Changing Security Templates

[JodyJ]

The default configuration for the Team Members group will work for our
implementation except for a small change. We do not want users to be able to
create new tasks. I've turned off (unchecked) both the "Create New Task or
Assignment" and the "New Project Task". I have a user assigned ONLY to the
Team Members group. They sign off and sign back on to PWA and they still
have access to create new tasks. Any ideas on where I've gone wrong?

 

[Reid McTaggart]

gYour post sugests that you have not changed the default Group/Category
settings. But just in case, could it be that there is more than one Category
associated with the Team Members group? If so, check the permissions for
Team Members for that Category.

Also, have you tested to see if the system will permit that user to actually
create a new assignment?

-Reid

 

[JodyJ]

Team Members was "assigned" one category....My Tasks...there was an item set
to "allow" in here that seems to be creating the issue. When I turn it
"off", I still see the function create new task but there are not projects
listed in the drop down. Without a project to choose, the system will not
allow you to create the task.

This is not the behavior I was expecting. I would think the menu option
would be removed completely or at a minimum throw an error when clicked.

This all leads me to more confusion though. I've read the blurb..."Groups
control what you can do in Project Server. Categories control what you can
do it to....." I need more guidance though in terms of which supercedes
which, etc. I'm very new to Project Server, but it seems like in this case,
the above statement doesn't hold. In the group, I disallowed the creation of
new tasks by team members. However, since it was allowed in the category,
the functionality still worked?????? Is there any other material out there
that may help clear up my confusion?

 

[Willy_comp]

Jody,

Think, try, think, try ... getting experience because I did not find
information how this security model works.

I've learned :
- Never assign security settings to an individual as it overrides security
settings of a group.
- So I just give the permissions to the group and then just assign the users.

The best way to correct this problem (if you operated that way):
- remove all your users from the group
- save this info
- assign all users back to the group
- save again

regards,
WillyV

 

[JodyJ]

I appreciate the "think, try, think" method however, there are many, many
others who have experience implementing this product. There are also many,
many questions on this site re: how Global Permission, Categories and Groups
work together.

I've purchased the Administering an Enterprise PMO by Chefetz & Howard and
am still not clear on how these pieces fit together.

Does anyone have any docs, advice, etc? Security setup just seems way more
complex than it needs to be. Maybe I'm just missing some critical knowledge.

 

[Reid McTaggart]

Security is more complicated than it needs to be only until you need it to be
complicated... then it's either just right or not quite enough!

It's not an easy topic to grasp right away, but the fundamentals are within
reach and you can master it. I spend lots of time with my clients helping
them work through it hands-on.

I'd be glad to give you some free one-on-one telephone consultation if
you'll contact me offline. Within 30 minutes or so, I can probably help you
get to a much more comfortable understanding.

Reid McTaggart
(e-mail address removed)
Alegient, Inc.
Microsoft Certified Partner
Project Server Experts