none
Project Server 2010 Permissions - no way to limit site access by project RRS feed

  • Question

  • Dears,

    I seem to continue having a problem getting my head around Permissions in Project Server, and making them work the way I need to.

    I had decided some time ago that I don't like the way PS manages the OOTB groups, so I do not use them and instead manage access via SharePoint only.  This appears to cause problems, since Project Server apparently has some strange things going on.

    So now I very reluctantly embrace the standard groups, which brings me back to my original problem:

    It seems that Project Server groups and categories allow you to specify access based on the project and whether the person is on the project's team.

    But this is not the case for the SharePoint group - there seems no way to limit which project sites the user can see.

    So I have this basic situation:  user is Team Member only.  Can access and contribute to sites of projects where they are part of the team.   But it makes no difference.  The user can see any site and lists and items, even if they are not on the project team.

    How on earth is this supposed to work properly?  Many thanks...

    Wednesday, July 10, 2013 9:56 AM

All replies

  • Hi,

    Considering the scenario, the best possible way can be to use the Project Server groups to provide permissions and remove the permissions provided to the Custom SharePoint groups. REF#http://blogs.msdn.com/b/brismith/archive/2012/10/24/psvr2010-i-m-sure-i-added-some-users-to-that-sharepoint-group.aspx

    Here you can follow the below steps to help meet your requirements

    1. Create a Custom Group and set the permissions based on the Team Members template. Add the users to the group
    2. Now create a category. In Projects add only the projects which the users have to see and then add the group that we have created in Users and groups


    Cheers! Happy troubleshooting !!! Dinesh S. Rai - MSFT Enterprise Project Management

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful if a post has been useful to you. This can be beneficial to other community members reading the thread.


    Wednesday, July 10, 2013 10:13 AM
    Moderator
  • Hi,

    Thanks for the suggestions, however...

    The group is already set to just one category, and that category is limiting to "The user is on that project's team".

    If I were to manually specify the projects for this category, it would be an administrative nightmare.

    Besides, this solution does not solve the problem:

    The permissions to access list items are strangely tied up with Project Server so that I cannot simply override that by using my own SP group.  I have just tried what you suggested, and I still have errors.

    I check the user's permissions for the site and it says they should be fine.  Then I dig into a list and some items generate an error to view, with no rhyme or reason.  It NEEDS the Project Server group to be there.

    Wednesday, July 10, 2013 11:54 AM
  • Nicodemus88,

    Going back to original question, 

    So I have this basic situation:  user is Team Member only.  Can access and contribute to sites of projects where they are part of the team.   But it makes no difference.  The user can see any site and lists and items, even if they are not on the project team.

    I am doubting whether a permission re-sync happened successfully after you changed the security groups etc., Have to published the project (for the project site you are testing). This will re sync the permissions, and leave only the team members. You could also go to Server Settings >> project Sites  >> Select the site >>Synchronize.


    Prasanna Adavi,PMP,MCTS,MCITP,MCT http://thinkepm.blogspot.com

    Wednesday, July 10, 2013 4:44 PM
    Moderator