibility that is linked to a security profile
• The security profile determines which records the user can access
MO and HR Security…• Multi Organizational Security can be based
on the following hierarchy:
Set of Books
Business Group
Operating Unit
Organizations
HR: Cross Business Group…
• HR: Cross Business Group Profile option:
– Allows partial visibility of information across business groups
Security Profile…• Oracle Human Resources Security Profile • Enables data to be secured in a variety of ways including:
– Organization level
– Operating unit level
MO Operating Unit…• If the Security Profile calls for operating unit security:
– Operating Unit is determined using the operating unit specified in the MO: Operating Unit profile option
• Allow or restrict access by operating unit
MO Security Profile…
• Security for applications that use organizations and organization hierarchies in their business views
• Create a security profile and then assign to the site or application level
Levels for setting Profile Options…
Site
Application
Responsibility
User
Defaulting Order Order of Precedence
MO Security…
• Steps to configure MO Security1. Navigate to Human Resources- Security Profiles
2. Either create a new security profile or update an existing profile
3. Navigate to System Administrator – Profile System Values
4. Enter appropriate values for:– HR: Cross Business Group– MO: Operating Unit– MO: Security Profile
PA Profile Options
PA Profile Options…• The following profile options provide an
additional level of security for a responsibility
– PA: Cross Project User – Update– PA: Cross Project User – View– PA: View All Project Resources– PJI: Organizational Security Profile
PA: Cross Project User – Update…
• This profile provides update all projects access
• Applies to all operating units where the MO: Operating Unit profile option is enabled
PA: Cross Project User – View…
• This profile provides view all projects access• The default is set to “Yes”
PA: View All Project Resources…
• This profile enables users to view all resources in Oracle Projects and perform resource-related functions, as granted by their responsibilities.
PJI: Organizational Security Profile…
• Used to provide security access to Project Intelligence
• Based on the Security Profile
PA Profile Options…• Steps to define the PA Profile Options
1. Navigate to System Admin- Profile System Values
2. Query each of the following profiles an update as necessary• PA: Cross Project User – Update• PA: Cross Project User – View• PA: View All Project Resources• PJI: Organizational Security Profile
Personal Profile Values
User Profiles…
• Users have limited ability to modify specific profile options
• Accomplished via the Personal Profile Values form
User Profiles…• Steps to update a User Profile
1. Navigate to the appropriate responsibility; (Example: Project Billing Super User- Other - Profile
2. Query the values for the user
3. Update the profile with the appropriate values
Project Access Control
Project Access Level…
• Project Access Levels allow control of who can search and view specific projects
• There are two access levels for projects:– Secured: Users need role or organizational
access to view the project– Enterprise: Project can be viewed by any user in
your enterprise regardless of their role
Project Access Level…
• The project access level is assigned via HTML
• The UPG: Update Project Access Level concurrent process to update the access levels of several projects at once
Project Access Level…
• Steps to enable Project Level Access1. Navigate to Project Super User
2. Query a Project or Template
3. Set the access level to either:• Enterprise• Secured
Organizational Authority
Organizational Authority…
• Access for users at an organizational level
• Users with Organizational based security do not need roles
• Each individual organization must be assigned to the user
Organizational Authority…
• Organization based security provides the following organizational authorities:– Project Authority: Perform Project Manager functions on
all projects in the organization– Resource Authority: View and update resource
information for all resources in the organization– Utilization Authority: Calculate and view utilization for all
resources in the organization– Forecast Authority: Generate and view forecast
information for all projects in an organization
Organizational Authority…
• Steps to enable Organizational Based Security1. Navigate to Project Billing Super User – Organizational
Authority
2. Enter the name of the user that needs organizational access
3. Enter the organizations the user should see
4. Set the users authority for each Organization by checking the authority check boxes
Role Based Security
Role Based Security…
• Role based security controls access based on the role the user plays on a project
• Access for a user can be different on each project
• Role based security overrides responsibility based security for individual users
• Provides additional features for specific modules such as Resource MGT and Contracts
Role Based Security…
• Role Based Security assigns menus to roles – Menus with roles are considered secured roles– Unsecured roles use the Responsibility to determine project
access
• Menus are build from:– Functions– Sub-menus– Etc...
Roles– Controls Tab…
• Controls grant access to specific features including:– Allow Scheduling– Allow as a Task Member– Allow labor Cost Query– Allow as a Contract
Member– Allow as a Project
Member
Role Lists…• Role lists to categorize
roles into logical groupings
• For example, you may have a role list called Consulting to which all roles relating to consulting are assigned.
Roles– Role Lists Tab…• The role lists to
which you want the role assigned
Roles– Jobs Tab• Project roles are the templates for
creating resource requirements
• For each project role, enter the default for job information for resource requirements created based on the role
• Job levels are used for requirements search, and job groups and jobs drive forecasting
Roles- Competencies Tab
• Project roles are the templates for creating resource requirements
• For each project role, enter the default competency information used on resource requirements
• Competencies are used for requirements search
Roles- Project Status
• Provides an additional level of security based on Project Status
• Example: Allows a user to change classifications in unapproved status, but not in approved status
Roles- Access Rules
• Provides the set default access levels for Project Contracts
• Any person associated with this role will inherit these default settings
Role Based Security…
• After the role has been created
• Assign a user as a key member/team member to the project
• Note that key members/team members can be established in both:– Forms– HTML
Role Based Security…• Steps to enable Role Based Security
1. Navigate to Project Billing Super User- Setup- Project Roles
2. Create a new role• Create Name• Assign Menu for Role based security• Enter appropriate controls• Enter further information:
– Role Lists– Jobs– Competencies– Project Status
3. Assign users to the roles in either HTML or Forms
Security Extension
Security Extensions…
• The Project Security extension allows customized business rules for project and labor cost security
• Only applies to non-HTML architecture• Examples:
– Responsibilities can view or update only capital projects
– Use a DFF to define access to a project
Security Extensions…
• Steps to create a Security Extension1. Define your requirement
2. Update the body and package respectively• Body: PAPSECXB.pls• Package: pa_security_extn
3. Test the extension
4. “Go Live” with the extension
Microsoft Project Security
MS Project Security
• The Oracle Projects suite provides standard integration with MS Project
• Role Based Security is honored by the MS Project Interface
• For example, we have the ability to restrict rates from interfacing to MS Project based on project role assignments
MS Project Security
This data may be controlled includes:– Person ID– Job ID– Organization ID– Organization Name– Standard Rate– Overtime Rate– Cost Per Use Rate
MS Project Security
Steps to enable MS Project Security:
• Update the PA_AMG_RESOURCE_INFO_V
• Any column value that receives a “Y” indicates that MS Project integration will receive the column
• The default value is “N”
Personalizations
Personalizations…
• Provide the ability to modify specific HTML features
• The forms can be personalized at the following levels:– Responsibility– Organization– Site
Personalizations…• Determine the HTML screen that you would like to
modify. • Click on the Personalize Page Link• Examples of modifications that are possible include:
– Reorder a view– Create a button – Add a column– Etc
Personalizations…
• After enabling the following Personalize profile option, a HTML user will have access to the personalize features :– Personalize Self-Service Defn = “Yes“
Navigate to the HTML form that needs modification
Click Personalize
Enter the Personalization Page
Find the Personalization and click the edit pencil
Determine where the personalization should be applied: Site, Org, Responsibility
Scroll down to the “Rendered” row- Set the value to False
Return to the Application and notice that the personalization…
Before After
Personalizations…• Steps to enable Personalizations
1. Set the “Personalize Self-Service Defn” profile option = “Yes“
2. Determine where a Personalization is necessary
3. Click the Personalize Page Link
4. Make the appropriate Personalization
5. Assign the personalization to any of the following:• Responsibility
• Organization
• Site
6. Save Changes
Configuration Considerations
Configuration Considerations…• Spend time to understand the range of security
options within the Oracle Projects Suite• Understand your user requirement
– Who will use Oracle Projects– What information they require– How they use it
• Limit the number of roles to a manageable level• Recognize that Oracle provides multiple ways to
achieve a security objective
Configuration Considerations…
• Develop a security matrix document that supports configuration, audit and ongoing maintenance
• When building and testing menus based on role based security, it is recommended to have access to bounce the Apache Server– Changes/updates will not immediately appear
unless Apache is bounced
Quick Reference Configuration Guide
Security Options Matrix…
Projects Security Summary…
Reference Material…• Metalink• User and Implementation Guides
– Daily Business Intelligence Implementation Guide– Human Resources User Guide– Projects Implementation Guide– Projects Fundamentals User Guide – Project Management User Guide– Resource Management User Guide– Project Management User Guide– Project Contracts User Guide– Project Contracts Implementation Guide– Projects API, Client Extensions, Open Interfaces
Function and Menu Security…
• Steps to create a function loaded menu1. Navigate to System Administrator- Menu
2. Either create a new menu or query an existing menu
3. Add/Remove Functions as necessary
Responsibility Based Security…
• Steps to create a responsibility1. Navigate to System Administrator – Responsibilities
2. Enter name
3. Assign Application
4. Determine: Forms vs HTML
5. Assign Menu
6. Assign Request Group
7. Enter any function or menu exclusions
MO Security…
• Steps to configure MO Security1. Navigate to Human Resources- Security Profiles
2. Either create a new security profile or update an existing profile
