none
Project View or Project Item level security - Unique Permissions RRS feed

  • Question

  • Thank you for your time in advance,

    I have a unique request in a project online deployment with two different security requirements

    1. portfolio viewers should be able to see all projects not listed as "sensitive". where listed as sensitive, you must be a verified user and then added to something like "the sensitive approved group" - keeping it general

    • I created a custom category called "my sensitive organization"
    • I created a custom group called "my sensitive Portfolio viewers"
    • I created a filter in the default Project Center Summary for projects listed as sensitive, and another called Sensitive Summary which included regular and sensitive projects and added them to the appropriate categories. this took care of the first requirement

    2. the next requirement is when the project has special paperwork, such as NDA's, that need to be signed before portfolio level viewers (or anyone) can see the projects. This calls for more of a unique level of project permissions where only the individuals who get manually added through team or project permissions can see projects in a view.

    Question:

    • Is there a way to handle unique permissions on projects where portfolio level users cannot see projects unless explicitly added through Project Permissions in views?

    I thought that if I handled them in the same way that project managers can only see projects that they own, or have been added to, I might be able to accomplish this through another view possibly. However, the users in question will already be a part of the Portfolio Viewers group. so, if they have access to the view, they will already be able to see all of the projects. 

    Any help is much appreciated!

    Thanks, 

    Trent


    Tuesday, May 23, 2017 8:11 PM

Answers

  • In order to meet the needs of the above requirements, i needed to adjust the process so that projects are controlled by the categories they belong to. the categories i created were: 

    • Regular Projects
    • Sensitive Projects
    • Unique Requirements

    I re-used my organization for the regular projects, but wanted to keep the distinction of each clear. when projects are created, they needed to be included in the category which they belong. i then used two groups to handle the three scenarios. the groups were:

    • Sensitive Approved Portfolio Managers

    Included Regular Projects and Sensitive Projects categories in the group

    • Portfolio Managers

    Included Regular Projects Category in the group

    For the Unique Requirements projects, i left the category out of any portfolio level group. In this case, the owner of the project can manage the unique project security from the project center as they come in. 

    **This does create the overhead of a process for getting each project into the correct category, but was the only way i could find to meet requirements. An advantage for the portfolio level personnel is that they only need 1 view to see all projects they have access to, no need to flip between filtered views.

    • Marked as answer by Trent.planb Wednesday, May 24, 2017 11:12 PM
    Wednesday, May 24, 2017 11:12 PM