Overview of Microsoft Project Server
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
On This Page
Using Microsoft Project 2002 and Microsoft Project Server
Microsoft Project Web Access is the interface you use to work with information stored in Microsoft Project Server. Depending on the permission settings used to log on to Microsoft Project Server and whether Microsoft Project Server is configured for Microsoft Project Standard or Microsoft Project Professional, users may perform different project activities or see different project information.
Microsoft Project Web Access provides access to specific Microsoft Project Server information in the following centers:
Home Center The Home Center allows quick access to Microsoft Project Server information and helps users decide which centers they need to visit first. For example, team members may learn they have new tasks and need to go to the Tasks Center to see them. What users see in the Home Center depends on access permissions set by the Microsoft Project Server administrator. The administrator may also have customized the Home Center.
Tasks Center The Tasks Center allows team members to view, edit, and update project task assignments that have been made in Microsoft Project. They can work with tasks in either a Gantt Chart or a Timesheet view. Users can only see information that the Microsoft Project Server administrator has given them permission to see. In the Tasks Center, users can perform numerous activities regarding their tasks (such as viewing, creating, and delegating tasks) and working times (such as transferring nonworking time from their Microsoft Outlook® Calendar and sending working day updates to the project manager).
Project Center The Projects Center allows users to view portfolios of projects or individual projects. They can see either summary information about multiple projects or detailed information about individual projects. They can also create to-do lists, which are lists of tasks that are not associated with a project. If Microsoft Project Server is configured for Microsoft Project Professional, the Project Center allows users to model a project by creating different project and resource cost scenarios, and to analyze projects and resources by using PivotCharts and PivotTables.
Resource Center Resource information in the Resource Center is available only if Microsoft Project Server is configured to work with Microsoft Project Professional. The Resource Center allows users to view, modify, and analyze information about resources. They can also view the availability of resources, resource allocation across projects, and assignments made through Microsoft Project Server.
Status Reports Center The Status Reports Center allows project managers to request, collect, and consolidate text-based status reports. A status report is a narrative description from team members about whatever subjects are relevant to an organization. It allows team members to respond to status reports and send them to their managers. Status reports can be set up so that project managers receive both individual submissions and a merged or compiled status report that groups responses per section into a single status report.
Updates Center The Updates Center allows project managers to review updates to project tasks and to resource working times sent to you from the resources' Tasks Center. In this center, they can also update their Microsoft Project plans with the latest information and view historical information after updates are made to the Microsoft Project plans.
Documents Center The Documents Center allows users, such as project managers and team members to easily manage project-related documents by viewing them, uploading them, and linking them to tasks by using Microsoft Project Web Access. Documents can provide others with helpful information during the course of the project. Before working with documents, a Web server running SharePoint™ Team Services from Microsoft must be installed and configured properly for Microsoft Project Server.
Issues Center The Issues Center is useful for tracking issues that arise throughout the project life cycle as it allows users, such as project managers and team members, to view and submit issues. Issue tracking improves the efficiency and effectiveness of project management because it allows them to communicate about problems and related action items with team members and stakeholders. Before project managers can track issues, a Web server running SharePoint Team Services must be set up and configured properly for Microsoft Project Server.
Admin Center The Admin Center allows an administrator to set defaults and define users and security for Microsoft Project Web Access and to set defaults for some Microsoft Project and Microsoft Project Server features. In the Admin Center, an administrator can perform numerous activities, such as managing users and groups, user permissions, views, organization, and enterprise features.
Most of the instructions for using Microsoft Project Web Access are contained within the centers themselves. Users can also click Help on the menu bar within each center for additional instructions. They can also point to items, such as buttons and options, to see tips about the items.
Additionally, administrators have the ability to add new centers and links to other web pages, as well as changing the order of items in each center, the order in which the centers display, and which items are in which centers. This functionality can be accessed in the Admin Center by clicking Manage organization, and then clicking Menus.
Preparing for Team Collaboration
Keeping Microsoft Project Server information secure
When Microsoft Project Server is installed, it creates a default user called Administrator, and you are prompted to set a password. Use strong passwords that combine upper- and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh%e. Weak password: House27. Use a strong password that you can remember so that you don't have to write it down.
Customizing Microsoft Project Server
Most Microsoft Project Server features can be used without further configuration. However, you might want to do additional work such as setting up views for your team, selecting authentication options for logging on, and customizing the look of Microsoft Project Web Access centers. You can find instructions for these activities in the Admin Center and in Help for Microsoft Project Web Access. A certain amount of thought should be put into how you wish to define your groups and security settings prior to rolling out your server. You do not want to give users permissions they do not need, but you also need to ensure that they aren't hindered from doing their work by overly restrictive permissions.
