1 iunie 2012 21:08
We are adjusting the permissions for our Project Server environment to allow for more security around confidential projects and project sites...
In the adjusting/researching/testing of settings, I've noticed that adding "Save Project to Project Server" option to a security category of a group grants that entire group 'Project Manager' access to all Project Sites under PWA.
This makes NO sense to me... Can someone explain why it does this, and if there is a way around it?
We of course want this group to have the ability to save projects to project server, but we don't want them to have access to all the sites. Only the sites of projects that they are specifically given permissions to.
Thanks in advance!
1 iunie 2012 21:16ModeratorKlint --The default permissions in Project Server 2010 only allow a project manager to access the Project Sites that go with his/her published projects. You find those permissions by opening the Project Managers group for editing and then selecting the My Projects category. Hope this helps.
1 iunie 2012 21:20
Thanks for the reply!
This is how I would have imagined it is supposed to work. Perhaps something is not right in our environment.
As soon as I select "Save Project to Project Server" under the "My Projects" category, it adds the entire group to ALL project sites in the collection. It doesn't add them to projects they don't have access to, but every single Project Site, whether they have access to the project itself or not.
3 iunie 2012 01:32ModeratorKlint --What you are describing indicates that someone has changed the default permissions in either the Project Managers group, or in the My Projects and/or My Organization categories. Without knowing what changes were made, it would be difficult to tell you how to troubleshoot this. Were you the person who made those changes? If so, what did you change? If not, who did it and what did they change? Let us know and we will try to help.
4 iunie 2012 16:47
I am the only user changing setting in PWA and I have not made any changes outside of the settings in the security categories inside of the group settings.
However, I am not the only user with admin access to the environment, so IF someone else did change something (which they shouldn't be) where would you suggest I check for changes that would cause this behavior?
4 iunie 2012 21:21ModeratorKlint --OK, here is what you will need to do:1. Log into PWA with Administrator permissions.2. Click Server Settings > Manage Categories.3. Click the My Projects category to open it for editing.4. Scroll to the Projects section.5. Make sure the Only the Projects Indicated option is selected, and not the All Current and Future Projects... option.6. Make sure only the following checkbox option is selected (deselect any others in that section, as needed):The User is the Project Owner or the User is the Status Manager on assignments within that Project7. Click the Save button.8. Click Server Settings > Manage Groups.9. Click the Project Managers group to open the group for editing.Scroll down to the Categories section. You should see ONLY TWO categories in the list on the right: the My Organization category and the My Projects category. If you see any other Categories listed on the right, DELETE them.10. Select the My Organization category.11. In the Permissions for My Organization data grid, make sure that ONLY the following option checkboxes are selected (deselect any others in that section, as needed):Create Object LinksManage Resource PlanAssign ResourceView Enterprise Resource DataView Resource Assignments in Assignment ViewsMy suspicion is that you or someone else selected the View Project Site permission, plus maybe others as well. That should NOT be selected.12. In the Categories section, click the My Projects category.13. In the Project section of the Permissions for My Projects data grid, make sure all permissions are selected EXCEPT for the Manage Resource Plan permission.14. In the Resource section of the Permissions for My Projects data grid, make sure that only the following permissions are selected (deselect any others in that section, as needed):View Enterprise Resource DataView Resource Assignments in Assignment Views15. Click the Save button.To confirm that the system is working correctly, have one of your PMs create and publish a test project and to create a Project Site when he/she does the initial publishing operation. Then check to see if his/her fellow PMs can see the project in the Project Center. They should not be able to see the project in the Project Center, which means they do not have permission to access the Project Site for that project as well. Hope this helps.
- Marcat ca răspuns de Klint A 4 iunie 2012 23:18
4 iunie 2012 23:30
Thank you very much for that write-up!
I've made the adjustments you've recommended and my sandbox environment is so far working exactly as we are hoping for!
We will be doing more testing of course, but the problem in the OP has been resolved, and this category setup makes much more sense to me.
The piece we were missing was step 4 through 7.
Again, thank you very much. Not only has this resolved my immediate issue, but this has improved my understanding of category configurations.
5 iunie 2012 12:24Moderator