Problems with security

  • Thread starter Ian Wolstenholme
  • Start date
I

Ian Wolstenholme

We are having problems getting groups and categories to
work correctly.

We have four divisions in the business. We need PMs in
each Division to be able to see all projects for that
Division but only be able to edit and save their own
projects.

Each set of projects for each Division should be isolated
from the any other Division.

We had planned to have categories for each division and a
corresponding group for each Divisional PM Group.

But we can't seem to get this to work. It seems like a PM
can edit ALL projects and save them.

How do we solve this problem ?

Thanks

Ian
 
D

Dale Howard [MVP]

Ian --

You are so close but so far away. Here's what you will need to do:

1. Retain the My Projects category, which basically gives each PM
permission to see his/her own projects (projects for which he/she is the
manager, projects in which he/she is a team member, and projects in which
their resources are team members).

2. Create a new Category for each division that gives access to the
division's specific projects only.

3. Create a new Group for each division and add the My Projects category
and the division's new Category to the Group. In the Permissions grid in
the Categories section of the page, select the My Projects category and set
the permisssions using the Project Managers template. Now select the
division's custom Category and in the Permissions grid, set only the
following permissions to Allow (do not set any permissions to Deny):

Assign Resource
See Enterprise Resource Data
Open Project

4. Add the PM's in each division to their division's Group.

This should take care of it. Hope this helps.
 
I

Ian Wolstenholme

Hi Dale,

Thank you so much for your help. In Step 2 however are you suggesting that
we need to add the projects manually to each category. we ant to avoid this
as we are delaing with hundreds of projects and the overhead of doing this
would be rather onerous.

We have designed the RBS to show the four divisions so would this suffice if
each PM was assigned to the appropriate level in the RBS ?

Thanks

Ian
 
D

Dale Howard [MVP]

Ian --

Yes, you must manually add the projects for each of the custom Categories.
If there were an easier way, I would have told you. Given the complexity of
your situation and the size of your project portfolio, you might want to
consider creating a separate Project Server instance for each division's
projects. Have you considered that option? You would need to use the
EditSite tool to do so. Hope this helps.
 
I

Ian Wolstenholme

Hi Dale,

I really appreciate your help, but we have to find a way around this.

It because of the volume of projects that adding them manually creates
tremendous overhead on the Administrators and won't work inour environment.
Equally creating a seperate instance of Project Server for each division
won't work either because reporting requirements require that reports are
generated across all divisions.

The RBS defines is defined as follows

All
Division 1
Division 2
Division 3
Division 4

with sublevels below each. Can we not use this to control access to
projects. In otherwords we want a PM in Division 1 to only see projects for
that Division plus projects that he may be assigned to in other Divisions.
However he should only have access to edit those projects for which he is a
project manager and those will always be in in his division.

We can limit the projects visible in the Project Center by creating specific
sets of views for each Division and applying a filter to each set of views
that is set to that Division. To do this we created a Project Outline code
field called Division that shares the RBS code. Hence each prject can be
assigned this value.

However our problem is that when PM's use Project Pro in the open projects
dialog they see all projects. So how can we limit the projects that they see
in this dialog ?

Appreciate your input. I am really grateful for your time.

Thanks

Ian
 
D

Dale Howard [MVP]

Ian --

If there were an easier way, I would have told you. I stand by my original
answer. Perhaps you should explore the use of multiple instances of Project
Server. I really think that would be easier for you. I don't have much
else to offer.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logical planning and implementing company's structure in PS 2007 6
Project Server Instances and Portfolio Server 0
Setting up Groups/Categories for targeted audiences 2
Changing Project Ownership 1
Assigning resources 4
Multiple PMs in same project at the same time 3
Change company name in Volume License install 0
Project Manager losing Admin access to their workspace 3

Top