Save offline security bug

[Luis Felipe S. Monteiro]

Hello all,

I configured the project server 2003 to forbid PMs saving schedule
baselines. (This is done by a PMO).

When trying to fix a schedule problem a PM saved the shedule offline,
replaced the local file (that didn´t have a baseline saved) with
another one (with a baseline saved) and then saved the schedule online
again.

After that, the schedule that shouldn´t have baseline was save with a
new baseline by an unauthorized role.

Is there any fix for this?

Luis Felipe

 

[Dale Howard [MVP]]

Luis --

Yes, you can fix this problem in two ways:

1. Someone from the PMO should open the project and then click Tools -
Tracking - Clear Baseline to remove the unauthorized baseline from the
project. The PMO staff should then examine the project for any other
unauthorized changes to the plan, and if found, the PMO staff should change
the project back to an acceptable form. After this, the PMO staff should
baseline the project again using Tools - Tracking - Save Baseline.

2. You should fire the project manager in question. Why in the world a PM
would go to such lengths to subvert your company's established baselining
process is beyond me. Although what the PM did is clever for sure, it
smacks of insubordination. If you can't fire the PM, he/she should at least
be disciplined and warned against taking such actions in the future.

Hope this helps.

--
Dale A. Howard [MVP]
Enterprise Project Trainer/Consultant
http://www.msprojectexperts.com
http://www.projectserverexperts.com
"We wrote the books on Project Server"


Hello all,

I configured the project server 2003 to forbid PMs saving schedule
baselines. (This is done by a PMO).

When trying to fix a schedule problem a PM saved the shedule offline,
replaced the local file (that didn´t have a baseline saved) with
another one (with a baseline saved) and then saved the schedule online
again.

After that, the schedule that shouldn´t have baseline was save with a
new baseline by an unauthorized role.

Is there any fix for this?

Luis Felipe

 

[Luis Felipe S. Monteiro]

Ok , We realized that when testing save offline function and every
impacts it´s use could cause.

Maybe the question wasn´t well written. The question was "Is this a
know bug?" and "Can it be fixed with a software ugrade or
configuration?"

No one needs to be fired, yet

Regards,

Luis Felipe Monteiro

 

[Dale Howard [MVP]]

Luis --

I set the Save Baseline permission to Not Allowed for members of the Project
Managers group and then tested the Save Offline function using the following
steps:

1. Launch Microsoft Project Professional and log into Project Server with
Project Manager permissions
2. Create a new project from a template, build the project team, and assign
resources to tasks
3. Save the project in the Project Server database
4. Attempted to baseline the project, but the permission was denied
5. Saved the project as an offline project using File - Save Offline
6. Closed the project and exited Microsoft Project
7. Launched Microsoft Project Profession and logged into Project Server in
offline mode by clicking the Work Offline button
8. Opened the offline project
9. Attempted to baseline the project, but the permission was denied

Using the above steps, working correctly with an offline project should have
still prevented the PM from baselining a project. Given the fact that the
PM went to such great lengths to circumvent your baseline process, I doubt
that you are seeing a bug in the software. Hope this helps.




Ok , We realized that when testing save offline function and every
impacts it´s use could cause.

Maybe the question wasn´t well written. The question was "Is this a
know bug?" and "Can it be fixed with a software ugrade or
configuration?"

No one needs to be fired, yet

Regards,

Luis Felipe Monteiro

 

[mark.everett]

Luis -

I also tested this process because it didn't make sense to me that you
could have a project subject to the Enterprise Global rules which say
that the PM can't save a baseline, save that project offline, save a
baseline, then save it online. I got the same results as Dale.

I think you need to ask the PM in question to repeat the steps he or
she took and observe the results. Perhaps you can ask why, when the
policy is that the PMO sets baselines, did they want to set one? If
it's that important to the person (for example, if they think the PMO
is making big changes, then suggest they do one of two things:

1. Use a couple of local date fields to save their dates. Then compare
after the PMO is done.
2. Save their project as an .mpp. When the project is processed by the
PMO, save that as an .mpp with a similar name. Export both to Excel,
then use the Excel compare feature to find differences.

Mark S. Everett | PMP
www.quantumpm.com

 

[John]

I think you guys may have missed part of the testing procedure. From the
original post, it looks like the PM saved the project offline. Then he/she
replaced the MPP file that is stored in Documents and
Settings/xxxx/xxxx/xxxx.published.mpp. Following this, the PM then went
on-line and saved and published the project back to the server.

I have followed this exact procedure for replacing a project file. I do NOT
do this to circumvent any policies - rather one of the perks of being the
Project Server administrator is that I can use this for good reasons.

FYI, I did not test this with Save Project Baselines denied.