Custom PWA Group Not Automatically Added to WSS Sites

[burcky]

Our setup allows all PWA users to access all WSS project sites.
However, we created a new group and corresponding security category
that is set up like the rest except for the fact that they cannot see
resource and project information. We want them to access WSS sites
though, but they are not automatically being synched w/ the user lists
when project information is published. The only way they are able to be
synched to the user lists is if the specific site is synchronized by
the admin is the Manange Windows Sharepoint Sites section. I compared
all the group settings, and they appear to be the same. Would anyone
like to take a stab at what I'm missing or how I can have this group be
automatically added to all and new project WSS site user lists?

Thanks,
Kyle

 

[Lene]

I´ve had the same problem - I had to syncronize.....
burcky skrev:

 

[Big John]

Brucky

You are correct in your observations, this problem also exists when new team
members are added to a project, they are not automatically added to the
sharepoint site access list.

We have developed a custom solution that uses a shell macro to add team
members to sharepoint sites, via an overnight batch. This automates the
addition of new team members to the sharepoint sites, but can be extended to
add users in other security groups to associated sharepoint site.

If you have further interest please let us know

John Purvis, PMP MCP
Portfolio PM
www.PortfolioPM.com
Microsoft Certified Partner

 

[Gary L. Chefetz [MVP]]

John:

Most of the professional folks represented on the list have created
solutions like this. There are lots of places to advertise your professional
services and for folks to find them. The communities newsgroups are designed
for peer-to-peer support and spamming is not tolerated. Your posts today,
mostly qualify as the latter. Please consider sharing your expertise, I'm
certain many would benefit.

 

[burcky]

Thanks for your input. So it appears this is a lack of functionality on
PWA's part. I was hoping there was some setting I didn't have enabled
or some unnecesary setting I had enabled.

 

[Gary L. Chefetz [MVP]]

Kyle:

When you make changes to people's permissions midstream on a project, you
may need to run the synchronization routines on each site to make the new
users appear. You should base your new custom group on the Executive group,
which gets read access to all sites. You can redact the permissions that
would otherwise give members of this group access to resource information.

 

[burcky]

I thought the following option in Site Provisioning Settings would do
the trick:

"Automatically add Project Web Access users to project team Web
site when SharePoint site is created or when the project manager
publishes the project information to Project Server."

because in the third bullet underneath that it states:

"Other Project Server users with View Project Document and Issues
permission on this project are added into a site group called Reader
(Project Server)."

However, it was unsuccessful. The new group and security category these
people are associated with have View Risks, Isssues, and Documents
allowed, but do not get added to the WSS sites when a project site is
created or project information is published. ....odd behavior or is it
just me?

 

[Gary L. Chefetz [MVP]]

You may not have set this up correctly. If you can describe what you did,
maybe we can analyze further.

 

[burcky]

A new group and security category were created to access WSS sites for
all projects. Their permissions restrict themselves from viewing
resource information, but allowing them to view project information.

In the group permissions, the group includes all the appropriate users,
the appropriate categories under Selected Categories, and are allowed
to "View, Risk, Issues, and Documents" with that category. Under global
permissions, they are allowed to view documents, view issues, and view
risks.

In the security category permissions, the appropriate group is
included. One thing I don't think should be there is all the names of
the individuals in that group in addition to the group itself.
However, only the group has permissions set to it, so I don't think
it's an immediate problem. The group's permissions there reflect the
same permissions set in the group permissions area.

Our understanding would be whenever a project is published or created,
this group of people would be added to the list of everyone who can
view the WSS site. The only way to add them is to synchronize the WSS
site, but this is unreasonable for admins to do this for the hundreds
of projects we have.

 

[Gary L. Chefetz [MVP]]

Do you have the View Effective Rights Tool available to you? Can you
download it and install it on the server. You should remove the individual
names from the category, their membership through the group is enough. The
fact that this is the case is worrisome only because it might indicate some
"playing around" has gone on to make this work, which may in fact be at
least part of the problem. A good way to have created the group would be to
copy the Executive group permissions and redact from there.