You are on page 1of 16

P6 Professional Security Guide

December 2011

databases. use. Oracle USA. and other intellectual and industrial property laws. modification. and related documentation and technical data delivered to U. to the extent applicable. Inc. electronic or mechanical. Oracle and Java are registered trademarks of Oracle and/or its affiliates. This document is not warranted to be error-free. review the certification matrix on the My Oracle Support Web site for the most up-to-date list of certified hardware platforms and operating system versions. Other names may be trademarks of their respective owners.Restricted Rights (June 1987). because new platforms and operating system software versions might be certified after this document is published. The information contained in this document is subject to change without notice. or decompilation of the Programs. The platform-specific hardware and software requirements included in this document were current when this document was published. the following notice is applicable: U. The My Oracle Support Web site is available at the following URL: http://support. shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. the additional rights set forth in FAR 52. disclosure. for any purpose. If you find any problems in the documentation.oracle.Copyright Oracle Primavera P6 Professional Security Guide Copyright © 1999. patent. 500 Oracle Parkway. As such. Except as may be expressly permitted in your license agreement for these Programs. Oracle and/or its affiliates. CA 94065. Reverse engineering. no part of these Programs may be reproduced or transmitted in any form or by any means. including documentation and technical data. except to the extent required to obtain interoperability with other independently created software or as specified by law.227-19. software. The Programs (which include both the software and documentation) contain proprietary information. 2 . please report them to us in writing. and adaptation of the Programs. However. GOVERNMENT RIGHTS Programs.S. they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. 2011. duplication..S. All rights reserved. and. Commercial Computer Software -. Redwood City. disassembly.com/ If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government. is prohibited.

third-party Web sites. or (b) fulfilling any of the terms of the agreement with the third party. and we disclaim liability for any damages caused by such use of the Programs. including delivery of products or services and warranty obligations related to purchased products or services. To view the list of third party technology disclosures related to this product. or any content provided on. or other inherently dangerous applications. You bear all risks associated with the use of such content. mass transit. backup. The Programs may provide links to Web sites and access to content. If you choose to purchase any products or services from a third party. please see the Commercial Notices and Disclosures document for the release. medical. redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party. Oracle is not responsible for: (a) the quality of third-party products or services. the relationship is directly between you and the third party. Oracle is not responsible for the availability of. It shall be the licensee's responsibility to take all appropriate fail-safe. and services from third parties. aviation. products. 3 .Copyright The Programs are not intended for use in any nuclear.

.

............................................................................ 9 P6 Professional Security Guide .............................................. 15 Reliability for P6 Professional .................................................................................... 13 Authentication Options for P6 Professional ........ 11 Administrative Privileges Needed for Installation and Operation .... 2 Preface ............ 11 Security Guidance Overview............................................................................... 9 Where to Get Support ............ 15 Additional Sources for Security Guidance...... 15 5 ............................................................................................. 12 Minimum Client Permissions Needed for P6 Professional ...................................................................................................................................................................................................... 11 Safe Deployment of P6 Professional ........................................................................... 14 Confidentiality for P6 Professional ................. 12 Physical Security Requirements for P6 Professional .............................................................................................................................. 7 Where To Get Training ............................................................ 14 Sensitive Data for P6 Professional ......... 13 Authorization for P6 Professional .............Contents Copyright ....................................................................................... 7 Where to Get Documentation .................................................................................................

.

