Project Server 2010/2007 Permission Settings

Assuming yourself at client side, finalizing your PWA configurations including Group permissions and planning to sit with the client to go through the PWA home page - and just found that the end user being part of the Project Manager group can also be able to delete any item from the custom list, able to change the web part settings, able to change the PWA theme and so on.

Now this will leave you wondering that how this is possible, and you might go through your Group/Category settings agains to verify the permissions. Actually apart from Group/Category permission, you also have to customize the PWA site permission to avoid any such situation. When you provision the Project Web App site, the default PWA site permission settings grant way too much permission to a user which in most cases are not acceptable. The groups permission settings allows user to use the PWA features, few of them are such as:

• Accessing Projects
• Accessing Resources
• Accessing Views
• Administrative settings

Now as stated above, after provisioning the PWA site, Project Server creates four levels of permissions for the PWA site:

• Web Administrators (Microsoft Office Project Server)
• Project Managers (Microsoft Office Project Server)
• Team Members (Microsoft Office Project Server)
• Readers (Microsoft Office Project Server)

Do not confuse this Project Manager group here with the Project Manager groups available in server settings of your PWA. This Project Manager group include all the users:

• who have the permission to save project OR
• permission to publish the project on project server.

which means that if you have configured your Portfolio Manager Group/Team lead group to have any one of the above permission, they will be part of this permission level. So basically we have to customize the permission level of Project Manager Group and Team Members Groups.

To resolve the issue, we are simply going to set the permissions of the Project Managers (Microsoft Office Project Server) and Team Members (Microsoft Office Project Server) permission levels within the PWA Root site to be equal to that of the Readers (Microsoft Office Project Server) permission level. To do this:

1. Log in to PWA as an Administrator
2. Expand the Site Actions menu by clicking on it
3. Click Site Settings

    4.   On the Site Settings page, under Users and Permissions, click Site Permissions

    5.   On the Permissions: Project Web Access page, click Permission Levels

You should now see the Permission Levels page. You should see thirteen Permission Levels listed — the four i have described earlier, and the standard SharePoint ones (Full Control, Design, Contribute, Read, Limited Access, View Only, Approve, Manage Hierarchy, and Restricted Read).

Click on the Project Managers (Microsoft Office Project Server) permission level, and uncheck the permission as per your requirement, such as:

• Manage Lists
• Overide Checkout
• Delete items
• Manage permissions
• create subsites
• Apply theme and borders
• Manage Alerts
• Create Groups, etc.

Click Submit, which will return you to the Permission Levels page. Now, click on the Team Members (Microsoft Office Project Server) permission level, and uncheck the not required permissions as above.

Removing these permissions prevents non-admins from altering the look, structure, or content of pages and etc. within PWA. We also prevent them from altering lists, discussion boards, and document libraries in PWA. Note that changes to these List permissions do not affect the ability to link Tasks to Workspace Items (documents, issues, deliverables, or risks); this behavior is controlled by the Create Object Links Category permission.




Posted in: Project Server Permissions