none
Restricting access to 'Project Details' page in MS Project Server 2010 RRS feed

  • Question

  • I am currently trying to restrict user access to the project details page in MS Project Server 2010.

    At the moment anyone belonging to the project managers group can amend the information stored on the project details page at any point.

    I have tried changing the access rights of the Project Managers group to 'Read' via:

    Server Settings > Project Detail Pages > Project Details > Edit Web Part > Page > Permissions

    However after making this change I sat with a user (belonging to the project manager group) to test the system and he was still able to amend and save the project details section.

    Can anyone help me understand what I am doing wrong and how I can create the desired page restrictions?

    Thanks!

    Thursday, January 16, 2014 10:04 AM

All replies

  • Hello,

    Does the Project Managers security group in PWA (Server Settings > Manage Groups) have "Manage Lists in Project Web App" enabled? If it does, test removing that permission and test again. Here is a post on what access the Project Server permissions give on the PWA site:

    http://pwmather.wordpress.com/2012/05/31/projectserver-2010-global-permissions-access-to-pwa-site-actions-menu-items-ps2010-sp2010-msproject/

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com | CPS


    Thursday, January 16, 2014 10:19 AM
    Moderator
  • Thanks for your response Paul!

    I do currently have "Manage Lists in Project Web App" enabled, however I would be extremley hesitant to disable this permission, as it would prevent anyone within this group from editing other lists within the system e.g.. risks/issues/dependencies would it not?

    Was method I had previously described the correct way to restrict edit rights to a particular page within the system?

    Is there any other way to do this without amending Enterprise permissions? As these permissions seem to lack granularity affect multiple system features.

    Thanks again!

    Thursday, January 16, 2014 10:38 AM
  • Hello,

    No it shouldn't impact the list on the Project Sites as users are synchronised differently to the projects sites and PWA. I would test this permission change and see if it works for you.

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com | CPS

    Thursday, January 16, 2014 10:41 AM
    Moderator
  • Hi Paul,

    I have now removed the "Manage Lists in Project Web App" permission on our development site, yet project managers are still able to amend the detail within their  'Project Details' pages.

    Is there any other way that you can think of by which we could restrict access to the 'Project Details' page?

    Thanks again,

    Anil

    Thursday, January 16, 2014 2:52 PM
  • Hi Anil,

    Just a silly question..

    Have you checked that the user you're testing with is not part of multiple security groups?

    Here is an excellent post from Andrew Lavinsky (be careful to read the comments at the end of the post).

    Hope this helps.


    Guillaume Rouyre - MBA, MCP, MCTS

    Thursday, January 16, 2014 3:05 PM
    Moderator
  • Are you are referencing about modifying the values of custom fields(ECF) within the PDP page ? or is it about PDP page editing itself ? if it is about modification of ECF values then please be aware that project server applies security at project level rather than PDP or ECF level, the permissions are not that granular, hence if a person has edit rights for projects he can change any values of ECF either form PDP pages or MS project (unless fields are workflow controlled)

    Out of box there isn't a way to disable or restrict user from editing specific ECF's pertaining to specific PDP page, however this is possible with some customization

    Let me know, if i am missing out anything here


    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    Thursday, January 16, 2014 4:37 PM
    Moderator
  • Sorry, forgot the links in my post:

    http://azlav.umtblog.com/2011/05/03/applying-security-to-a-pdp/

    http://azlav.umtblog.com/2011/06/15/applying-security-to-a-pdp-redux/

    Hope this helps.


    Guillaume Rouyre - MBA, MCP, MCTS

    Thursday, January 16, 2014 4:40 PM
    Moderator
  •  

    Hi Guillame,

    Thanks for your response!

    I don't know if im being silly, but I could not find the link to the post that you had recommended?

    The test user was a member of another group, however prior to running the original test I had removed "Manage Lists in Project Web App" from this group as well.

    Additionally we have run tests on our development site where my team have removed all of my groups with the exception of the project manager group, yet I am still able to amend the properties of the test project I was the manager of.

    Any continuing advice/guidance would be greatly appreciated!

    Thanks again!

    Thursday, January 16, 2014 4:40 PM
  • Hi,

    I just posted my links, sorry for that...

    We actually did what you want to achieve (restrict PDP access to read-only for some security groups) in a recent PS2010 deployment, but we did it programmably.

    This would enforce what Sunil just said, meaning that you cannot configure with such granularity PDP access.

    Hope this helps.


    Guillaume Rouyre - MBA, MCP, MCTS

    Thursday, January 16, 2014 4:45 PM
    Moderator
  • I addition to the above post, recently have blogged about the same and have explained the customizations performed to get this going i.e. securing PDP page with customization, below is the link

    http://epmxperts.wordpress.com/2014/01/20/secure-pdp-pages-as-per-project-server-security/


    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    Monday, January 20, 2014 3:41 PM
    Moderator
  • Hi Everyone,

    Many thanks to each of your for taking the time to respond to my query, you have all been extremley helpful.

    Its frustrating that project server lacks the capabilities to restrict access to some extremley sensitive areas of the system without programming

    Thanks again for all of your your help!

    Kind regards,

    Anil

    Tuesday, January 21, 2014 1:32 PM