...... it also provides an overview of all the components in the P6 Professional solution............................... servers..... located in the \Documentation\Documentation_library\language folder of the P6 Professional physical media or download... 9 Where to Get Support ................ Title Description What's New in P6 Professional Highlights the new and enhanced features included in this release........ more technical documents are available on the media pack and OTN site..... including setting up security and configuring global preferences.... administering..htm....... You can also use the P6 Professional Cumulative Feature Overview Tool to identify the features that have been added since a specific release level. 11 Where to Get Documentation For the most up-to-date versions of all manuals and technical documents related to installing.com/docs/cd/E26697_01/index.......oracle.........................................................Preface In This Section Where to Get Documentation............... 9 P6 Professional Security Guide . The P6 Professional network administrator/database administrator should read this guide..................... The guide describes the procedures required to administer P6 Professional................... and components............... You can also access the versions of the product manuals and technical documents that were available at the time of the release from the P6 Professional Documentation Center... P6 Professional Administrator’s Guide 7 ............ P6 Professional roles are described in the P6 Professional Administrator's Guide..................... but are not listed below......................................... go to: http://download........... 7 Where To Get Training ... and using P6 Professional.................. and identifies recommended readers by role.. All users should read this guide............... Other.... Explains how to set up the P6 Professional database................... The following table lists the core documents available for the release.......

project manager. and manage projects in a multiuser environment. set up. and team leader should read this Help. If you are new to P6 Professional. resource/cost manager. The program manager. The P6 Professional administrator. program manager. Timescaled Logic Diagrams condense the project schedule displayed in the Gantt Chart into a more readable. use this Help to learn how to use the software effectively to plan and manage projects. P6 Professional User's Guide Primavera Timescaled Logic Diagram Help 8 . This guide explains how to plan. and manage Timescaled Logic Diagrams. and Configuration Guide P6 Professional Help Explains how to use P6 Professional to plan.P6 Professional Security Guide Title Description Tested Configurations Lists the configurations that have been tested and verified to work with P6 Professional. easier to understand format that provides a snapshot of the entire project plan and the chains of activities that drive the project schedule. project manager. modify. refer to the P6 Professional Help. Describes how to create. P6 Professional Explains how to install and configure P6 Professional as a Standalone Installation standalone application. and manage projects in a multiuser environment. set up. resource/cost manager. and team leader should read this guide. When you need more detail. start with this guide to learn how to use the software effectively to plan and manage projects. If you are new to P6 Professional. The network administrator/database administrator and P6 Professional administrator should read this document.

com This page provides the latest information on contacting Oracle Global Customer Support. which is available in local drive\Program Files\Oracle\Primavera P6 Professional\PMSDK\Doc\ by default. This guide provides best practices for migrating your P3 data to P6 Professional. Each team member can then view or print those portions that specifically relate to his or her role in the organization. such as creating a new project or assigning a resource to a project activity. Describes the tables. Where To Get Training To access comprehensive training for all Primavera products. and the support renewals process. 9 . the Security Guidance icon helps you to quickly identify security-related content to consider during the installation and configuration process. knowledge articles. and stored procedures that you can access through the P6 Professional SDK. Throughout this documentation. go to: http://support. Provides examples that show how you can use the P6 Professional SDK to perform several basic tasks.chm file to open the help file. Double-click the p6_pro_sdk. go to: http://education.oracle. The P6 Professional network administrator/database administrator should read this documentation. and details how P3 functionality maps to P6 Professional functionality.com Where to Get Support If you have a question about using Oracle products that you or your network administrator cannot resolve with information in the documentation or help. P3 to P6 Professional Migration Guide Distributing Information to the Team You can copy the online documentation to a network drive for access by project participants.oracle. fields.Preface Title Description P6 Professional SDK Help Describes how to use the P6 Professional SDK to connect to the P6 Professional database.

oracle. 10 .com/us/support/contact-068555. visit http://www.com/us/corporate/accessibility/support/index. For information.P6 Professional Security Guide Access to Oracle Support Oracle customers have access to electronic support through My Oracle Support.oracle.html or visit http://www.html if you are hearing impaired.

