How to effectively manage Primavera P6 Database by Improving it’s Security through Correct Management of the Responsible Manager Code (RMC)

September 28, 2019

Primavera Scheduling Tips and Tricks 04-13: Improving Primavera Database Security by Managing the Responsible Manager Code (RMC) field

1.0               SITUATION/PROBLEM

1.1 Project’s request to restrict other Users’ access to their project schedules & portfolios failed. Unauthorized access remains a problem. Contractors working concurrently in the same database could sometimes see the client’s schedule and modify specific critical attributes despite the security protocol enforced. Worst of all, someone deleted one schedule entirely, and it must be recovered from the back end by the Database Administrator through the existing backup and recovery protocol.


1.2 Dorothy was checking Marco’s security access because he couldn’t add resources and found that all his projects have the Responsible Manager’s Code set to the Contractor’s OBS code. She figured that Marco might have used the contractor’s original schedule as a starting project file in developing his project schedule.


1.3 In June 2010, Primavera users John and Mark had put together a schedule that sat on the back burner while the Project team worked on other priorities. When it came time to set the baseline, John and Mark did a quick check to ensure nothing had changed. Mark hit the F9 button, and about 80% of the activities moved to the right. The dates shifted by 4 to 20 days.


The two of them checked the calendar they were using, but they were fine. The Primavera database Administrator reviewed who else was using the calendar and the schedule and found that only John and Mark were given direct access to this schedule.


John went back to the schedule and changed some lags and logic, trying to correct the discrepancies. Unfortunately, the effort took more than a day to complete, time which the project manager didn’t have. What has gone wrong?

2.0. RELATED TOOLS

2.1. Project Management (Primavera 6.1 SP1, 6.2, 6.7 SP1, 6.7 SP2, 18, and higher) 

3.0. DEFINITION

3.1. The term “User” in this document is the person using the Primavera scheduling tool.  He can be the planner, the scheduler, the Project Manager or anyone.

3.2. EPS = Enterprise Project Structure.

3.3. OBS = Organizational Business Structure

3.4. RMC=Responsible Manager’s Code

4.0. PROBLEM ANALYSIS (PA)

4.1. The Lead Planner of the project usually has the capability to assign the Responsible Manager code and has the bottom line responsibility of making sure that all the projects has the same code (or corresponding OBS code) as the EPS node it belongs to.

4.2. As the situation described in Section 1.2 underlined, copying the schedule from one EPS node to another will not automatically update nor change the Responsibility Manager setting such that it will correctly inherit the Responsibility Manager code of the header it is now under.  This is the reason why the Contractor who previously owns the original schedule still has access to the copy of his/her schedule which is now located under the new EPS node but has not relinquished the previous Responsible Manager code.

4.3. The problem mentioned in Section 1.3 was brought about by one of the User who has previous access to the original schedule before it was moved to the new EPS Node.  This is similar if not entirely the same situation as the situation in Section 1.2.

4.4. The risk to the schedule and the project as a whole in terms of quality, scope, time and money can be low to high, not to mention the possible threat to information security and the accompanying feeling of frustrations and stress.

Effective P6 Administration seeks to improve database security.

5.0. EXPLANATION/SOLUTION

5.1. Rules to follow to maintain the Scheduling tool security framework.

  • 5.1.1. The robustness of the project security access must be reinforced by proper assignment of the “Responsible Manager” code. 
  • 5.1.2. The Users should note that the RMC is in fact the OBS code element directly associated with the EPS. 
  • 5.1.3. When any Primavera User creates a new project, he/she must make sure that it is assigned the same Responsible Manager as the EPS node it is under.   
  • 5.1.4. The Lead Planner and/or the Schedule Owner must see to it that this is religiously followed. 
  • 5.1.5. Example (See Figure 1): If someone copied a project folder from the “PSG” EPS node to the “PE&C TEST” EPS node with the intention of developing new schedule, chances are the PSG contractor or Schedule Owner, will still have access to that particular project schedule being developed unless the Responsible Manager is changed accordingly to reflect PE&C TEST.   
  • 5.1.6. Controlling the proper assignment of the Responsible Manager code was not being done by a lot of Primavera Users and Administrator and that will always create unwanted access to restricted nodes by some Users in many instances.  
  • 5.1.7. It is about time that all Users and Database Primavera Administrators are made aware of this.
  • 5.1.8. The project therefore should exercise prudence by checking and periodically auditing their Primavera Users to find out if they should really have the access rights to the projects they currently have access to.  
  • 5.1.9. The responsibility of maintaining the Responsible Manager column basically resides with the projects while the Primavera Database Administrator does regular monitoring.  This responsibility is best captured in the company’s standard and procedure/work instruction governing Primavera Security Profiles.

6.0. REFERENCES

6.1. Help, About Primavera, Project Management (Primavera), V6.1 SP1, V6.1 SP2, V6.7 SP1, V6.7 SP2 and higher

7.0. ADDITIONAL READING MATERIALS

7.1. Presentation called “070613-Managing P6 DB Security using RMC” by Rufran C. Frago, Revision 1, July 3, 2013

8.0. FOOD FOR THOUGHT

8.1. With the project maintaining and updating the Responsible Manager fields through the Lead, Schedule Owner, Supervisors, Database Administrator, and all who can potentially help, we can rest assured that the security setting we’ve set for each User will ultimately  work.

8.2. As the saying goes, housekeeping should start in each of our own backyard.

9.0. ILLUSTRATION

Figure 1

Projects grouped by EPS, showing the Responsible Manager column.

About the Author

Rufran C. Frago is the Founder of PM Solution Pro, a Calgary consultingproduct, and training services firm focusing on project and business management solutions. He is passionate about providing advice, mentorship, education and training through consultation, collaboration, and what he uniquely calls, student-led training.

Our website: www.pmsolutionpro.com

BOOKS AUTHORED BY RUFRAN FRAGO

  1. Risk-based Management in the World of Threats and Opportunities: A Project Controls Perspective.ISBN 978-0-9947608-0-7.Canada
  2. Plan to Schedule, Schedule to Plan.ISBN 978-0-9947608-2-1.Canada
  3. How to Create a Good Quality P50 Risk-based Baseline Schedule.ISBN 978-0-9947608-1-4.Canada
  4. Schedule Quantitative Risk Analysis (Traditional Method).ISBN 978-0-9947608-3-8.Canada
  5. RISK, What are you? The Risk Manager’s Poem: Children’s Book for all Professionals.ISBN 978-0-9947608-4-5 (Canada)

OTHER BOOK AUTHORED BY RUFRAN

  1. Grace, The Guardian Angel.ISBN 978-0-9947608-5-2.Canada
No alt text provided for this image
Book Cover arts by Kathako.com