RBS and Category

[Alfatcop]

Hello All,

background information:
- Project Server 2007
- 2 offices (office1, office2)
- 2 Office Managers (lets name them officemgr1 and officemgr2)
- 2 groups of resource (officeres1, officeres2)
- 1 pm in each group (officepm1, officepm2)

I would like to have:
1). officemgr 1 to be able to edit projects in office1 and see projects in
office2 (and vice versa)
2). officemgr 1 to be able to edit resource officeres1 and see officeres2
(and vice versa)
3). officepm1 edit his project and see projects in office1, have access to
officeres1 and officeres2 (and vice versa)

For 1). do i have to create a category "office1" and manually select the
projects that belongs to it and give officemgr an edit access right on it? Or
can it be done automatically?

Thank you very much for your help

 

[Jim Erwin]

You do have to manually move those projects into the category, but you
could create a project-level attribute for Office, make it required,
then have an event handler look at the value selected and
automatically move it into the appropriate category. You would
probably want to use the Event trigger "Project Saved".

 

[Gagan Goel - MCP PMP]

Alfatcop,

Thats a classic problem in Project Server and I feel you are on the right
track. It could be automated by utlizing the RBS. By setting the RBS

as
Office Manager
Office PM
Team

and then activating the RBS security, but this still would satisfy your
requirements as according to RBS it will isolate the two offices and there
will be no cross visibility based on scurity rules.

So other option is to create categories for offices and then assign projects
manually to categories and then assign R/W and Readonly appropriately to the
groups.

With some custom code we can automate the process of addin the new projects
based on custom fields to right security buckets, but this is something which
needs MS attention.

In 2007 there is STSADM command which can add a project to a category, so if
you have a good naming convention e.g. Office1_Proj1.pub you can use the
STSADM command to put in a windows scheduler to run and add the projects to
right security buckets.


Syntax
stsadm -o projmodifyprojectsincategory

-url <URL name>

[-categoryname] <category name>

[-categoryid] <category GUID>

[-projectname] <project name>

[-projectid] <project GUID>

-addorremove <add or remove project>


http://technet.microsoft.com/en-us/library/cc197698(TechNet.10).aspx

Hope this helps. Please do rate the post if you feel it was helpful.

Gagan

 

[Paul Conroy]

Scenario 1:

Create a new security template based on the Project Managers Template, call
it "Read Only". Remove the the 'Save Project' Permission from the template.

Create a new security group, say "Read Only" and associate it to the "My
Organisation" Category with the 'Read Only" template permissions.

Add all OM's to the "Read Only" group.

This will give OM's read only access to all Projects in the server.

Implement an RBS similar to

Company
Office1
PMO
Resources
Office2
PMO
Resources

Associate the OM's to each Officex RBS node
Associate the PM's to each PMO RBS Node
Associate the Resources to each Resources RBS Node

Update the "My Projects" category to include the dynamic rule "Allow users
in this category to view all projects managed by resources they manage"

Add the OM's to the Project Managers security group and ensure that the
security group s only associated to the "My Projects" category.

This will allow the OM's to edit the projects of the project managers in
their office, whilst keeping the other office's project's as read only.

Scenario 2

This is where you come stuck. Managing Users & Groups is a global
permission and therefore cannot be applied at the category level. You can
control the resources each OM/PM can see, using the RBS and category
permissions, but the administration of the resources will be an application
admin role.

Scenario 3

Similar to Scenario 1

Add the PM's to the Project Managers security group, ensuring it's only
associated to the My Projects category. This will give them PM permissions
to their own projects

Add the PM's to the Read Only Group created in scenario 1. this will give
them RO permissions to all projects.