Manage security groups in Project Server 2010

 

Applies to: Project Server 2010

Topic Last Modified: 2012-01-19

Summary: Administrators can manage security permissions for groups by using the Manage Groups page in PWA Server Settings.

A group is a container for users that can be assigned permissions in Microsoft Project Server 2010. Users automatically inherit the permissions of any group to which they belong. By adding users to groups, you can significantly reduce the amount of time spent managing user permissions. You can manage groups from the Microsoft Project Web App (PWA) Server Settings page.

Avoid creating unnecessary groups. Having lots of groups and categories in an organization can lead to additional management complexity. Additionally, having many groups and categories can stress the authorization system, which can affect performance.

You can modify the information associated with any security group in Project Server 2010. For example, you may have to modify the group for changes to users or categories, or for changes to the Active Directory group to which it is currently being synchronized.

We recommend not modifying the default Project Server groups, but instead creating a new group that has the same permissions and modifying the new group.

By default, the following groups are created when Project Server 2010 is installed:

  • Team Members   Users have general permissions for using PWA, but limited project-level permissions. This group is intended to give everyone basic access to PWA. All new users are added to the Team Members group automatically. This group is associated with the My Tasks category.

  • Project Managers   Users have most global and category-level project permissions and limited resource permissions. This group is intended for users who maintain project schedules daily. This group is associated with the My Organization and My Projects categories.

  • Resource Managers   Users have most global and category-level resource permissions. This group is intended for users who manage and assign resources and edit resource data. This group is associated with the My Direct Reports, My Organization, My Projects, and My Resources categories.

  • Executives   Users have permissions to view project and Project Server data. This group is intended for high-level users who need visibility into projects but are not themselves assigned project tasks. This group is associated with the My Organization category.

  • Team Leads   Users have limited permissions around task creation and status reports. This group is intended for people in a lead capacity who do not have regular assignments on a project. This group is associated with the My Projects category.

  • Portfolio Managers   Users can create and edit data, but cannot perform Project Server administrative tasks such as adding users or creating groups. Portfolio Managers are able to view and edit all projects and resources in the organization. This group is associated with the My Organization category.

  • Administrators   This group is granted all available Project Server permissions. It is associated with the My Organization category.

These default groups should be used together with the five default categories.

Task requirements

The following are required to perform the procedures for this task:

  • Access to Project Server 2010 through the Project Web App site.

  • The Manage users and groups global permission in Project Server 2010 in order to add, modify, or delete a group.

To manage groups in Project Server 2010, you can perform the following procedures: