We have a business case where HR team does not want Cost Rate of Resources() to be visible to admin . In worse case if they view the same there should be an audit history available for same . They want this to be edited/viewed only by HR . Only way we can control this is access grant which is again controlled by admin.
Do we have nay control mechanism/best practice available to control Cost Rate access? Any help on this will be highly appreciated .
I don't believe there is a better way than pulling the access priviledges. We limit rate visibility too all users except admins and PMO Finance - the other security groups do not have that access right.
In addition, if you use rates you may want to pull the 'View project, program and time sheet cost data' access right. If you don't users could potentially see the timesheet and do some simple division to get the rate. This prevents them from seeing the timesheet line cost and the 'costing view' in the WBS. In reality if they really wanted to spend the time there are multiple ways to reverse engineer the rate so we just make it as difficult as possible. If they are going to that much trouble then we have an ethics issue on our hand.
PPM does have a 'last update by' field on cost rules (not visible but in the DB), but I don't know of any 'last viewed by' option.
We also limit the access to the cost rates, but as Cat said there is basically to many places where you can see the hours and total cost that a certain resource have reported, making "reverse engineering" simple.
We therefore usually avoid too detailed cost rules, and stick to generalisations.