Rights Management

Information

• This topic provides detailed information on the working principles of rights management. It is especially intended for project management administrators who want to learn how to manage user rights.
• A general introduction to the subject of user rights and an explanation on how users can find out which user rights they possess can be found here.

Information

• In PLANTA project, rights management takes place at two levels:
  • Rights management via role assignment. This provides a user with access rights to particular modules and menu items.
  • Rights management via user parameters. This determines which data a user is actually allowed to see in the modules provided to him/her and what he/she is allowed to do with this data.

Rights Management via Role Assignment

Roles and work areas

In PLANTA project, roles are grouping units which are used for rights management. A role gives the users to whom it is assigned access to one or more groups of modules and menu items. Such groups are called work areas.

A work area consists of at least one module or menu item, however, usually they are composed of several modules or module panels and/or menu items. There are pure module work areas and pure menu item work areas.  

Details

• Roles and work areas are created, adjusted and assigned to individual users by project management administrators.
  • For this purpose, project management administrators only need access to the modules in which they want to make the changes. No further authorization is needed. 
    • Roles and work areas are managed in the Roles and Work Areas modules.
    • The assignment of roles to users is carried out in the Users module.

Example for assignment

Details

• It is possible to structure roles via Drag&Drop copying.
  • Structuring can be used to increase clarity. It has no impact on access rights.

Example for structuring

Notes

• Several predefined standard roles are included in the scope of supply of PLANTA project.
  • They can either be assigned to the users as they are or they can be adjusted individually.
  • If PLANTA demo data is installed, the standard roles can be opened via standard user. A list of standard users can be found here.

Rights Management via User Parameters

Access Rights for Planning Objects, Resources, Skills

Objective

• The system must be able to control access to resources and planning objects at any time (ideas, proposals, projects, programs, and portfolios), e.g. to make sure
  • that a project manager only uses resources for his/her project which stem from his/her own department, or
  • that an employee from department A cannot see projects or information of department B.

Notes

• If you have access to a particular planning object or to a resource, you automatically have read only access to this object. This means that you can see data of this object and select it in listboxes.
• Whether you have read only access to objects or can edit or delete them as well (or even create new projects) is determined by additional parameters. For more information, see the Modification rights for planning objects and resources chapter.

Control Planning Object Access

Question

• How does the system know which planning objects a user is allowed to see?

Answer

• This is achieved by using the cost center structure code.
  • Each planning object is assigned to a particular cost center.
  • A structure code is assigned to each cost center.
  • For each user it is specified to which cost center structure code he/she has access.
  • In all analyses and listboxes in which projects are selected it is checked whether the structure code which is stored on the user coincides with that of the project. From a data point of view this is solved via the @53 system variable as a filter criterion on the Cost center structure code field.

Procedure

1. Create required cost centers/organizational units in the Cost Centers module under PM Administration → Master Data → Costs and allocate a structure code for each cost center.
2. Assign planning objects to cost centers To do so,
   • enter the cost center to which the planning object belongs in the Cost center field of the respective planning object (Project Core Data, Idea Core Data, Proposal Core Data).
3. Assign Cost Center Structure Codes to a User To do so,
   • Open PM Administration → Master Data → Users, Roles, Resources and open the Users module.
   • Enter the structure code of the cost center to the planning objects of which the user has access in the Project access field or enter the structure code area (by using wildcard *) in case the user has access to different cost centers.
     • An asterisk (*) means: all following sub-points of the item marked with the asterisk.

Examples for possible entries in the Project access field and their meaning

Control Resource/Skill Access

Question

• How does the system know which resources/skills are to be displayed/available for selection to the logged-on user?

Answer

• This is achieved by using the resource/skill structure code.
  • Each resource /each skill receives its own structure code.
  • To each user the structure code to which he/she has access is assigned.
  • In all analyses and listboxes in which resources/skills are selected, all resources/skills are searched which possess the resource structure code/skill structure code to which the current user has access. From a data point of view this is solved via the @32 system variable as a filter criterion on the Resource structure code and Skill structure code field.

