I actually think that the out-of-the-box permissions that have been given to
the PM and TM groups under "PWA>Site Acitons>Site Settings>Advanced
Permissions>Settings>Permission Levels" are too high. I think this was an
oversite by Microsoft. I had a client that had PMs accidentally mess with
the PWA site because of this.
I have since told recommended to the client to disable certain permissions
for the "Project Managers (Microsoft Office Project Server)" and "Team
Members (Microsoft Office Project Server)" groups. Here are the permissions
I have set for PMs and you can use this to also remove any of these
permission on the TM group as well.
Manage Lists - Create and delete lists, add or remove columns in a list,
and add or remove public views of a list. - Disabled
Override Check Out - Discard or check in a document which is checked out
to another user. - Disabled
Add Items - Add items to lists, add documents to document libraries, and
add Web discussion comments. - Disabled
Edit Items - Edit items in lists, edit documents in document libraries,
edit Web discussion comments in documents, and customize Web Part Pages in
document libraries. - Disabled
Delete Items - Delete items from a list, documents from a document
library, and Web discussion comments in documents. - Disabled
View Items - View items in lists, documents in document libraries, and
view Web discussion comments. - ON
Approve Items - Approve a minor version of a list item or document. -
Disabled
Open Items - View the source of documents with server-side file
andlers. - ON
View Versions - View past versions of a list item or document. - ON
Delete Versions - Delete past versions of a list item or document. -
Disabled
Create Alerts - Create e-mail alerts. - ON
View Application Pages - View forms, views, and application pages.
Enumerate lists. - ON
Manage Permissions - Create and change permission levels on the Web site
and assign permissions to users and groups. - Disabled
View Usage Data - View reports on Web site usage. - Disabled
Create Subsites - Create subsites such as team sites, Meeting Workspace
sites, and Document Workspace sites. - Disabled
Manage Web Site - Grants the ability to perform all administration tasks
for the Web site as well as manage content. - Disabled
Add and Customize Pages - Add, change, or delete HTML pages or Web Part
Pages, and edit the Web site using a Windows SharePoint Services-compatible
editor. - Disabled
Apply Themes and Borders - Apply a theme or borders to the entire Web
site. - Disabled
Apply Style Sheets - Apply a style sheet (.CSS file) to the Web site. -
Disabled
Create Groups - Create a group of users that can be used anywhere within
the site collection. - Disabled
Browse Directories - Enumerate files and folders in a Web site using
SharePoint Designer and Web DAV interfaces. - ON
View Pages - View pages in a Web site. - ON
Enumerate Permissions - Enumerate permissions on the Web site, list,
folder, document, or list item. - Disabled
Browse User Information - View information about users of the Web site. -
ON
Manage Alerts - Manage alerts for all users of the Web site. - Disabled
Use Remote Interfaces - Use SOAP, Web DAV, or SharePoint Designer
interfaces to access the Web site. - ON
Use Client Integration Features - Use features which launch client
applications. Without this permission, users will have to work on documents
locally and upload their changes. - ON
Open - Allows users to open a Web site, list, or folder in order to access
items inside that container. - ON
Edit Personal User Information - Allows a user to change his or her own
user information, such as adding a picture. - ON
Manage Personal Views - Create, change, and delete personal views of
lists. - Disabled
Add/Remove Personal Web Parts - Add or remove personal Web Parts on a Web
Part Page. - Disabled
Update Personal Web Parts - Update Web Parts to display personalized
information. - Disabled
Hope this helps,
Jonathan Sofer
