Skip to main content

Project Server 2007 and Unique Workspace Permissions

The scenario:
You have a project workspace linked to a project
That workspace has a custom document library/list or Item that requires limited user access
The permissions for the document library are not inherited from the parent site
Users for this document library/list are added individually

The action
Customer permissions are changed in PWA
User Sync kicks off and re-syncs the users permissions

The outcome
The user permissions are removed and re-added to the site as expected
Any "unique" user level permissions on the site are removed (ie if you have added additional "contributor" access as well as the Microsoft Office Project Server group permissions, etc)
The users permissions on the list/item that do no inherit from the site are also removed but are not re-added

It appears that the user synchronisation can remove all permissions from the site, lists and items including those where permissions are not inherited, but can only add site level and inherited permissions. Therefore
a - all list/item level specific permissions are removed
b - any unique site security for these resources is also removed

Workarounds/Recommendations

1 Create list access GROUPS and grant access to these lists using groups memberships (not assigning individuals)
2 Create a subsite(s) of the parent site wherever permissions on the lists/libraries are required to be different from the parent site

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Restoring PWA Site to another Web App in the same Farm

The scenario is this: SharePoint 2016 Farm with Project Server Two Web Apps Development UAT One PWA on Development Web App. I want to copy the PWA Site on Development web app to UAT to support a testing cycle. As far as I knew there were two options: 1) Content Database Restore and Attach Process would be backup your Dev Content Database, Restore to a new Content Database for QA, then mount the database on the appropriate web app and your off.... Problem:  Although you can do this with the -AssignNewDatabaseID switch in Powershell (to avoid two content db's having the same database id) the Site Collection (PWA) in the db still retains its SiteID which means there is a duplicate SiteID in the Configuration Database.  This stops the PWA site being created and alllocated correctly and becomes essentially orphaned. This method is only any good for MOVING not COPYING Back to the drawing board... 2) Backup-SPSite / Restore-SPSite I didn't believe this ...
1 comment
Read more

SP2 released

Office Project Server 2007 Sp2 has now been released.  see the details here - http://blogs.msdn.com/chrisfie/archive/2009/04/28/announcing-service-pack-2-sp2-for-microsoft-project-2007-and-microsoft-project-server-2007.aspx .  see teh webcast here http://blogs.msdn.com/brismith/archive/2009/04/28/project-server-2007-service-pack-2-sp2-is-now-available.aspx Blogged with the Flock Browser
Post a Comment
Read more

Reporting from Project Server 2016 - multiple sites and userviews

Just a quickie... I've been interested in how MS have handled the "multiple PWA sites in a Content DB" thing since I read that this was their new approach.  Most of my reporting is via SSRS so i am reliant (still... in 2016) on DB queries rather than OData feeds (tsk) and this "querying a PWA DB with more than one PWA site in it is unsupported" quote was worrying me. So it looks like what is happening is this. When you create the first PWA site in a Content DB it hard-codes the SiteID into the _Userview view design elements.  This means that your first PWA Site is the default.  All the data for subsequent sites are still held in the tables against separate SiteID's but you cannot utilise the OOTB _Userview components (see below) SELECT        ProjectFields.... FROM            pjrep.MSP_TVF_EpmProject('FF19B767-CA6D-4C4C-B123-C0B5AE5354D6') AS MSP_EpmProject  LEFT OUTER JOIN         ...
Post a Comment
Read more