28/جمادى الأولى/1433 01:45 م
I am trying to figure out the best way to do this. I would like to have one Project Server 2010 instance shared by one set of users but two separate sets of workspaces (two separate SharePoint Servers) - one for one security group and one for the other security group.
1 - SharePoint Server A and Project Server
2 - SharePoint Server B
Users with access to SharePoint Server B can interact with schedules on the Project Server but can't see workspaces in SharePoint Server A.
28/جمادى الأولى/1433 01:54 م
If you can share your objective to do this, there can be some good solutions from the community to achieve your objective.
Is it that you want to restrict certain set of users from viewing certain set of project sites?
Abhijeet M. Mohite
28/جمادى الأولى/1433 02:06 م
Yes, exactly. My two groups of users can't see each others' sites but they do see the same schedules and we want the ability to assign both groups of users as one Resource Pool.
28/جمادى الأولى/1433 02:13 م
Is is that you want certain users to
1. be part of projects plans as resources
2. you want them to view project schedules and their tasks but
3. want to restrict them from viewing sites for those projects?
Abhijeet M. Mohite
28/جمادى الأولى/1433 02:36 م
3. Yes - but, not just keeping them from viewing sites but having no ability to get to them at all, ever. We need to keep them separated entirely.
28/جمادى الأولى/1433 03:04 م
My suggestion on above will be as below:
1. Project Server gives you tons of security features to achieve what you are looking for
2. Deploying a new server just to achieve this then it is not required and would not help also
3. You can use combination of Groups and Categories in Project Server to deny set of users from viewing Project Sites
4. Go to Server Settings > Manage Groups and select the group and category to which these users belong or create a new group and category for these users. I would always recommend creating new group and category for these users to who you want to deny permissions
5. Set "View Project Sites permission" category permission as denied for the selected category for the particular group
6. Keep on adding those users to this group and apply this category to who you want to deny access to Project Sites
I would recommend to test this on set of users before you start using this.
Hope this helps you a little.
Abhijeet M. Mohite
28/جمادى الأولى/1433 08:41 م
Not sure if it is a possible option that you mention. Not a typical topology.
Additional alternative to the proposed by Abhijeet Mohite would be:
1) Manage different templates to work sites A and B (through EPTs)
2) Create a feature for projects of type B ti:
- Break permission inheritance
- Assign permissions to a particular group
Requires programming, but it may be a solution.
02/جمادى الثانية/1433 08:41 مالمالك
02/جمادى الثانية/1433 09:43 مYes, they are in the same farm. But, if I had to make them separate I could do that to if need be.
09/جمادى الثانية/1433 06:57 صالمشرف
They would need to be in the same farm.
You could possibly look at turning off the site provisioning automatically and write event handlers to call the provisioning on the relevant site collection and implement the security. It's possible, but a lot of work.
Another option depending on the number of projects you are creating would be to simply manually create the project sites in the relevant site collection and do a manual link back to PWA.
- تم الاقتراح كإجابة بواسطة Christophe FiessingerMicrosoft Employee, Owner 12/جمادى الثانية/1433 04:15 ص
12/جمادى الثانية/1433 01:57 م
We are looking at the option to manually create the project sites. That might be the easiest method when all is said and done.