Primavera Scheduling Tips and Tricks 04-13: Improving Primavera Database Security by Managing the Responsible Manager Code (RMC) field
1.1 Project’s request to restrict access of other Users to their project schedules & portfolios seemed to have failed. Unauthorized access remains a problem. Contractors working concurrently in the same database were able to sometime see the client’s schedule and modified certain critical attributes despite the security protocol being enforced. Worst of all, one schedule was completely deleted by someone and have to be recovered from the back-end by the Database Administrator through the existing back-up and recovery protocol.
1.2 Dorothy was checking Marco’s security access because he couldn’t add resources and found that all his projects have the Responsible Manager’s Code set to the Contractor’s OBS code. She figured that Marco might have used the contractor’s original schedule as a starting project file in developing his project schedule.
1.3 Back in June 2010, Primavera User John and Mark had put together a schedule that sat on the back burner while the Project team worked on other priorities. When it came time to set the baseline, John and Mark decided to do a quick check to make sure nothing had changed. Mark hit the F9 button and about 80% of the activities moved to the right. The dates moved by 4 to 20 days.
The two of them checked the calendar they were using but they were fine. The Primavera database Administrator checked who else was using the calendar and the schedule and found that only John and Mark were given direct access to this schedule.
John now went back to the schedule, changed some lags and logics trying to correct the schedule discrepancies. The effort took more than a day to complete, time which the project really do not have. What has gone wrong?
2.1. Project Management (Primavera 6.1 SP1, 6.2, 6.7 SP1, 6.7 SP2 and higher)
3.1. The term “User” in this document is the person using the Primavera scheduling tool. He can be the planner, the scheduler, the Project Manager or anyone.
3.2. EPS = Enterprise Project Structure.
3.3. OBS = Organizational Business Structure
3.4. RMC=Responsible Manager’s Code
4.1. The Lead Planner of the project usually has the capability to assign the Responsible Manager code and has the bottom line responsibility of making sure that all the projects has the same code (or corresponding OBS code) as the EPS node it belongs to.
4.2. As the situation described in Section 1.2 underlined, copying the schedule from one EPS node to another will not automatically update nor change the Responsibility Manager setting such that it will correctly inherit the Responsibility Manager code of the header it is now under. This is the reason why the Contractor who previously owns the original schedule still has access to the copy of his/her schedule which is now located under the new EPS node but has not relinquished the previous Responsible Manager code.
4.3. The problem mentioned in Section 1.3 was brought about by one of the User who has previous access to the original schedule before it was moved to the new EPS Node. This is similar if not entirely the same situation as the situation in Section 1.2.
4.4. The risk to the schedule and the project as a whole in terms of quality, scope, time and money can be low to high, not to mention the possible threat to information security and the accompanying feeling of frustrations and stress.
5.1. Rules to follow to maintain the Scheduling tool security framework.
- 5.1.1. The robustness of the project security access must be reinforced by proper assignment of the “Responsible Manager” code.
- 5.1.2. The Users should note that the RMC is in fact the OBS code element directly associated with the EPS.
- 5.1.3. When any Primavera User creates a new project, he/she must make sure that it is assigned the same Responsible Manager as the EPS node it is under.
- 5.1.4. The Lead Planner and/or the Schedule Owner must see to it that this is religiously followed.
- 5.1.5. Example (See Figure 1): If someone copied a project folder from the “PSG” EPS node to the “PE&C TEST” EPS node with the intention of developing new schedule, chances are the PSG contractor or Schedule Owner, will still have access to that particular project schedule being developed unless the Responsible Manager is changed accordingly to reflect PE&C TEST.
- 5.1.6. Controlling the proper assignment of the Responsible Manager code was not being done by a lot of Primavera Users and Administrator and that will always create unwanted access to restricted nodes by some Users in many instances.
- 5.1.7. It is about time that all Users and Database Primavera Administrators are made aware of this.
- 5.1.8. The project therefore should exercise prudence by checking and periodically auditing their Primavera Users to find out if they should really have the access rights to the projects they currently have access to.
- 5.1.9. The responsibility of maintaining the Responsible Manager column basically resides with the projects while the Primavera Database Administrator does regular monitoring. This responsibility is best captured in the company’s standard and procedure/work instruction governing Primavera Security Profiles.
6.1. Help, About Primavera, Project Management (Primavera), V6.1 SP1, V6.1 SP2, V6.7 SP1, V6.7 SP2 and higher
7.1. Presentation called “070613-Managing P6 DB Security using RMC” by Rufran C. Frago, Revision 1, July 3, 2013
8.1. With the project maintaining and updating the Responsible Manager fields through the Lead, Schedule Owner, Supervisors, Database Administrator, and all who can potentially help, we can rest assured that the security setting we’ve set for each User will ultimately work.
8.2. As the saying goes, housekeeping should start in each of our own backyard.
Figure 1Projects grouped by EPS, showing the Responsible Manager column.
About the Author:
Rufran C. Frago is the Founder of PM Solution Pro, a Calgary consulting, product, and training services firm focusing on project and business management solutions. He is passionate providing advice, mentorship, education and training through consultation, collaboration, and what he uniquely calls, student-led training.
BOOKS AUTHORED BY RUFRAN FRAGO
- Risk-based Management in the World of Threats and Opportunities: A Project Controls Perspective.ISBN 978-0-9947608-0-7.Canada
- Plan to Schedule, Schedule to Plan.ISBN 978-0-9947608-2-1.Canada
- How to Create a Good Quality P50 Risk-based Baseline Schedule.ISBN 978-0-9947608-1-4.Canada
- Schedule Quantitative Risk Analysis (Traditional Method).ISBN 978-0-9947608-3-8.Canada