none
Automate bulk update of Project Permissions within PWA RRS feed

  • Question

  • Hello

    We have changed our security model for our project server giving certain groups full permissions on all projects as well as opening up read only access to a group containing everyone else in the company.

    There are over 100 projects in the project server at the moment so I am looking for an automated way of revoking all existing permissions on a project and setting the new permissions within the PWA.

    Project sites are configured to synchronize with the PWA so I just need to set permissions on the project within the PWA.

    Thanks

    Monday, August 13, 2012 9:39 AM

All replies

  • Foolishly I did not see the Project Server Programming sub forum, to avoid cross posting, can a mod please move this thread there please?

    Thanks.

    Monday, August 13, 2012 1:28 PM
  • Darren,

    I'm a bit confused by the need to update the projects. Basically, your category permissions determine immediately, the level of access to a given project.

    As for the Project sites, the permissions are typically refreshed from the project publish process.

    The only other thing I can think of is that someone went nuts with the Project Permissions button in Project Center and you've got custom permissions at the Project level on a ton of projects. Can you clarify?

    In the Project Sites, by default, if you are the project owner, you have site admin rights. If you are on the project team and have assigned work, you are a contributor. If you are on the project team but have no assigned work, you have reader rights.

    If you are looking to refresh these rights for all projects, then I would recommend taking a look at this post as a PowerShell way of republishing all projects: http://pwmather.wordpress.com/2012/05/31/updated-publish-all-projects-in-projectserver-using-powershell-msproject-ps2010-sp2010/

    Treb Gatte @tgatte

    Thursday, August 16, 2012 6:29 AM
    Moderator
  • Treb,

    Thanks for replying.  To clarify, we have 2 Project Server groups of people that make use of the Project Server:

    PMO - Project Server group who have full access to every project

    Everyone else in the company - Has read access to all projects, i.e. can view the project plan and can view the project site (and serach results at the top level sharepoint site will return content from project sites)

    Currently, when we in the PMO create projects, using the "Project Permissions" we set the permissions above and therefore the project site inherits their permissions from the project.

    There are currently over 100 projects in the project server that do not have the correct permissions defined on the project (and there are cases where people in the PMO do not set the permissions correctly).  Rather than go through each project manually clicking the "Project Permissions" button to set the correct permissions, I would like to script it ideally.

    Thursday, August 16, 2012 9:15 AM
  • Darren,

    The intent of the Project permissions button is to create a local override of security permissions, most commonly to to the SharePoint site, for a handful of people. It *should not* be used in a large scale as you describe and this will only lead to tears and missing hair in the long run. There are no bulk management tools precisely for the reason above, it is to be used on an exception basis.

    In the out of box security model, the My organization already provides access to all projects. You can create/reuse two groups and set the category permissions differently for each group. For the Everyone group, they get the same category permissions as the original Executives group since this is the closest analogy.

    The PMO group should use category permissions on the My Organization category, similar to the Project Managers group on the My Projects category, as that is the closest equivalent. Overall, this should take about 30 minutes to implement and it would take effect immediately. It would also be extremely easy to maintain long term.

    I'd take a look at the TechNet/MSDN documentation on category permissions so that you can walk through this.

    Treb Gatte @tgatte

    Thursday, August 16, 2012 3:47 PM
    Moderator
  • Treb,

    Thanks for taking the time to provide advice.  I'll be taking your advice and making changes.

    Friday, August 17, 2012 12:51 PM
  • No worries. I teach a class on administration and security is one of those topics that gives people headaches. I'd rather save you from a world of hurt now. :-)

    Treb Gatte @tgatte

    Friday, August 17, 2012 10:52 PM
    Moderator