you might need to create a highly secure environment for all P6 Professional applications. Areas covered include: safe deployment. Safe Deployment of P6 Professional 11 . Oracle recommends you harden your environment. authorization. and cookies usage. Tips As with any software product. confidentiality. sensitive data. the Security Guidance icon helps you to quickly identify security-related content to consider during the installation and configuration process. authentication options. Once you begin the installation and configuration of your P6 Professional environment.  Read through the summary of considerations for P6 Professional included in this document. See Additional Sources for Security Guidance (on page 15) for links to information that can help you get started. be aware that security changes made for third party applications might affect P6 Professional applications.P6 Professional Security Guide The P6 Professional Security Guide provides guidelines on creating an overall secure environment for P6 Professional. several options are available that impact security. It summarizes security options to consider for each installation and configuration process and details additional security steps that you can perform before and after P6 Professional implementation. Depending on your organization's needs. Use the following guidelines to plan your security strategy for P6 Professional:  Review all security documentation for applications and hardware components that interact or integrate with P6 Professional. reliability. use the Security Guidance icon as a reminder to carefully consider all security options.  Throughout this documentation. Security Guidance Overview During the installation and configuration process for P6 Professional.

dll dbxadapter30.P6 Professional Security Guide To ensure overall safe deployment of P6 Professional.dll dbexpsda30. Instead.dll dbexpoda40.) Read&Execute/Read/Write permission to access the ini file.2: Files within Window Folders:  local drive\Program Files\Oracle\Primavera P6\P6 Professional (for a 64 bit OS the path is local drive\Program Files (x86).. local drive\Program Files\Oracle\Primavera P6\P6 Professional\Java\ (for a 64 bit OS the path is local drive\Program Files (x86).cmd PrimaveraAdminConfig.dll dbexpint.) dbexpsda40. The following is a summary of the minimum system requirements needed to access and run components of P6 Professional R8. follow the P6 Professional-specific guidance below.xml file: 12 .dll (only needed when using Compression Server) Read&Execute/Read permission to access files needed to run P6 Professional applications and to create and modify database alias connections..dll (only needed when using Compression Server) dbexpsda. you can grant minimum permissions to create a more secure environment.. the following are the default installation locations for the PrmBootStrap. which is required to log into P6 Professional applications.exe For your reference. In addition to the documentation included with other applications and hardware components. Administrative Privileges Needed for Installation and Operation As the P6 Professional Administrator.dll dbexpoda30... configure. Minimum Client Permissions Needed for P6 Professional Users do not have to be administrators on their machines to run P6 Professional.. that are required for and interact with P6 Professional. and operate P6 Professional.) dbconfig. you should determine the minimum administrative privileges or permissions needed to install.ini (for a 64 bit OS the path is local drive\Program Files (x86). such as database servers and client computers.dll DbExpPrC. local drive\Program Files\Oracle\Primavera P6\P6 Professional\pm. you should carefully plan security for all components.

the PrmBootStrap. Log output files Read&Execute/Read/Write to create and write output files. Authentication Options for P6 Professional 13 . Application Server Administrators.Authentication Options for P6 Professional Windows XP: \%USERPROFILE%\Local Settings\Application Data\Oracle\Primavera P6\P6 Professional Windows Vista and 7: \%LOCALAPPDATA%\Oracle\Primavera P6\P6 Professional During installation. depending on your operating system. The files will never be modified during use of P6 Professional. Only authorized administrators for the systems hosting P6 Professional should have physical access to those systems. so they can be copied to the current user location (USERPROFILE or LOCALAPPDATA) if you need to revert P6 Professional back to its original state (for example.xml file is also copied to one of the locations below.  You should install P6 Professional components in controlled access facilities to prevent unauthorized access. the key is opened in Read/Write/Delete mode. Registry Keys:  HKEY_LOCAL_MACHINE\Software\Primavera READ Note: For the Update Baseline and Schedule Comparison/Claim Digger tools. configure. Consider the following when planning your physical security strategy:  You should install. Windows XP: \%ALLUSERSPROFILE%\Application Data\Oracle\Primavera P6\P6 Professional Windows Vista and 7: \%PROGRAMDATA%\Oracle\Primavera P6\P6 Professional  Output directory for File > Export. and Database Administrators.  You should use Administrator access to client machines only when you install and configure P6 Professional modules. Physical Security Requirements for P6 Professional You should physically secure all hardware hosting P6 Professional to maintain a safe implementation environment. Such administrators include the Operating System Administrators. and maintain your environment according to guidance in all applicable Administrator's Guides for P6 Professional. manage. if files become corrupted).