Preparing Microsoft Project Server for team collaboration
After establishing authentication settings, project managers can configure Microsoft Project for team collaboration with Microsoft Project Server. In Microsoft Project Standard, the Uniform Resource Locator (URL) pointing to the Microsoft Project Server Web site should be entered. For Microsoft Project Professional, the Microsoft Project Server URL and user name are automatically set when a Microsoft Project Server account is selected upon startup. Team members need to use this URL in their browsers to display the Microsoft Project Server Home Center in Microsoft Project Web Access.
To enter the URL to Microsoft Project Server in Microsoft Project Standard
On the Tools menu, click Options, and then click the Collaborate tab.
To change the collaboration system for the current project, in the Collaborate using box, click Microsoft Project Server.
In the Microsoft Project Server URL box, type the URL for Microsoft Project Server.
Under Identification for Microsoft Project Server, select one of the following logon methods:
Windows user account This method requires your Microsoft Windows® user account to identify yourself as the project manager to Microsoft Project Server. Windows user accounts offer the strongest security for your project files. In addition, when you use a Windows user account, you are automatically authenticated when you use Microsoft Project Web Access to access Microsoft Project Server, so you don't need to enter a user name or password.
Microsoft Project user name This method requires Microsoft Project Server authentication and your user name to identify yourself to Microsoft Project Server. Each time you access Microsoft Project Server, you are required to enter this user name and a password.
If you want to establish a Microsoft Project Server account before you publish a project, click Create Account.
To apply your collaboration settings to all new projects, click Set as Default.
To enter the URL to Microsoft Project Server in Microsoft Project Professional
On the Tools menu, click Enterprise Options, and then click Microsoft Project Server Accounts.
In the Microsoft Project Server Accounts dialog box, click Add.
In the Account Name box, type a friendly name for this account.
In the Microsoft Project Server URL box, type the URL for Microsoft Project Server, using the format http://<servername>/projectserver.
Under When connecting, select one of the following logon methods:
Use Windows user account This method requires your Microsoft Windows user account to identify yourself as the project manager to Microsoft Project Server. Windows user accounts offer the strongest security for your project files. In addition, when you use a Windows user account, you are automatically authenticated when you use Microsoft Project Web Access to access Microsoft Project Server, so you don't need to enter a user name or password.
Use a Microsoft Project Server account This method requires Microsoft Project Server authentication and your user name to identify yourself to Microsoft Project Server. Each time you access Microsoft Project Server, you are required to enter this user name and a password.
For more information on using the collaboration features of Microsoft Project, see Help for Microsoft Project.
Microsoft Project Server Accounts for Team Members
If Microsoft Project Server permissions allow automatic account creation, Microsoft Project Server accounts for your team members are created automatically when you publish their assignments to Microsoft Project Server from Microsoft Project.
If you use Microsoft Project Professional, every team member that has been added to the Enterprise resource pool is automatically added as a Microsoft Project Server user.
If you want team members to use their Windows user account rather than their Microsoft Project user name for authentication on Microsoft Project Server, you can establish the Windows user account name for them in Microsoft Project.
To use a team member's Windows user account for Microsoft Project authentication
On the View menu, click Resource Sheet.
In the Resource Name field, select a team member whose Windows user account you want to add.
Click Resource Information, and then click the General tab.
In the Windows Account box, enter the team member's Windows user account, using the format DomainName\UserName . You must use this format for Microsoft Project to recognize Windows user accounts correctly.
Repeat steps 2-4 to add Windows user accounts for other team members.
If you don't specify Windows user accounts for team members in Microsoft Project, their resource names will be used to create Microsoft Project Server accounts. These accounts are authenticated using Microsoft Project Server authentication; team members will see a logon screen in Microsoft Project Web Access, and they will have to enter their user names and passwords. By default, team members' passwords are blank the first time they log on to Microsoft Project Server using a Microsoft Project Server account. For security purposes, it is highly recommended that they set their passwords during their initial session using strong passwords that combine upper- and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh%e. Weak password: House27. They should set a strong password that they can remember so that they don't have to write it down.
User accounts can also be established by a Microsoft Project Server administrator in Microsoft Project Web Access or Microsoft Project. In Microsoft Project Web Access, an administrator can click Manage users and groups in the Admin Center, and then click Add User.
