Field Level Security
The API user that you have created for your Mosaic integration will have access to any of your data that meets the following criteria:
- Deltek has made the data available through their public API
- You are able see the data in your web application when logged in with the Mosaic API user
You can use Deltek Vantagepoint's "design mode" to make fields inaccessible to the Mosaic API user- if you can't see it when you're logged into the Mosaic API user, it can't be accessed through the API.
Removing a field from the Mosaic API user's access
- To get into the Design Mode, go the hub’s “Other Actions” menu item and click on “Design”
- Find the Hub > Tab > Field, and click on the field name (e.g.,
Social Security Number
). - Within the Field Properties tab to the right, click on the search under the Field Security field.
- Within the Field Security Rights window you can then pick the Role(s) and apply the following field access settings:
- Secured: When you secure a field or element, the data for the field stays on the Vantagepoint server and is not pushed to the users' computers. A secured field is automatically hidden and locked. You cannot display or unlock it. You cannot secure divider lines, labels (on-screen text), or workflow buttons. Examples of fields that you may want to secure are the Social Security Number and Pay Rate fields in the Employees hub. The field value will not be passed through the API.
- Hidden: When you hide a field or element, it is not visible in Vantagepoint. You cannot secure hidden fields, but a secured field is automatically hidden. Searches located in other applications for a hidden field are also hidden. The field value will not be passed through the API.
- Displayed: When you display a field or element, it is visible in Vantagepoint. You can lock or unlock a displayed field. The field value will be passed through the API.
- Locked: When a field or element is locked, users with the role can see the field but not make entries in it. The field value cannot be modified through the API.
- Unlocked: When a field or element is unlocked, users with the role can see the field and make entries in it. The field value can be modified through the API.
Best Practices
Mosaic recommends removing the following fields from the Mosaic API user's access:
- Employee Address
- Employee SSN
- Sensitive client information
Updated 11 months ago