Security issue: PMs can modify projects of which they are not owne

[Daniel]

We recently discovered this security issue:
When PMs are assigned on a tack on a project of which they are not the
owner, they are able to edit this project, to make changes and save it.
I checked the security settings and was not able to fix this issue. Can
somebody tell me how I can fix it?
Daniel

 

[Dale Howard [MVP]]

Daniel --

It might help if you told us what you did to try and resolve this issue.
Regardless, refer to the following FAQ on this very issue:

http://www.projectserverexperts.com...edgeBase/Read-OnlyAccessForPMTeamMembers.aspx

Keep in mind that the FAQ describes how to allow Read-Only access for PMs to
the projects in which they are only team members. And keep in mind further
that your changes may nullify the effectiveness of the steps detailed in the
FAQ. Hope this helps.

 

[Ben Howard]

Hi Daniel,

From
http://www.projectserverexperts.com/ProjectServerFAQKnowledgeBase/OpenOtherProjectsReadOnly.aspx

1. Log into PWA with Administrator permissions.

2. Click Server Settings > Manage Groups.

3. Click the name of the Project Managers group to open it for editing.

4. In the Categories section of the page, select the My Organization
category from the list on the right.

5. In the Permissions for My Organization grid, set the Open Project
permission to Allow.

6. Make sure that neither Allow or Deny is checked for the Save Project to
Project Server permission.

7. Click the Save button.

 

[bikerjohn]

The following FAQ gives instructions on this
http://www.projectserverexperts.com/ProjectServerFAQKnowledgeBase/OpenOtherProjectsReadOnly.aspx

 

[Daniel]

I tried this following link and now everything is OK.

http://www.projectserverexperts.com/ProjectServerFAQKnowledgeBase/OpenOtherProjectsReadOnly.aspx

Thanks to everybody.