none
Making certain projects hidden RRS feed

  • Question

  • Hi, We have a general 'open book' see all projects policy, which works well for us right now. We would like to research RBS, and how it could help us hide certain projects though. Sometimes to a specific set of people, sometimes those people plus a few others.

    Our thoughts are that a branch off RBS could be setup for confidential projects, however there are some occasions where those projects need to be visible to specific users who may have a different RBS value applied.

    Has anybody any idea how we could approach this?

    Tuesday, June 18, 2019 2:13 PM

All replies

  • Tibsy80 --

    Given the fact that there must be exceptions to an RBS-based security model for access to the confidential projects, I would recommend you skip that approach entirely.  If I were you, here is what I would do:

    1. Create a custom Category named something like Confidential Projects.  In this Category, I would include ONLY the confidential projects that only certain people should see.
    2. Add the Confidential Projects category to the Project Managers group, select this custom group, and then set a Deny state on permissions that grant user access to the project (such as the Open Project and Publish Project permissions).  This will prevent members of the Project Managers group from accessing the confidential projects.
    3. Create a new custom Group named Confidential Project Managers.  Add people to this group who should be able to see all projects, including the confidential projects.  Add the My Organization category to this group and set the normal permissions for this category using the Project Manager template (found on the pick lists at the bottom of the Permissions for My Organization data grid and the Global Permissions data grid).

    This is a technique I recommended to a client this past year who had very similar security requirements for confidential projects, and the above technique worked for them.  You will want to experiment with this to tweak it according to your own requirements.


    Dale A. Howard [MVP]

    Tuesday, June 18, 2019 5:15 PM
    Moderator
  • Thanks Dale I will try that.

    What is the reason for not using RBS, would you say?

    Friday, June 21, 2019 6:55 AM
  • Tibsy80 --

    You said there will be exceptions to the RBS-based access.  Hope this helps.


    Dale A. Howard [MVP]

    Friday, June 21, 2019 1:14 PM
    Moderator
  • Hi Tibsy80,

    Dale's suggestion is a very elegant solution to your requirement. Custom security groups and categories can be used to considerable effect in accommodating the sort of situation you are confronted by. Ideally I would always suggest allocating people to as few a number of groups as possible to simplify things but in this example people who belong to the custom security group would enjoy that membership in addition to their default security group.

    I hope you apply the solution suggested by Dale and that it meets your needs - remember you can make use of "Delegation" to test that the suggested approach works, I find this feature very useful in situations like this.


    With good wishes,

    Dominic

    Microsoft Project Evangelist

    Twitter:   LinkedIn:    Web:   

    Friday, June 21, 2019 3:01 PM
  • Dittos on all the suggestion above. 

    However, keep in mind that reporting tools will show these confidential projects, tasks, resources, etc.   The filtering of projects in reports is not managed by categories or groups.

    My recommendation that if projects are truly confidential and it is critical nobody can see the projects, tasks or resources, then do not put those projects in PWA.  


    Michael Wharton, Project MVP, MBA, PMP and a Great Guy <br/> Website http://www.WhartonComputer.com <br/> Blog http://MyProjectExpert.com contains my field notes and SQL queries

    Friday, June 21, 2019 3:08 PM
    Moderator
  • Thanks for the responses. So just to be clear, RBS isn't much use for this? I would just like to understand where RBS wouldn't suit our needs. I am looking at the above suggestion, it would add manual overhead where new projects / users are added?
    Sunday, June 23, 2019 8:12 AM
  • Michael, good point on Security. Have you ever leveraged EPT as a form of “above Project” level custom field for filtering? I realised a while ago that the EPT type was a neat way of differentiating information for different audiences in the same organisation l, used in conjunction with departments it works even better. I appreciate that OData reporting may still subvert this approach but how many users are likely to resort to that approach to discovering information that is confidential when simply getting them to use tools they have been given and trained on is hard enough.

    With good wishes,

    Dominic

    Microsoft Project Evangelist

    Twitter:   LinkedIn:    Web:   

    Sunday, June 23, 2019 8:31 AM
  • Tibsy80 --

    I am getting the impression that you are ignoring my previous answers about using RBS for your security model.  In your initial post, you specifically said there will be exceptions to the RBS-based access

    If there were no exceptions, you certainly could use RBS security.  But you said there will be exceptions, which pretty much nullifies using RBS security. And yes, the security model I proposed would add a certain amount of manual overhead, but not much.  Seriously, how hard is it to add a project to a security Category and to add a new user to a security Group?  Hope this helps.


    Dale A. Howard [MVP]

    Sunday, June 23, 2019 4:48 PM
    Moderator