 Assign OBS elements to EPS and WBS nodes to limit access to projects. P6 Professional offers the following authentication modes:  Native is the default mode for P6 Professional. You can also configure multiple LDAP servers. In addition to the documentation included with other applications and hardware components. In Native mode. follow the P6 Professional-specific guidance below. Authorization for P6 Professional Grant authorization carefully to all appropriate P6 Professional users. If you use LDAP authentication. Assign the Admin Superuser account sparingly.  Lightweight Directory Access Protocol (LDAP) authenticates users through a directory and is available for all P6 Professional applications. LDAP referrals allow authentication to extend to another domain. 14 . the P6 Professional database acts as the authority and the application handles the authentication of the user who is logging into that application. an LDAP directory server database confirms the user's identity when they attempt to login to a P6 Professional application.  For data at rest. refer to the documentation included with the database server for instructions on securing the database. which supports failover and enables you to search for users in multiple LDAP stores. To help you with security planning.  Assign resource access limitations to each user. In LDAP mode.  For data in transit. Confidentiality for P6 Professional  Confidentiality ensures only authorized users see stored and transmitted information. P6 Professional supports LDAP referrals with Oracle Internet Directory and Microsoft Windows Active Directory. LDAP will help you to create the most secure authentication environment available in P6 Professional. consider the following authorization-related options:  Use Global profiles to limit privileges to global data. Assign the Project Superuser account sparingly.  Use Project profiles to limit privileges to project data. ensure you use LDAPS to connect to the directory server. use SSL/TLS to protect network connections among modules.P6 Professional Security Guide Authentication determines the identity of users before granting access to P6 Professional modules.

oracle.  Replacing the default Admin Superuser (admin) immediately after a manual database installation or an upgrade from P6 version 7.htm 15 .0 and earlier. Additional Sources for Security Guidance You should properly secure the databases.  Protecting access to configuration files with physical and file system security.  Implement security measures for applications that interact with P6 Professional. and OBS access to limit access to data.Sensitive Data for P6 Professional Sensitive Data for P6 Professional  Protect sensitive data in P6 Professional. and e-mail addresses.  Documenting the configuration settings used for servers and create a process for changing them. use a combination of Global Profiles. Reliability for P6 Professional Protect against attacks that could deny a service by:  Installing the latest security patches.102/b14266/toc. You might find the links below helpful when planning your security strategy (not a comprehensive list). such as user names.  Ensuring log settings meet the operational needs of the server environment. passwords.com/docs/cd/B19306_01/network. Use the process below to help during your security planning:  Implement security measures in P6 Professional to carefully grant users access to sensitive data. Note: The URLs below might have changed after Oracle published this guide. For example. Do not use "Debug" log level in production environments. and servers you use for your P6 Professional. as detailed in the documentation included with those applications. Oracle Database http://download. platforms. Project Profiles.

microsoft.com/downloads/details.10).aspx Microsoft Windows 2008 Server http://technet.microsoft.microsoft.aspx Microsoft Windows 2003 Server http://www.aspx?familyid=8A2643C1-0685-4D89-B655 -521EA6C7B4DB&displaylang=en 16 .microsoft.com/sqlserver/2008/en/us/Security.com/en-us/library/dd548350(WS.P6 Professional Security Guide Microsoft SQL Server 2005 Database http://www.com/sqlserver/2005/en/us/security.aspx Microsoft SQL Server 2008 Database http://www.