none
Project Server 2013 how to configure permission based on department RRS feed

  • Question

  • Hi All,

    There is a emterprise custom field named project department. I would like to configure project permission based on it. In other words, the manager of department A can only see the projects belong to department A and the manager of the department B can only see the projects belong to department B. I don't want to configure permission seperately for every project. Can I use RBS with catogories? And suggestion is highly appreciated!

    Regards,

    Anna

    Wednesday, September 24, 2014 2:00 AM

Answers

  • Hi Anna,

    Here are the usual steps to configure the security based on the RBS:

    1. Populate the RBS look-up table with your organisation breakdown structure. I strongly advice not to have more than 3 levels, 2 being ideal. You can enter as many branches as you need, but keep it simple since it can become a nightmare to manage in a organisational change.
    2. Update your categories (what users can see) to configure the visibility in terms of views, projects and resources. The 2 last items (resources and projects visibility) will be configured based on the RBS. You'll see in the categories configuration that you can set which resources and projects will be accessible to the categoy based on the user's branch.
    3. Update your groups if need to associate them the categories. The groups set what can be done (permissions).
    4. Finally, for each user, associate it to a RBS branch and to a security group. Groups being associated to categories, the user will have the group's permissions and inherit the category visibility aligned on the RBS.

    Note that you have to use the Project Server permission mode with PS2013 in order to be able to use the RBS feature.

    Here are few references:

    • http://technet.microsoft.com/en-us/library/cc197571(v=office.15).aspx
    • http://technet.microsoft.com/en-us/library/cc197354(v=office.15).aspx
    • http://aboutmsproject.com/project-server-securitypart-1/

    Hope this helps,


    Guillaume Rouyre, MBA, MCP, MCTS |

    • Marked as answer by Anna Ruan Tuesday, October 14, 2014 7:58 AM
    Thursday, September 25, 2014 12:06 PM
    Moderator
  • Hi, 

    I don't know your organization and particularly what are the departments that are involved with Project Server. Meaning that in my example below, it is no need to put HR or Marketing if they are not using Project Server. Note for example that you will locate the development team director in the development team branch, but all team members will be located in one of the 3 branches at a lower level.



    Hope this helps,


    Guillaume Rouyre, MBA, MVP, MCP |


    Friday, October 10, 2014 11:54 AM
    Moderator

All replies

  • Hello Anna

    You cannot use the department field as a filter for managing permissions.

    The RBS is often based on Department, so I would use the RBS.

    If the RBS is not based on Org chart, then you may need to create a category for each department and manually update the category by updating the projects that belong in the category.

    Cheers!


    Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
    Website http://www.WhartonComputer.com
    Blog http://MyProjectExpert.com contains my field notes and SQL queries

    Wednesday, September 24, 2014 2:19 AM
    Moderator
  • In addition to this excellent reply, I'd mention that categories are intended to be used with the RBS in order to set which data can be accessed (projects and resources) for the groups associated to the category. It allows you to only maintain the RBS for users and they then inherit the visibility you configured.

    Hope this helps,


    Guillaume Rouyre, MBA, MCP, MCTS |

    Wednesday, September 24, 2014 2:26 AM
    Moderator
  • I am not very clear about that. Any example or reference for it?

    Thanks,

    Anna

    Thursday, September 25, 2014 8:55 AM
  • Hi Anna,

    Here are the usual steps to configure the security based on the RBS:

    1. Populate the RBS look-up table with your organisation breakdown structure. I strongly advice not to have more than 3 levels, 2 being ideal. You can enter as many branches as you need, but keep it simple since it can become a nightmare to manage in a organisational change.
    2. Update your categories (what users can see) to configure the visibility in terms of views, projects and resources. The 2 last items (resources and projects visibility) will be configured based on the RBS. You'll see in the categories configuration that you can set which resources and projects will be accessible to the categoy based on the user's branch.
    3. Update your groups if need to associate them the categories. The groups set what can be done (permissions).
    4. Finally, for each user, associate it to a RBS branch and to a security group. Groups being associated to categories, the user will have the group's permissions and inherit the category visibility aligned on the RBS.

    Note that you have to use the Project Server permission mode with PS2013 in order to be able to use the RBS feature.

    Here are few references:

    • http://technet.microsoft.com/en-us/library/cc197571(v=office.15).aspx
    • http://technet.microsoft.com/en-us/library/cc197354(v=office.15).aspx
    • http://aboutmsproject.com/project-server-securitypart-1/

    Hope this helps,


    Guillaume Rouyre, MBA, MCP, MCTS |

    • Marked as answer by Anna Ruan Tuesday, October 14, 2014 7:58 AM
    Thursday, September 25, 2014 12:06 PM
    Moderator
  • Any real RBS example? Thanks a lot!

    Regards,

    Anna

    Friday, October 10, 2014 9:08 AM
  • Hi, 

    I don't know your organization and particularly what are the departments that are involved with Project Server. Meaning that in my example below, it is no need to put HR or Marketing if they are not using Project Server. Note for example that you will locate the development team director in the development team branch, but all team members will be located in one of the 3 branches at a lower level.



    Hope this helps,


    Guillaume Rouyre, MBA, MVP, MCP |


    Friday, October 10, 2014 11:54 AM
    Moderator
  • Hi,

    I have tried to configure it based on your direction. However, in my case, the structure doesn't work well. It works fine if I choose "The Project Owner has the same RBS value as the User" or "A resource on the project's Project Team is a descendant of the User via RBS". However, if I choose "The Project Owner is a descendant of the User via RBS". They will see all projects. Any idea?

    Regards,

    Anna

     


    • Edited by Anna Ruan Saturday, October 11, 2014 11:11 AM
    Saturday, October 11, 2014 11:07 AM
  • Hi Anna,

    I cannot give you accurate advice since I'd need to spend time with you in your organization to understand your need. You said that choosing  "The Project Owner has the same RBS value as the User" or "A resource on the project's Project Team is a descendant of the User via RBS". Why not going with this configuration? The Project managers will thus not see all projects.

    If it doesn't suit to your need, please explain for in detail so we'll try to help you.


    Hope this helps,


    Guillaume Rouyre, MBA, MVP, MCP |

    Saturday, October 11, 2014 1:02 PM
    Moderator
  • Hi,

    Now I choose to use "A resource on the project's Project Team is a descendant of the User via RBS". Everything works fine except "my task". If i choose "my task" for project center views. All users will see all projects. I just left the default things of my task. That is "the user belong to the project work group". Any idea?

    Monday, October 13, 2014 7:38 AM
  • Hi Anna,

    Please note that I'm blind to help you. I just got pieces of information to helpmyou out. Moreover this is quite a vast topic that requires quite a lot of tests by yourself in order to find the right configuration.

    That being said, I don't remember there is a "my task" view in the project center. Are you talking about the link in the quick launch menu? In this case resources see tasks they are assigned to, meaning that if they see a task, they surely are part of the team.


    Hope this helps,


    Guillaume Rouyre, MBA, MVP, MCP |

    Monday, October 13, 2014 12:59 PM
    Moderator
  • Everything works fine now after multiple tried. Thanks a lot for your help!

    Regards,

    Anna

    Tuesday, October 14, 2014 7:57 AM