3. Navigate to System Administrator – Profile System Values
4. Enter appropriate values for:– HR: Cross Business Group– MO: Operating Unit– MO: Security Profile
PA Profile Options…• Steps to define the PA Profile Options
1. Navigate to System Admin- Profile System Values
2. Query each of the following profiles an update as necessary• PA: Cross Project User – Update• PA: Cross Project User – View• PA: View All Project Resources• PJI: Organizational Security Profile
User Profiles…• Steps to update a User Profile
1. Navigate to the appropriate responsibility; (Example: Project Billing Super User- Other - Profile
2. Query the values for the user
3. Update the profile with the appropriate values
Project Access Level…
• Steps to enable Project Level Access1. Navigate to Project Super User
2. Query a Project or Template
3. Set the access level to either:• Enterprise• Secured
Organizational Authority…
• Steps to enable Organizational Based Security1. Navigate to Project Billing Super User – Organizational
Authority
2. Enter the name of the user that needs organizational access
3. Enter the organizations the user should see
4. Set the users authority for each Organization by checking the authority check boxes
Role Based Security…• Steps to enable Role Based Security
1. Navigate to Project Billing Super User- Setup- Project Roles
2. Create a new role• Create Name• Assign Menu for Role based security• Enter appropriate controls• Enter further information:
– Role Lists– Jobs– Competencies– Project Status
3. Assign users to the roles in either HTML or Forms
Security Extensions…
• Steps to create a Security Extension1. Define your requirement
2. Update the body and package respectively• Body: PAPSECXB.pls• Package: pa_security_extn
3. Test the extension
4. “Go Live” with the extension
MS Project Security…
Steps to enable MS Project Security:
• Update the PA_AMG_RESOURCE_INFO_V
• Any column value that receives a “Y” indicates that MS Project integration will receive the column
• The default value is “N”
Personalizations…• Steps to enable Personalizations
1. Set the “Personalize Self-Service Defn” profile option = “Yes“
2. Determine where a Personalization is necessary
3. Click the Personalize Page Link
4. Make the appropriate Personalization
5. Assign the personalization to any of the following:• Responsibility
• Organization
• Site
6. Save Changes
Where to find more information…
• Timothy Cronin, President
www.CroninINC.comtcronin@CroninINC.com
954.243.3101
• Experts in the Oracle Projects Suite
Oracle Project Costing…
• Create Projects from templates
• Integrate with multiple sources
• Manage cost via a WBS
• Track cost against budget
• Burden/Allocate/Transfer Cost
• View Commitments
• Drill Down features
• Capitalize Assets
• Generate Accounting
CollectModifyReport
GL
FA
3rd Party Apps
Cash Management
PO
T&Li-Expense
AP
Inventory
Cost Inputs Cost OutputsOracle Project Costing
Oracle Project Billing…
• Track agreements / Fund Projects
• Manage Revenue Budgets
• Generate Invoices • Generate Revenue
• Supports the following billing/revenue methods:
–T&M–% Spent–% Complete–Events–Custom methods
Oracle Project BillingFunding /
Agreements
Revenue Budgets and Forecasts
Generate Revenue
Generate Invoices
Interproject/
Interorg
BillingGenerate
AutoAccounting
Oracle Project Management…
• Create, manage and version workplans• Track progress against plan• Integrate with MS Project• Create budgets / forecasts to completion• Provide real time project overview via HTML
• Manage issues at a project or task level
• View Gantt charts• Create work plan dependencies • Manage change orders
Oracle Project Management
Integrate withMS Project
ManageWorkplans
ManageBudgets
Forecasts
Assign taskweighing
View GanttCharts
HTML Portal /
Dashboard
Oracle Project Collaboration…
• Provides a secure collaborative workspace• Visibility to assigned tasks, issues and deliverables• Single document repository with versioning capabilities• Related to Oracle Project Management
Oracle Project Collaboration
CollaborativeWorkspace
Visibility to tasks, issues and deliverables
SecureHTML
Document Versioning
Oracle Resource Management…
• Track resources and availability • Nominate / Assign resources to a
project• Search for open requirements• Generate financial forecasts
• Used by all members of your project based organization
• Calculate organization / resource utilization
• Managing team schedules
Oracle Project Resource
Management
Supports the following functions:•Project Managers •Resource Mangers •Staffing Managers
Calculate Utilization
Manage team schedules
Track resources and availability
Nominate and assign resources to a project
GenerateForecasts
Oracle Project Contracts…
• Provides the ability to manage complex contracts• Provides role based security• Supports the ability to track and manage customer:
– Deliverables– Contract Line Items
• Workflow Based Contract Management
Manage Contractual
Obligations
Manage Relationships
between customers
Contract Authoring Tool
Deliverable
Tracking
Oracle Project Contracts
Oracle Project Intelligence…
• Provides Project based operational and financial metrics, reporting and analytics
• Provides role based security• Drill down to transactions• Dashborad and KPI’s• Manage by exception
Operation and Financial Project
Metrics
Real time
On-line reporting
Prepackaged
Reports
Dashboard
And KPI
tools
Oracle Project Intelligence
Oracle Project Portfolio Planning…
• Release Date: May 2005• Evaluate, analyze, prioritize potential projects• Establish common metrics for potential projects
– NPV, ROI, strategic or financial fit• Score and rank projects• Create and compare “What if” scenarios
Oracle Project Portfolio Planning
Score and Rank
Projects
“What if” Scenarios
EstablishCommonMetrics
Evaluate & Analyze Projects