Procedure

1. Enter Structure Codes and Resources and Skills
   • The resource structure code is allocated manually in accordance with the respective resource structure/company structure in the Resource structure code field in the following modules:
     • Resources
     • Resource Data Sheet
     • Resource Structure
   • The skill structure code is allocated manually in accordance with the respective skill structure in the Skill structure code field in the following modules:
     • Skills
     • Skills by Skill Group
2. Assign structure codes to users
   • Open PM Administration → Master Data → Users, Roles, Resources and open the Users module.
   • Enter the structure code of the resource to which you want the required user to have access in the Resource access field, or enter the structure code area (by using wildcard *) in case you want the user to have access to several resources.
     • An asterisk (*) means: all following sub-points of the item marked with the asterisk.

Examples for possible entries in the Resource access field and their meaning

Note

• Since access to both resources and skills is currently controlled via the same parameter (Access to resources), you should make sure that the structure codes of resources and skills to which the user is to have access coincide.

Note for PLANTA Hybrid

• The resource access defined in PLANTA project also takes effect when using PLANTA Hybrid. A user can, e.g., record hours worked in PLANTA pulse for resources which he/she can access in PLANTA project.

Department Manager

Information

• For controlling which department resources are displayed to the department manager in the modules of the department board:  My Department and Resource Planning, the Department parameter is used in addition to the Resource access parameter. In this parameter, the department for which the user assumes management rights (department rights) is stored.

Details

• The Department parameter does not necessarily have to be the department to which the user belongs. You can also enter a superordinate department if the user is to be responsible for all subordinate departments. In such a case, please make sure that the correct structure code is entered in the Resource access field, so that it does not contradict the entry made here and possibly restricts resource access.
  
  • The structure code of the department entered here has to be identical to the value in the Resource access field or the value in Resource access must imply the structure code of the department entered.
    • Example: If the structure code of the entered department is 1.4.1, the entry in Resource access must be 1.4.1, 1.4.1*, 1.4* or 1*.
• For all users to whom the resource manager role is assigned it is mandatory to specify a department since otherwise the department board cannot be opened.

Read and Modification Rights for Planning Objects, Resources, Skills

Information

• In PLANTA project, modification rights (creation, editing/changing, deletion) for planning objects (projects, programs, ideas, proposals, portfolios) and resources are controlled via several parameters.
  
  • Object rights in the Users module
  • Manager in the core data module of the respective planning object (Project Core Data, Program Core Data, Proposal Core Data). For ideas, the Manager field is not contained in the core data module, so that the idea manager can only be changed in the Edit Planning Objects module in the Ideas module variant.
  • Portfolio Manager in the Portfolio Core Data module. 
  • Modification access in the Stakeholder area in the core data module of the respective planning object (Project Core Data, Program Core Data, Proposal Core Data).
• Modification rights do not necessarily correlate with deletion rights. The following table shows in which cases users are entitled to make deletions.

Overview of modification rights

Authorization for the Deletion of Postings

Information

• In PLANTA, postings or posting records are load records with actual data (actual hours, actual costs, and actual revenues).
• For the user which is to be granted the right to delete load records, the Can delete actual postings checkbox must be activated in the Users module.
  • The same applies to the user who wants to delete projects with actual postings (multi-project manager rights alone are not sufficient).

Caution

• PLANTA expressly advises against the deletion of entire posting records. Instead, Reverse Postings should be recorded.
  • Reason:
    • The effect of the key date is levered out since records which have a date earlier than the key date can also be deleted.
    • The deletion of exported/imported posting records leads to inconsistencies between external system and PLANTA.
    • The deletion of posting records which have already undergone a scheduling has an impact on the calculation of remaining values.
      • Explanation: As soon as an actual load value has been recorded, the Remaining value on the resource assignment (DT466) is reduced accordingly.
        • If only the actual load value is deleted, scheduling will readjust (i.e. increase) the remaining value on the resource assignment (DT466).
        • If, on the other hand, the entire actual load record is deleted, the already reduced remaining value on the resource assignment (DT466) remains unchanged.
• If actual load records are to be deleted anyway, remaining effort/remaining costs/remaining revenues and actual start date entries must be verified and possibly be corrected manually.

Customizer Rights

• Customizer rights are allocated by activating the Customizer parameter in the Users module. These rights entitle the user to change customizing parameters or to even delete the entire module customizing to which he/she has access. This is the case regardless of whether the user has modification rights for project data.
• Furthermore, users with customizer rights possess all modification rights at user level, regardless of other rights which may be defined for them.
  •  Via the functions of the customizer, a user with customizer rights can edit and delete any record (including entire planning objects).