Project 2003 - how create 2 security groups for project managers

E

Elena Osipova

Hi all,

How do you think, is it possible to create such security model in EPM2003:

1. Two groups of project managers PM1 and PM2 (usually there are PM1 and PM2
managers working on the same project)
- PM1 has rights to open, save and publish their projects
- PM2 has rights to open and save projects to Project Server (not
publish) - working on projects where there's PM1 as a primary project manager

2. For Project 1 Resource 1 can belong to PM1 group, for Project 2 Resource
1 can belong to PM2 group

Will it work? I mean, if we create two groups with corresponding rights, is
there a way for system to distinguish, for which project Resource 1 will have
PM1 rights and for which he will have PM2 rights – as both of them are
project manager’s rights?

Besides, every PM may be a Team member as well for any of the projects.

Your opinion will be extremely appreciated.
Thanks!

Best regards,
Elena
 
J

Jonathan Sofer

Elena,

It is possible to have a user in the PM1 and PM2 group. As a user of PM1
group they may have rights to projects that they own and as a user of PM2
group, they may have rights to projects that they are a team member of.
This would be one way to distinguish between which rights they have on
certain projects and what rights they have on other projects.

If this does not make sense, let me know and I will try to explain in more
detail.

Jonathan Sofer
 
E

Elena Osipova

Hi Jonathan,

thank you for reply.
However, there's a problem I can't solve.

The thing is that a person may belong to both groups and be either assistant
to PM in one case - with open|save rights, or in the other case PM himself
with create/open/save/publish rights.
When you assign user to both categories he automatically receives full
rights for the first project where he is only assistant.

It seems that we can't set security rights with the formula "if you are PM
then you can ..., if you are not PM you can ...". It works like this "You
have allow right for publishing project as PM and nothing (neither allow nor
deny) as team member, then you can publish any projects you can access. If we
set deny for team member than the person will not be allowed to publish any
project. That's not good.

What can we do with all this stuff?

Elena
 
J

Jonathan Sofer

You can accomplish what you want with one PM group but with 2 security
categories.

Category 1 should include all projects which the user is the project owner
(i.e. only check the box "The User is the Project Owner or the User is the
Status Manager on assignments within that Project".
Category 2 should include only projects which the user is on the project
team (i.e. only check the box "The User is on that project's Project Team"

Then assign Category 1 to the PM group with the full PM rights like Save and
Publish permissions and assign Category 2 to the same PM group with limited
assistant PM rights like Open and Save permissions only.

Now PMs that are marked as the owner of a schedule will have full PM rights
to that schedule and other PMs that are on the project team will have
assistant rights only.

Let me know if that works for you.

Jonathan Sofer
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multi-project part time resource leveling 3
Request for Guidance (non-IU MOPP 2007 clients, MOPS 2007 IU setup 1
Group by 2 columns ? 3
Category concerns 8
PWA Project Managers - Workspace Access 3
Project managers can't update the Resource calendar 1
External Dependencies 3
Handling Work charged to Different Budgets (Time Based) 1

Top