Working Offline with Microsoft Project Server
When Work Offline is selected on the File menu in Internet Explorer, Microsoft Project Web Access can be accessed from the Favorites menu and users can work with Microsoft Project Server while offline.
Offline, however, users are limited to perform the following activities:
View, edit, and save changes to their timesheets for a specified time period. Users must be online to send updates for their timesheets.
Edit and save changes to status reports. Offline, team members cannot send status reports or view previously submitted, previously edited, or late status reports, and project managers cannot view resource status report responses or create and send new status report requests.
View the Home Center without the ability to view new or updated assignments. Managers will not be able to create or run rules to process messages.
To learn more about administration and maintenance for Microsoft Project Server, see the Customizing and Administering Microsoft Project Server resource kit article.
To learn more about setting up and creating Microsoft Project Server views, see the Managing Views in Microsoft Project Web Access section of the Reporting in Microsoft Project Server resource kit article.
Microsoft Project Server Architecture
Microsoft Project Server uses Microsoft SQL Server™ 2000 as a data repository. SQL Server 2000 provides the scalability and performance required for Microsoft Project Server.
The Microsoft Project Server database architecture has changed from the database schemas used in Microsoft Project 2000 and Microsoft Project Central. Microsoft Project Server combines all of the table sets into a single database, providing scalability, performance, data access, and maintainability. The database schema used by Microsoft Project Server is a collection of four sets of tables, each with its own uses and data sets.
Microsoft Project 2002 tables
Microsoft Project 2002 tables are the data repository used by Microsoft Project Professional. All of the data about every version of every project in your portfolio is stored in this set of tables, along with enterprise resources and the enterprise global template. These tables are similar to the database schema used by Microsoft Project 2000; there are additional tables and fields, but no existing fields or table names from the Microsoft Project 2000 database schema have been altered, so any reports or SQL queries that worked directly against the Microsoft Project 2000 database schema will work against the Microsoft Project 2002 database schema. All tables that are a part of this set follow the naming convention MSP_*.
Microsoft Project Web Access tables
The Microsoft Project Web Access tables are based on the database schema that was used by Microsoft Project Central. New tables have been added and others have been redesigned or eliminated to increase the scalability, performance, and functionality of Microsoft Project Web Access. These tables store the project data that is shared with your executives and resources, including each resource's task list as well as the high-level project data reported in the Project Center (formerly Portfolio View in Microsoft Project Central). Resource task updates are also stored in these tables for approval by the project manager. The links between tasks, issues, and documents are stored here as well. All tables that are a part of this set follow the naming convention MSP_WEB_*.
Microsoft Project Server OLAP cube tables
The Microsoft Project Server OLAP cube tables are a new set of tables added to Microsoft Project Server to accommodate the OLAP reporting features available in Microsoft Project Web Access. This set of tables is used as the staging and fact tables for creation of the OLAP cube through SQL Server Analysis Services. The data in these tables is manually updated by clicking a button in the Admin Center of Microsoft Project Web Access; in addition, the data can be automatically updated periodically (weekly, for example) by a process that is part of Microsoft Project Server. All tables that are a part of this set follow the naming convention MSP_CUBE_*.
Microsoft Project Server view tables
The Microsoft Project Server view tables are another new addition to Microsoft Project Server that increase the performance and scalability of the project analysis views from the Project Center. These tables provide an expanded view of the project data contained in the Microsoft Project 2002 tables as described above, and they look similar to the tables exposed through the Microsoft Project OLE DB provider. These tables are excellent sources for generating reports across multiple projects because they are updated every time a user checks in an edited project from Microsoft Project Professional or updates enterprise code values through Microsoft Project Web Access. The Microsoft Project Server view tables are used as a reporting mechanism only and should be treated read-only. All tables that are a part of this set follow the naming convention MSP_VIEW_*.
Data Security Architecture
The data security model has been greatly enhanced for Microsoft Project Professional when it connects to Microsoft Project Server. A key element of the new data security model is the Project Data Service (PDS).
Project Data Service
The Project Data Service (PDS) is the middle layer between Microsoft Project Professional and the Microsoft Project Server database. The PDS gathers information about the user who is currently logged on to Microsoft Project Server to determine which information that user has been granted access to see from the Microsoft Project Server database. Each user's permissions are determined by the permissions the user has been granted in Microsoft Project Web Access—providing a single place to set security on your project management data.
