Integration Guides

Field Level Security

The API user that you have created for your Mosaic integration will have access to any of your data that meets the following criteria:

  • Deltek has made the data available through their public API
  • You are able see the data in your web application when logged in with the Mosaic API user

You can use Deltek Vantagepoint's "design mode" to control which fields are accessible to the Mosaic API user — if you can't see it when you're logged into the Mosaic API user, it can't be accessed through the API.

Ensuring the Mosaic API User Can Access Required Fields

By default, some Vantagepoint fields used by the Mosaic integration may be hidden or secured for your API user's role. If these fields are not at least Displayed, Mosaic will not be able to read them through the API, and the corresponding data will not sync.

This is especially important for Project Fee fields under Contract Management. If the Mosaic API user cannot see fee fields like Direct Labor, Mosaic will sync a fee of $0.

Fields to Verify

Ensure the Mosaic API user's role has at least Displayed (and Locked is fine) access to the following fields in the Projects Hub > Contract Management view:

FieldWhy It Matters
Direct Labor Fee (FeeDirLab)Required for the default fee source. Without this, project and phase fees will not sync
Direct Expenses (FeeExp)Required if your fee source includes expenses
Direct Consultants (ConsultFee)Required if your fee source includes consultant fees
Reimbursable Expenses (ReimbAllowExp)Required if your fee source includes reimbursable expenses
Reimbursable Consultants (ReimbAllowCons)Required if your fee source includes reimbursable consultants
Fee (Fee)Used by several fee source options (Direct Labor + Expense, etc.)
📘

You only need to enable the fields that match your chosen Fee Source in your Mosaic integration settings. For example, if you use "Direct Labor Fee" only, you just need FeeDirLab to be Displayed.

How to Enable Field Access

  1. Log in to Vantagepoint as an administrator.

  2. Navigate to Hubs > Projects > Contract Management.

  1. Click the Other Actions button (top-right) and select Design to enter Design Mode.
  1. In Design Mode, locate the fee field you need to enable (e.g., Direct Labor) under the Compensation section and click on the field name.
  1. In the Field Properties panel on the right, click on Roles Selected under the Field Security section.
  2. In the Field Security Rights window:
    • Find the role assigned to your Mosaic API user
    • Set the field to Displayed and Locked

  1. Click Save to apply the changes.

  2. Repeat steps 4-7 for each fee field your integration requires.

  3. Exit Design Mode by clicking Other Actions > Design again.

⚠️

After changing Field Level Security, run a test sync in Mosaic to confirm that fees are now coming through. If fees still show as $0, verify that the correct fee fields are Displayed for the Mosaic API user's role — not just for your own admin role.

Removing a Field from the Mosaic API User's Access

  1. To get into the Design Mode, go the hub's "Other Actions" menu item and click on "Design"
  1. Find the Hub > Tab > Field, and click on the field name (e.g., Social Security Number).
  2. Within the Field Properties tab to the right, click on the Roles Selected search under the Field Security field.
  1. Within the Field Security Rights window you can then pick the Role(s) and apply the following field access settings:
  • Secured: When you secure a field or element, the data for the field stays on the Vantagepoint server and is not pushed to the users' computers. A secured field is automatically hidden and locked. You cannot display or unlock it. You cannot secure divider lines, labels (on-screen text), or workflow buttons. Examples of fields that you may want to secure are the Social Security Number and Pay Rate fields in the Employees hub. The field value will not be passed through the API.
  • Hidden: When you hide a field or element, it is not visible in Vantagepoint. You cannot secure hidden fields, but a secured field is automatically hidden. Searches located in other applications for a hidden field are also hidden. The field value will not be passed through the API.
  • Displayed: When you display a field or element, it is visible in Vantagepoint. You can lock or unlock a displayed field. The field value will be passed through the API.
  • Locked: When a field or element is locked, users with the role can see the field but not make entries in it. The field value cannot be modified through the API.
  • Unlocked: When a field or element is unlocked, users with the role can see the field and make entries in it. The field value can be modified through the API.

Best Practices

Enabling Access to Required Fields

At a minimum, the Mosaic API user should have Displayed access to:

  • All fee-related fields under Contract Management (see table above)
  • Employee name, email, and status fields under the Employees hub
  • Project dates, status, and billing configuration fields under the Projects hub

Restricting Access to Sensitive Fields

Mosaic recommends removing the following fields from the Mosaic API user's access:

  • Employee Address
  • Employee SSN
  • Sensitive client information

Updated about 2 months ago