Making a project read only

R

Reid McTaggart

There's more than one way, but here is an easy way that I think will work
(better test it!):

Create a Category called something like Read Only.
Add the closed/completed project to the Category's list of projects.
Associate all Groups with the Category.
For each associated Group, set the "Save" permission to Deny.
 
D

Dale Howard [MVP]

Reid --

It would be a mistake to set the Save Project permission to Deny, as doing
so will "trump" the Save Project permsision for any other Categories to
which each Group has permissions. The default order of precedence for any
permission in a Group that has access to multiple Categories is:

Deny
Allow
Not Allowed

Give this fact, the permission for Save Project in this new Category simply
needs to be set to Not Allowed (neither Allow or Deny is selected). Hope
this helps.
 
R

Reid McTaggart

I disagree, Dale. I just tested my solution and it works fine. Any project
that I associate with my new category becomes read only, but the user's or
group's access to all other projects stays the same.

I think your first statement is incorrect. The security model is more
subtle than that.

Your listing of the order of precedence is correct, but it does not apply to
groups in the way that you wrote. It only applies to a user or group with
respect to the things (projects, resources, views, etc) listed in the
Category.

I also don't think the alternative solution you offer would work relative to
the problem posed in this thread. It seems to me that by creating a new
category and setting the Save permission to Not Allow, you accomplish nothing
if some users already have Allow permission in another category that includes
the subject project. You might want to test it; I could be wrong.

While it is true that Deny should rarely be used, and always used with care,
this is one application in which it offers a clean solution to a tricky
problem.

Reid McTaggart
(e-mail address removed)
Alegient, Inc.
Microsoft Certified Partner
Project Server Experts
 
G

Gary L. Chefetz [MVP]

Reid:

I think Dale's confusion with your original post is that it sounds as though
you're saying that one should set the Group permission rather than in the
new category, which would result in the consequences Dale described.
 
R

Reid McTaggart

Gee, I don't know, Gary. "Save Project" is not a global permission for
Groups. It can only be set in relation to a Category. That's why there are
two separate Permissions boxes -- one for Global permissions and one for
Category permissions.

You can set the Save Project whether you're modifying a Group or modifying a
Category, but the effect is the same.

I think Dale understands all this, judging by his explanation of his
suggested solution, which I still think won't work.

I'm not sure my directions could lead to such mistakes as you suggest, but
I'll try to write more literally in the future.

Reid McTaggart
(e-mail address removed)
Alegient, Inc.
Microsot Certified Partner
Project Server Experts
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sub projects added as read only in Master file which are saved on sharepoint 1
Auto populate value from one task to another in MS PROJECT 0
Reading view 1
Remove "read-only" from Publisher file 0
MS Project. Real progress of the project, % complete 1
Mark-as-read problem 0
Making a macro only work on certain files 2
Project Status Date 1

Top