Security Area of Configuration

Use the Security area in the Configuration workspace to implement policies governing passwords and to define security roles and specify each role's levels of access.


Field Description
Password Policy Use these fields to specify how you want Deltek CRM to manage the use of passwords.
PASSWORD STRENGTH Click this field and select the level of "strength" (effectiveness in resisting theft) that you want to require:
  • Weak (no requirements): Users determine the types of characters they use in their passwords.
  • Medium (digit required): Passwords must contain at least one numeric character.
  • Strong (digit & special character required): Passwords must contain at least one numeric character and one special character.
MIN LENGTH Enter the minimum number of characters a password can contain.
EXPIRATION Click in this field and select the maximum length of time a user can use the same password without replacing it: Never (no maximum limit), 30 days, 90 days, 6 months, or 1 year.
Restrict Password Reuse To control how long a user must wait before he or she can reuse an old password, select this check box and enter the number of days in the associated field.
LOGIN LOCKOUT Enter the number of consecutive invalid login attempts after which the user ID will be locked out of Deltek CRM.


Field Description
Security Roles Use this grid to define security roles and specify each role's levels of access to opportunity, client, and contact records.
NAME Enter a name or short description of the role.

Important: Once you leave this field, the name is saved and cannot be changed. If you want to change the name of a role, delete it and add it again with the correct name.

OBJECT ACCESS Click in this column to display a drop-down for defining the role's access.
OBJECT ACCESS: Record types If you want those assigned the role to have access to opportunity, client, and contact information, select All.

If you do not want those assigned the role to have access to all three types of records, select the check boxes for the types of records you want them to have access to.

If a role has no access to a record type, the icon for accessing the corresponding Deltek CRM area is not displayed for those users. In addition, they cannot display the related report in the Reporting area.

A role's access to the Opportunities area determines its access to the Dashboard area. If a role does not have access to the Opportunities area, it also does not have access to the Dashboard area.

OBJECT ACCESS: RIGHTS Click this column for a selected record type, and select the set of actions they can carry out for that type of record:
  • Read: Display records but not add, change, or delete them.
  • Modify: Display and change records but not add or delete them.
  • Add: Display, change, and add records but not delete them.
  • Full: Display, add, change, and delete records.

Options that a user has no rights to use are hidden from that user. For example, if a user has only Read access to opportunities, the + Add Opportunity link and the (Edit Opportunity) and (Close Opportunity) icons are not displayed.

OBJECT ACCESS: RECORDS If the role has any access to the selected record type, click this field, and select which records of that type users can view, change, or delete:
  • All: All records of that type.
  • Associated With User: Only records with which the user is associated.
  • User's Organization: Only records associated with the organization to which the user is assigned. This option is only available for defining access to opportunities, and it is only available if you have set up organizations in the General area of the Configuration workspace.
  • Custom: Only records associated with one or more of a selected list of organizations. This option is only available for defining access to opportunities, and it is only available if you have set up organizations in the General area of the Configuration workspace. When you select Custom, the Organization dialog box displays so you can select the organizations. In that dialog box, click each of the organizations for which the role will have access to opportunities. Click Select when you have selected all of the organizations for the role.

This access setting does not apply to adding records. If a role has the necessary access to add records, those users can add them without being restricted by this setting.

OBJECT ACCESS: If you select Custom in RECORDS for opportunities for a role, click if you later want to review or edit the list of selected organizations for which the role has access to opportunities.

In the Organizations dialog box, click Add Organization below the grid to add another organization. Click in the grid row to delete a previously selected organization.

CONFIGURATION If you want those assigned the role to have access to all of the areas in the Configuration workspace, select this check box.

Granting this access means that users assigned this role have complete access to the Configuration workspace, including the ability to display, add, and change companies, security roles, employee information (including user names and passwords), and custom fields.

To delete a security role that you no longer want to use, hover over the row and click this icon.

If the security role is assigned to employees, you must remove or change those assignments before you can delete the role.

+ Add Role To add a new role, click + Add Role below the Security Roles grid to display a blank grid row for entering role information.