Implement Security based on department


  • Hi ,

     Need to implement security using Department in project server

    Projects are set to the Project Department from the Department lookup.

    Resource/user are set to the Resource Department from the Department lookup, Resource can be assigned multiple departments(like IT,HR,Finance)

    Resource can only view the projects Based on the department which he has assigned.

    How can we implement this security?



    Thursday, April 20, 2017 2:00 PM

All replies

  • Hi Likitha,

    An important point to know is that department is NOT a securirty feature. It is just meant to propose dedicated configuration and filter projects and resources, but in no way managing data and feature access with a reliable security.

    The security model relies on the groups and categories, but also on the RBS which allows creating a hierachy based on your organization, but resources in this hierachy and configure who could see data and what feature can be used.

    Here are a few great articles from Ben Howard about security model and departments:

    Hope this helps,

    Guillaume Rouyre, MBA, MVP, P-Seller

    Thursday, April 20, 2017 2:20 PM
  • There are many different way to confgure and double it can be example in a few comments in forum.  One design of setting up security is to use the RBS. I would setup RBS based on department

    For example

    HR (dept)


          HR.Program Manager

                Hr.Project Manager

    IT (Dept)

        IT.Portfolio Manager

              IT.Program Manager

                  IT.Project Manager

    Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
    Blog contains my field notes and SQL queries

    Friday, April 21, 2017 3:13 AM
  • Thanks Michael,

    If the user is assigned to 2 departments like HR and IT departments, user should able to view the projects from 2 departments

    How can we design the RBS?



    Friday, April 21, 2017 6:45 AM
  • Hi Likitha,

    Usually, users belong to one unique department. Then different cases might occur. If it is a single user, you might assign him to a department branch and add him manually to some project teams when applicable. Or you can put him in a high branch. Or you could cross use departments and RBS. As you can see, the security model can be a complex subject depending on your requirements. The first step to taken in my own opinion is to collect the need, then design the model using the various features you have at your disposal (rbs, groups, categories, departments), and finally implement it.

    Hope this helps,

    Guillaume Rouyre, MBA, MVP, P-Seller

    Friday, April 21, 2017 8:13 AM