In some cases, the PDS returns data that has already been filtered back to Microsoft Project Professional in XML format. In other cases, the PDS acts as the security gatekeeper for the project management data stored in the Microsoft Project Server database.
In the end, the PDS plays an important role in the entire Microsoft Project 2002 system. However, a user will never know that the PDS exists, since it is used behind the scenes to provide the functionality that Microsoft Project Server and Microsoft Project Professional require.
Behind the scenes, the PDS can function as follows:
Security Gatekeeper Before performing any action on behalf of a user, the PDS validates that the user is currently logged on to Microsoft Project Server. This action gives the PDS the proper context to check the security and permissions associated with each user. The permissions for each user are determined from Microsoft Project Web Access; in other words, if a user has permissions to check out a project in Microsoft Project Web Access, then the PDS grants that same level of access to that project for the same user. Therefore, all user permissions are controlled through the administration pages of Microsoft Project Web Access.
Data Middle Layer In some cases, the PDS gathers and filters data on the server side and returns the filtered data to Microsoft Project Professional (or another client calling the PDS) in XML format. For example, suppose a user opens a project by clicking Open on the standard toolbar or from the File menu in Microsoft Project Professional when it is online. Microsoft Project Professional calls a method on the PDS that gathers all the projects in the portfolio that the current user has been granted access to see in Microsoft Project Web Access. The PDS returns this list of projects to Microsoft Project Professional in XML format, including all relevant information about the projects, including name, version, checked-out state, and the level of permissions the user has for each project returned. This process ensures that in the Open Project dialog box, the user sees only those projects that he or she has been granted access to, as well as the level of permissions the user has for each of those projects. Similar methods are available for resources as well, both when a user opens resources to update the core resource information and when a user adds resources to the enterprise resource pool.
All of the PDS methods are exposed through the Simple Object Access Protocol (SOAP). SOAP is the standard object access protocol that is at the core of the Microsoft .NET services. So third parties can use the PDS methods through Microsoft Visual Studio® 6.0 using the SOAP Toolkit 2.0 Service Pack 2, as well as Visual Studio 7. Microsoft Project Server and the PDS are built to be easily accessed and extended now and in the future.
For more information about PDS, see The Project Data Service and Microsoft Project Server Security Architecture article in the Microsoft Project 2002 Software Development Kit on MSDN.
Microsoft Project Server's enterprise features include a significant revision in how Microsoft Project connects to the project database. When Microsoft Project 2000 opened a project from the database, it binds directly to the Microsoft Project tables in the database. If the user's data source name (DSN) allowed read/write access to the database, Microsoft Project could open and save changes to any project in the database, including projects managed by other project managers.
Microsoft Project Professional uses connections without a user-created DSN to bind to SQL Server views of the Microsoft Project 2002 tables. The SQL Server views contain only the information required to open the project, resource, or resources selected by the user. This information only exists in the SQL Server views while Microsoft Project is opening or saving projects or resources. The Microsoft Project 2002 architecture provides application-level security through the PDS and database-level security through the SQL Server views.
Microsoft Project Server security tables
Two additions to the Microsoft Project 2002 tables are the project security table and the resource security table. The PDS is the only component that directly accesses the security tables. To access data in the Microsoft Project Server database, a client (Microsoft Project Professional or a third party client) first needs to make a call to the PDS to request the database connection information, which includes a managed SQL Server user name and password stored on the Microsoft Project Server computer.
Next, the client creates a connection to the SQL Server using this managed SQL Server account. Each SQL Server connection has a unique identifier called a SQL Process ID (SPID), and the client gathers the SPID from the connection. This SPID is passed as a parameter to the PDS when the user requests access to a project or resource. The PDS uses the following procedure to process the request:
The PDS checks that the user is logged on to Microsoft Project Server.
The PDS checks that the user who is currently logged on has permission to access the requested project or resource.
If the user has the correct permissions, the PDS inserts a record into the appropriate security table and returns a successful result to the client.
Each security table row has fields for the project ID or resource's enterprise unique ID, as well as the SPID and flags for whether the user was granted read-only access or read/write access to the project or resource. After the client has completed reading or writing data to the database, another PDS method is called that revokes the access to the project or resource by deleting the appropriate rows in the appropriate security table.
