Project Server Security Scenarios – Part 3

Part 2 of this blog can be read here


Scenario 5: PM to only add Generic resources to their Project Team whereas Resources Managers should be adding specific resources.


Bob the PM Should not directly be assigning actual people to its Project. Instead, he should be assigning Generic Resources. A resource manager can later add specific resources. Once specific resources are added, PM should be able to assign tasks to those specific resources as well.



1) PMs by default have permission to assign any resource. To remove this permission, Go to Server Settings -> Manage Groups,

Project Server Security Scenarios – Part 2

Part 1 of this blog can be read here


Scenario 3: Bob should access SharePoint Project Site for some Projects (But shouldn’t access Project details in PWA)


Bob is a user who’ll only be accessing SharePoint based Project sites to work on Risks, Issues and other SharePoint related stuff in Project Sites. He’ll only be using PWA to access Project Site and won’t be using any other Project Server Feature.


Solution 1:

The best way is to add Bob in that Project’s Project Team. If Bob doesn’t have any task assigned to him then he’ll get reader access to that project. If Bob requires Contribute access (so that he can add content to the Project Site), then there must be at least 1 task assigned to him on that Project.

However, under default configuration, Bob will also get Team Member permissions on that Project, which means he’ll be able to see Project Schedule, can create new task assignment etc.

Refer to Solution 2 below, if you want Bob to access Project Sites but you don’t want to allow him anything else to do in PWA.

Project Server Security Scenarios – Part 1

In this blog series, I’ll talk about implementing some specific security requirements in Microsoft Project Server 2010 / 2013. I’ll assume that you already have some basic idea about Groups, Categories & Permissions but if that’s not the case, you can learn about Project Server 2010 Security Model (also applicable on Project Server 2013) through this excellent article by Ben Howard

Project Server 2013 also offers a new permission mode known as SharePoint permission mode. As the name suggests, it is managed via SharePoint 2013 permissions model. It is a simplified model which can quickly be implemented, but it is not possible to implement the scenarios I am going to cover in this blog and hence the rest of the blog will only talk about classic Project Server permissions mode.

Scenario 1: Bob should access all Projects managed by his Department
By “Project managed by his department”, I mean the projects where the Project Manager belongs to Bob’s department. We don’t want to give access to Bob on the projects where his resources are working as a team member but not managing the projects.