Friday, April 20, 2012 1:45 PM
I am trying to figure out the best way to do this. I would like to have one Project Server 2010 instance shared by one set of users but two separate sets of workspaces (two separate SharePoint Servers) - one for one security group and one for the other security group.
1 - SharePoint Server A and Project Server
2 - SharePoint Server B
Users with access to SharePoint Server B can interact with schedules on the Project Server but can't see workspaces in SharePoint Server A.
Friday, April 20, 2012 1:54 PM
If you can share your objective to do this, there can be some good solutions from the community to achieve your objective.
Is it that you want to restrict certain set of users from viewing certain set of project sites?
Abhijeet M. Mohite
Friday, April 20, 2012 2:06 PM
Yes, exactly. My two groups of users can't see each others' sites but they do see the same schedules and we want the ability to assign both groups of users as one Resource Pool.
Friday, April 20, 2012 2:13 PM
Is is that you want certain users to
1. be part of projects plans as resources
2. you want them to view project schedules and their tasks but
3. want to restrict them from viewing sites for those projects?
Abhijeet M. Mohite
Friday, April 20, 2012 2:36 PM
3. Yes - but, not just keeping them from viewing sites but having no ability to get to them at all, ever. We need to keep them separated entirely.
Friday, April 20, 2012 3:04 PM
My suggestion on above will be as below:
1. Project Server gives you tons of security features to achieve what you are looking for
2. Deploying a new server just to achieve this then it is not required and would not help also
3. You can use combination of Groups and Categories in Project Server to deny set of users from viewing Project Sites
4. Go to Server Settings > Manage Groups and select the group and category to which these users belong or create a new group and category for these users. I would always recommend creating new group and category for these users to who you want to deny permissions
5. Set "View Project Sites permission" category permission as denied for the selected category for the particular group
6. Keep on adding those users to this group and apply this category to who you want to deny access to Project Sites
I would recommend to test this on set of users before you start using this.
Hope this helps you a little.
Abhijeet M. Mohite
Friday, April 20, 2012 8:41 PM
Not sure if it is a possible option that you mention. Not a typical topology.
Additional alternative to the proposed by Abhijeet Mohite would be:
1) Manage different templates to work sites A and B (through EPTs)
2) Create a feature for projects of type B ti:
- Break permission inheritance
- Assign permissions to a particular group
Requires programming, but it may be a solution.
Monday, April 23, 2012 8:41 PMOwner
Monday, April 23, 2012 9:43 PMYes, they are in the same farm. But, if I had to make them separate I could do that to if need be.
Monday, April 30, 2012 6:57 AMModerator
They would need to be in the same farm.
You could possibly look at turning off the site provisioning automatically and write event handlers to call the provisioning on the relevant site collection and implement the security. It's possible, but a lot of work.
Another option depending on the number of projects you are creating would be to simply manually create the project sites in the relevant site collection and do a manual link back to PWA.
- Proposed As Answer by Christophe FiessingerMicrosoft Employee, Owner Thursday, May 03, 2012 4:15 AM
Thursday, May 03, 2012 1:57 PM
We are looking at the option to manually create the project sites. That might be the easiest method when all is said and done.