none
I want to break inheritence and create unique permissions in a Project Server 2010 project site list/library. RRS feed

  • Question

  • Some Project Managers want to restrict permissions on certain lists or libraries in their Project Server 2010 project site. However, when I have done this for them, by breaking inheritence to the parent site and then removing/adding users with unique sharepoint permissions, it seems that when the project schedule is published, some of the newly created permissions are lost.

    I have tried creating a SharePoint group at the project site level and then applied it with specific permissions (eg. Contribute) to the list/library and this seems to work better but I haven't been able to confirm yet if this will work in the longer term.

    Does anyone know what is the best method to break inheritence and set up unique permissions on a list in a Project Server 2010 project site that will not be lost when the project schedule is published?

    Thanks

    Peter


    • Edited by Nonplussed Tuesday, October 8, 2013 12:34 AM
    Tuesday, October 8, 2013 12:31 AM

All replies

  • There is a way to do this. However, this setting will impact all of the Project Sites and it can make SharePoint permission management difficult if the SharePoint permissions are not setup correctly.

    In Server Settings / Project Site Provisioning Settings

    There is an option in the "Project Site Permissions" section. If it is selected, Project Workspace permissions is driven by the Project Schedules.  De-Selecting this option, the Project Schedules no longer drive the project workspace permissions.

    Tuesday, October 8, 2013 3:57 AM
  • Thanks Lynda

    I am aware that I can disengage the entire permissions sychronisation using that setting but that is not what I want to do.  I just want to be able to break the inherited permissions on individual document libraries or lists on specific Project Sites so that I can restrict access to nominated people.

    My issue is that when I do this, I find that some of the amended permissions disappear from time to time.  It seems to be related to when the schedule is published.  They don't revert to the inherited permissions, just some of the people who I have given direct access to no longer have access.

    Im just trying to find out the best way to manage setting non-automated permissions on a single list or library in a Project Server project sites so the changes stick.

    Peter

    Tuesday, October 8, 2013 4:08 AM
  • Hi,

    I am afraid, but unless you stop auto synchronization of permissions, you will experience the same issue. this is due to the way project site permissions are designed to be integrated with project resource permissions.  

    hope this helps.


    Khurram Jamshed - MBA, PMP, MCTS, MCITP ( Blog, Twitter, Linkedin )
    If you found this post helpful, please “Vote as Helpful”. If it answered your question, please “Mark as Answer”.

    Tuesday, October 8, 2013 12:15 PM
  • There are some crazy ways to do this. It will be interesting if someone replies with a way to do this on a site that is linked to a schedule and the synchronization is selected.

    You could disconnect the schedule from the workspace. The issue with that is you lose the linking capabilities of list and document items to tasks and lose the dependency management functionality. I do not know how many sites you have running at the same time, permission management at a site level can become tedious.

    I did have another thought/approach but it is too crazy to suggest :)

    Because of some of our requirements, I have the synchronization turned off and manage the permissions at the site collection level. All workspaces inherit from the top level and have special permissions on some lists and document folders.

    Tuesday, October 8, 2013 3:27 PM
  • Hi Peter, I am facing same issue did you find any solution for this, when sync service is running it will remove the users.
    Monday, January 20, 2014 6:49 AM
  • Unfortunately I have not had any further responses and I have not discovered a solution elsewhere.

    Monday, January 20, 2014 10:35 PM
  • I am sure you discovered this already but MS fixed a bug with synchronization in the August 2013 CU so that permissions do not inherite when synchronization is turned off
    Thursday, April 24, 2014 2:49 AM
  • Why don't you just create a new library for secure documents and break the inheritance?  I'm pretty sure it won't pick up security on Publish.

    Andrew Lavinsky [MVP] Blog: http://azlav.umtblog.com Twitter: @alavinsky

    Thursday, April 24, 2014 3:56 AM
    Moderator
  • Hi Lynda

    Unfortunately, I need to keep the synchronisation turned on as I don't want to manually manage the security for all sites in Project Server.

    Thanks anyway.

    Peter

    Thursday, April 24, 2014 6:15 AM
  • Hi Andrew

    This is exactly what I have been doing.  Creating new libraries where the Project Manager wants to store secure documents (eg financial documents) that he/she does not want made available to all the project team.

    When I break inheritance for these libraries/lists, and set permissions individually using SharePoint security, the permissions do appear to randomly disappear.

    Cheers

    Peter

    Thursday, April 24, 2014 6:17 AM
  • Peter,

    As Andrew mentioned, breaking inheritance should work. "Publish" does not modify the custom security you created.

    However, anytime you change anything on the Security groups/Categories, at PWA level, it triggers a site wide synchronization. In this scenario, the sync job "removes" all permissions, but then cannot add the custom permissions you set. I am pretty sure this also happens when you change something on the Resource Information at the enterprise level (or move them to different categories etc.,).

    Unfortunately, that is how it is, as long as you have the automatic synchronization job running.


    Prasanna Adavi,PMP,MCTS,MCITP,MCT http://thinkepm.blogspot.com

    Thursday, April 24, 2014 12:43 PM
    Moderator
  • With the given answers, that's the way it works

    however on other hand one possible solution to achieve what you are trying would be to have a customized solution where in you override the events that synchronizes permission and have an event handler attached to appropriate events to perform the sync as required 


    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com


    Thursday, April 24, 2014 7:09 PM
    Moderator
  • Hi Prasana

    The issue is when a site wide synch occurs which you rightly state causes permissions to be removed and then re-applied. This is when I have the problem of the custom permissions disappearing.

    I have accepted that as long as I have the auto-synch turned on, there is nothing I can do about this.

    Thanks for your response, and thanks to everyone who has contributed. 

    The bottom line is if you have a need to dis-inherit permissions on a list/library from the parent site, and you still want to have the auto-synch function turned on, then you just have to live with the occassional loss of permissions when a site wide synch occurs and re-apply the permissions again.

    Peter

    Monday, April 28, 2014 6:09 AM
  • Sync shouldn't impact custom groups or lists - only the Project Server synchronized groups and lists.  Just create new objects to model security.

    Andrew Lavinsky [MVP] Blog: http://azlav.umtblog.com Twitter: @alavinsky

    Monday, April 28, 2014 1:18 PM
    Moderator
  • Andrew,

    The issue with that is, "What one can do" on project sites is still controlled by the Project Server Synced groups, thereby overriding the custom SharePoint permissions pretty much.


    Prasanna Adavi,PMP,MCTS,MCITP,MCT http://thinkepm.blogspot.com

    Monday, April 28, 2014 1:28 PM
    Moderator