none
Confidential Project RRS feed

  • Question

  • I need to set up functionality for Confidential projects in PWA. Based on what I have learned, these are the steps I would initially take:

    1. Create a new Category titled "Confidential Projects".

    2. Assign the confidential project to the newly created Confidential Projects category.

    3. Create a new Group titled "Confidential Project Viewers".

    4. Assign the Confidential Project category to the newly created Confidential Project Viewers group.

    Here is where I am struggling:

    The My Organization category is set up to include all current and future projects and includes the following groups: Administrators, Executives, Portfolio Managers, Project Managers and Resource Managers. I have been told that I can go into the My Organization category and rather than having <label for="idRdbProjectsAll">All current and future projects in Project Server database</label> selected, I should actually select all of projects EXCEPT for the confidential project. This makes sense, but, does this mean I would have to manually add every single project that gets created in the future into the Selected Projects box when it's not a confidential project?

    Is there another way to handle Confidential Projects?

    Thursday, November 1, 2012 9:39 PM

Answers

  • Hi,

    you can grant deny permissions for all that audience that you do not want to access your confidential projects to the category "Confidential Projects". This makes sure they cannot access the confidential projects regardless which permission they have.

    Best,

    Renke


    http://www.holert.com

    • Proposed as answer by Renke Holert Tuesday, November 20, 2012 1:07 AM
    • Marked as answer by meduncan42 Tuesday, November 20, 2012 3:20 PM
    Friday, November 2, 2012 12:59 AM
  • There's a few other holes here that you may need to plug.

    First, you don't want to get into the business of manually modifying the My Organization category. This gets to be a maintenance nightmare.

    Normally, does every PM see every project or just the ones that they either own or are on the project team? Do resource managers normally see all projects to which their resources are assigned? If this needs to be restricted, you may have an issue with the Resource Assignments view from Resource Center.

    Second, are you using RBS Security? There may be some applicable techniques if so.

    Lastly, BI will be a potential hole. Report Authors in Excel can basically see everything in the instance as Project security doesn't apply to SharePoint BI features. Also, these projects may appear in OLAP databases. You will have to accomodate this aspect in your project/task/assignment report designs.

    I've got to try out Renke's suggestion of using the deny at the Category permissions level to prevent other groups from seeing the data. I'm not sure how that's going to work when combined with the My Organization permissions so it'll be worth a look.

    Treb Gatte | @tgatte | http://AboutMSProject.com

    • Marked as answer by meduncan42 Tuesday, November 20, 2012 3:21 PM
    Friday, November 2, 2012 7:11 AM
    Moderator

All replies

  • Hi,

    you can grant deny permissions for all that audience that you do not want to access your confidential projects to the category "Confidential Projects". This makes sure they cannot access the confidential projects regardless which permission they have.

    Best,

    Renke


    http://www.holert.com

    • Proposed as answer by Renke Holert Tuesday, November 20, 2012 1:07 AM
    • Marked as answer by meduncan42 Tuesday, November 20, 2012 3:20 PM
    Friday, November 2, 2012 12:59 AM
  • There's a few other holes here that you may need to plug.

    First, you don't want to get into the business of manually modifying the My Organization category. This gets to be a maintenance nightmare.

    Normally, does every PM see every project or just the ones that they either own or are on the project team? Do resource managers normally see all projects to which their resources are assigned? If this needs to be restricted, you may have an issue with the Resource Assignments view from Resource Center.

    Second, are you using RBS Security? There may be some applicable techniques if so.

    Lastly, BI will be a potential hole. Report Authors in Excel can basically see everything in the instance as Project security doesn't apply to SharePoint BI features. Also, these projects may appear in OLAP databases. You will have to accomodate this aspect in your project/task/assignment report designs.

    I've got to try out Renke's suggestion of using the deny at the Category permissions level to prevent other groups from seeing the data. I'm not sure how that's going to work when combined with the My Organization permissions so it'll be worth a look.

    Treb Gatte | @tgatte | http://AboutMSProject.com

    • Marked as answer by meduncan42 Tuesday, November 20, 2012 3:21 PM
    Friday, November 2, 2012 7:11 AM
    Moderator
  • We are only piloting Project Server at this point since it's new for us, so we are allowing every PM to see every project, same with Resource Managers. We are not using RBS security.

    I am going to test using Renke's suggestion, I am hopeful it could work for our environment.

    Thank you both.

    Friday, November 2, 2012 2:59 PM
  • Very interesting problem.  Here are some options

    1) Provisiom another PWA with only that project

    2) Make the project a MPP and don't put in server.

    3) Put project on PWA, but don't use details in deliverables.

    4) For My Organization, select all the projects and exclude Confidential.  Lot a maintenance, but easily done.

    5) Remove My Organization category.


    Michael Wharton, MBA, PMP, MCT, MCSD, MCSE+I, MCDBA, MCC 2011, MCC2012
    Website http://www.WhartonComputer.com
    Blog http://MyProjectExpert.com contains my field notes and SQL queries

    Monday, November 5, 2012 4:39 AM
    Moderator