Skip to main content

Project Server 2007 and Unique Workspace Permissions

The scenario:
You have a project workspace linked to a project
That workspace has a custom document library/list or Item that requires limited user access
The permissions for the document library are not inherited from the parent site
Users for this document library/list are added individually

The action
Customer permissions are changed in PWA
User Sync kicks off and re-syncs the users permissions

The outcome
The user permissions are removed and re-added to the site as expected
Any "unique" user level permissions on the site are removed (ie if you have added additional "contributor" access as well as the Microsoft Office Project Server group permissions, etc)
The users permissions on the list/item that do no inherit from the site are also removed but are not re-added

It appears that the user synchronisation can remove all permissions from the site, lists and items including those where permissions are not inherited, but can only add site level and inherited permissions. Therefore
a - all list/item level specific permissions are removed
b - any unique site security for these resources is also removed

Workarounds/Recommendations

1 Create list access GROUPS and grant access to these lists using groups memberships (not assigning individuals)
2 Create a subsite(s) of the parent site wherever permissions on the lists/libraries are required to be different from the parent site

Comments

Popular posts from this blog

#projectserver2013 VIEW FAILURE: The view failed to load. Press OK to reload this view with the default settings. Press cancel to select another view.

** UPDATE ** includes notes relating to secondary bug where Timesheet is created without Administrative tasks.

Does this ring any bells?

This has been bugging me for months, but finally I have a repro for this:

Issue Summary:  When a task is deleted from a plan that is approved into a previous or current timesheet - even when there are no actuals on the task - you can no longer view the timesheet

The following repro has been proven:
- Setup system with Single Entry Mode, with enforced Status Approval before Timesheet Approval
- Create resource as own timesheet manager
- Create new project
- Create two tasks in the same week, starting monday with 5 days duration:  1) Task to assign actuals, 2) Task to delete post submission
- Assign Resource to tasks
- publish project
- as Timesheet User, go to the appropriate timesheet period for the tasks created
- Assign actual work to one task (task 1), leaving task 2 with no actual work
- Submit timesheet
- as Project Status Manager, approve the time on task 1 …

What to do when your application server goes bang

What happens when someone kills your Application Server?
So imagine the scenario:
Three Server Solution - SQL - SharePoint 2010 and Project Server 2010 Application Server (Central Admin Host) - Wfe/ReportServer
We wake one bleary Monday morning to find that some numpty has killed the application server and the users are baying for blood.
Well surprisingly SharePoint handles this disaster recovery scenario particularly well.  Well.  Better than I thought it would to be honest.
Rough steps:
- quick SQL backup to be safe - Rebuild your application server - reinstall pre-reqs - reinstall SP, PS, SPFSP1, SPS+PSSP1, Cumulative Update and other stuff you usually put on there. - Run your configuration wizard to reattach to the Farm, and select Host CA Site
The last step was what I was VERY wary of.  Would the server simply reattach to the Farm, even when there is no CA server available?  
Bingo your back.... almost.... you are going to get errors a-gogo in your event log as things just aren't quite back…

Reporting from Project Server 2016 - multiple sites and userviews

Just a quickie...
I've been interested in how MS have handled the "multiple PWA sites in a Content DB" thing since I read that this was their new approach.  Most of my reporting is via SSRS so i am reliant (still... in 2016) on DB queries rather than OData feeds (tsk) and this "querying a PWA DB with more than one PWA site in it is unsupported" quote was worrying me.

So it looks like what is happening is this.

When you create the first PWA site in a Content DB it hard-codes the SiteID into the _Userview view design elements.  This means that your first PWA Site is the default.  All the data for subsequent sites are still held in the tables against separate SiteID's but you cannot utilise the OOTB _Userview components (see below)


SELECT        ProjectFields....
FROM            pjrep.MSP_TVF_EpmProject('FF19B767-CA6D-4C4C-B123-C0B5AE5354D6') AS MSP_EpmProject 
LEFT OUTER JOIN
                      pjrep.MSP_TVF_EpmInternalProjectHierarchies('FF19B767-CA6…