Project Server Security Scenarios – Part 2

Part 1 of this blog can be read here

 

Scenario 3: Bob should access SharePoint Project Site for some Projects (But shouldn’t access Project details in PWA)

 

Bob is a user who’ll only be accessing SharePoint based Project sites to work on Risks, Issues and other SharePoint related stuff in Project Sites. He’ll only be using PWA to access Project Site and won’t be using any other Project Server Feature.

 

Solution 1:

The best way is to add Bob in that Project’s Project Team. If Bob doesn’t have any task assigned to him then he’ll get reader access to that project. If Bob requires Contribute access (so that he can add content to the Project Site), then there must be at least 1 task assigned to him on that Project.

However, under default configuration, Bob will also get Team Member permissions on that Project, which means he’ll be able to see Project Schedule, can create new task assignment etc.

Refer to Solution 2 below, if you want Bob to access Project Sites but you don’t want to allow him anything else to do in PWA.

 

Solution 2:

1) Create a new Category called “Project Site Access”, Add all Projects which you want to give Bob access to. Or Select “All current and future projects in Project Server Database” if you want Bob to access all Projects’ Project Sites.

2) In “Views – Add to Category” section, Assign at least 1 Project Center view to this Category, so that Bob can see the Project Name in Project Center.

Pic4

3) Create a new group called “Project Site Users”, Add Bob to this group, and add your newly created category “Project Site Access” to Selected Categories section.

4) While “Project Site Access” is in selected categories section and it is clicked. You should see Permissions section which is specific for this category. Give the following permissions as per screenshot,

Pic5

5) “Save Project to Project Server” permission is required for Bob to get read-write access. In the absence of this permission, he’ll get Read-only access to the Project Site.

6) “View Project Summary in Project Center” is required for Bob to see the Project in Project Center and he can then click “Project Site” button to access Project Site. In absence of this check box, Bob will need to know the direct URL of the Project Site.

7) “View Project Site” permission is required for read-only access to Project Site. In my tests, giving “Save Project to Project Server” permission without giving “View Project Site” permission was sufficient to give read-write access to Project Site.


Scenario 4: Bob should access Projects with specific value of a Custom Field.

 

Bob need to access all Projects where a Custom field has been set to specific value. (E.g. Where Field “Business Unit” is set to “Infrastructure” OR projects where one of the selected “Strategic Goal” is “Organisational excellence”

 

Solution:

1) Create a new category named “Infrastructure Business Unit Projects” or other name which is appropriate for your scenario.

2) In the Projects Section select “Only the projects indicated” and then add all projects which fulfils your criteria to “Select Projects” side.

3) If a new Project gets created in future which fulfils your criteria, you would need to manually add that Project to this category.

4) Unfortunately, there is no out of the box way to create a dynamic rule, which will automatically select Projects for you as per your custom field value criteria. If you have too many such categories, maintaining them could be very difficult. Your best bet would be to contact a Microsoft EPM Partner company to develop custom solution for you.

5) Create a new group called “Business Unit Managers” (or other appropriate name), Add Bob to this group, and add your newly created category “Infrastructure Business Unit Projects” to Selected Categories section.

6) While “Infrastructure Business Unit Projects” is in selected categories section and it is clicked. You should see Permissions section which is specific for this category. If you want to give Bob the same level of access as of Project Manager then select “Project Manager” in the “Set Permissions with template” Drop down and click apply. You can also give permissions of Admin, team member or any other pre-defined access set.

 

In next part of this blog, I'll talk about the scenario where a PM should only be assigning Generic resources to his Project Plan and actual resources should be assigned by Resource Manager.

2 comments:

Post a Comment