SQL Server 2000 views
To ensure that the data exposed to the client's connection to the database server is filtered, the client connection with the managed account only has access to a set of SQL Server views. Each base table that is part of the Microsoft Project 2002 database tables has four sets of SQL Server views associated with it: project read-only, project read/write, resource read-only, and resource read/write. Each view performs a select on the base table and filters the data by performing a join with the appropriate security table—relying on the SPID as the primary key to perform the filtering. In addition, each view specifies the SQL command WITH CHECK OPTION, which prevents any data from being read or updated through the view that does not meet the filtered definition of the view query. Therefore, if there is no entry in the security table granting access to the requested project or resource, the SQL Server view would be completely empty.
SQL Server 2000 permissions
The managed SQL Server account that is used by clients to connect to the database server has the minimum SQL Server permissions required to perform the requested actions against the data in the database. The managed account has only select permissions against the read-only views and only has select, insert, update, and delete permissions against the read/write views. The managed account does not have any rights to access any of the tables in the database at all. This ensures that any connection made using that managed account can only access data after access has been requested and granted by the PDS.
Data Security Process
The process that Microsoft Project Professional goes through to access project data from the Microsoft Project Server database is as follows:
Call the PDS to request the database connection information.
Make a connection to the database using that information and gather the SPID for that connection.
Call the PDS to request access to the project or resource that the client needs to access and pass along the SPID from the previous step.
Make queries against the appropriate set of SQL Server views to gather and/or update the required information.
Call the PDS when the access is no longer required in order to maintain security of the data.
The Microsoft Project Server database view tables provide all of the project data that is needed for creating views (reports) in Microsoft Project Web Access. The view tables contain all of the information about projects and resources necessary to create the views, including Project Center views.
The Microsoft Project Server view tables are updated when a Microsoft Project user does any of the following:
Publishes a project plan from Microsoft Project 2002 to Microsoft Project Server.
Checks-in an enterprise project that has been modified.
Checks-in an enterprise resource.
Updates the resource availability tables.
For more information on setting up views, see the Managing Views in Microsoft Project Web Access section of the Reporting in Microsoft Project Server resource kit article.
Microsoft Project Server and Secure Sockets Layer
Because project management data is a valuable company asset, Microsoft Project Server should be configured to utilize Secure Sockets Layer (SSL) to protect this data. This is especially important if Microsoft Project Server is exposed to the Internet, which is strongly discouraged.
Secure Sockets layer protection
Secure Sockets Layer (SSL) is the technology used to encrypt and decrypt messages sent between the browser and server. By encrypting the data, you protect messages from being read while they are transferred across the Internet. SSL encrypts a message from the browser, then sends it to the server. When the message is received by the server, SSL decrypts it and verifies that it came from the correct sender (a process known as authentication).
SSL consists of software installed on both the browser and server. If you are using a recent version of any of the major browsers, support for SSL is built into the browser. But you still need to activate SSL on the browser and install it on your Web server. Several companies, including Verisign, SSL.com, and Equifax offer SSL encryption and authentication tools. Verisign's digital certificates, for example, are already installed in most recent versions of the major browsers.
SSL doesn't prevent the message from being intercepted. Although it's not impossible to decrypt the message, it would be extremely difficult without the server's private key.
Secure Socket Layer encryption process
SSL handles the scrambling of messages for you so that only the intended recipient can read it. At a high level, the encryption/decryption process includes the following steps:
The user browses to the secure Web server's site.
The user's SSL secured session is started and a unique public key is created for the browser (using the certificate authority's root certificate).
A message is encrypted and then sent from the browser using the server's public key. The message is scrambled during the transmission so that nobody who intercepts the message can make sense of it.
The message is received by the Web server and is decrypted using the server's private key.
The process of SSL encryption relies upon two keys: the server's public key and private key. The private key only exists on the Web server itself and is used by the Web server to encrypt and decrypt secure messages. The public key exists on any client computer that has installed a root certificate for that Web server. Once the public key is installed, the user can send encrypted messages to and decrypt messages received from the Web server.
To set up SSL support for your IIS-based Web site, you first need to get the appropriate digital certificates from a certificate authority. When you go to a certificate authority's Web site and begin the process of applying for the certificates, the steps are relatively straightforward. You'll need to fill out information about your company, who to contact, and valid documentation for your organization. Usually the articles of incorporation will suffice for the certificate authority to approve your certificates. This process may seem tedious, but it is necessary for the certificate authority to verify that your organization is legitimate.
Assuming that the certificate authority grants your request for a new digital certificate, they will send you a file via e-mail. This is your server certificate.
For information about security features within Microsoft Project 2002, see the Microsoft Project Server Security Architecture and Planning Guide article on MSDN.