Permissions, Groups and Categories 1=1

[Studer]

After a big mess up in the permissions for each category and each group of
users I ended up setting the server in my company the following way: each
group has it's own category.

I now I'm going against the usual definitions where for example the My
Projects Category is said to be applied for Project Managers, Resource
Managers and Team Leads. Now, for me, My Projects is only for Project
Managers, period!

The thing is that It just got too messy. Had to change some permissions for
some new groups I created and ended up loosing the whole controle of the
thing, some things were changed in the category, others in the group and even
had single users with special permissions! IT WAS HELL!

With this "one group = one category" strategy it's all much simpler, but did
I loose something? Comments please!

Thanks a lot

 

[Dale Howard [MVP]]

Studer --

I think you are making a huge mistake with permissions, and you are not
simplfying anything with your "one Group - one Category" approach. It is
much better, I believe, to leave the default permission for Groups and
Categories in place, and then to "tweak" them only as needed. For example,
the default permissions in the Project Managers group allow each project
manager to only open his/her own projects. One small "tweak" a company
might need is to allow each PM to open his/her own projects Read/Write, but
to open all other PMs projects Read-Only. With the method you are trying to
use, I can't imagine how you could accomplish this security need. Using the
default permissions, however, it would be very easy; a couple clicks of the
mouse and you are done.

Therefore, my advice to you would be to set everything back to the default
permissions for Groups and Categories and then tweak the permissions only as
needed. Remember, the mantra is "KISS" and you are most definitely NOT
keeping it simple! Hope this helps.

 

[Studer]

I must admit you're right... For simple things my aproach works fine, for
exceptions, it doesn't work at all.

I'm allready working in an Excel file where I'll put the permissions for
each category and group and then see the final cumulative result for
everybody. It's simple and easy to explain to anyone else.

The thing is that I started working over something done by a former coleegue
of mine. I'll have a talk with him, but I think I have to clean up his mess
and start all over again.

One thing is certain, the default permissions don't go along with my
company's way of work (ex: I can not let every PM creat new resources, It'll
be a total mess! Or in here it's the PM's who approve Timesheets for
Resources so I must give them this permission)

Thank you.

 

[Dale Howard [MVP]]

Studer --

I understand about your company's requirements, but even those two examples
could be easily solved by using the default Groups and Categories. There is
no easy way to revert back to all of the defaults. In our Configuring and
Administering book for Project Server 2007, we list all of the default
permissions for every Group and Category. You can purchase the book at:

http://www.projectserverbooks.com

Hope this helps.

 

[Studer]

Found the defaults in a Microsoft site.

Thank you very much for your help Dave

 

[Dale Howard [MVP]]

Studer --

You are more than welcome for the help, but my name is Dale, not Dave!