Security Overview for Microsoft Project Server 2002

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Published: June 1, 2003

Applies to:
Microsoft Project Server 2002
Microsoft Project Professional 2002

Summary Learn how the security features in Microsoft Project Server 2002 allow users to see and do only what is relevant to their particular project tasks and responsibilities.

On This Page

Introduction
Project Server Security Overview
Uses for Security
Project Server Security Terminology
Accessing Project Server Data
Additional Resources

Introduction

This article is the first in a series of six articles about Microsoft Project Server 2002 security. You can access the other security articles from the links below:

Project Server Security Overview

Microsoft Project Server provides a collaborative project management platform enabling project stakeholders to update, publish, and view project information. The server also provides centralized data storage for project information. It is often necessary to protect this data and regulate the information being communicated, whether from sources external to the organization or from different members within the organization depending on their responsibilities.

Microsoft Project Server provides a number of features to promote security. These features allow users to only see and do what is relevant to their particular needs and duties.

Uses for Security

Microsoft Project Server security can be used in a number of ways:

  • Protect confidential data from other users. Some projects may contain sensitive information or data that requires protection. If an organization's information is being supplied externally to clients, suppliers, or partners, there may be some details that should not be disclosed.

  • Secure data from malicious or accidental damage. Project data may be extremely valuable. Ensuring that only authorized users have access to that data reduces the chance of accidental or malicious loss of data.

  • Provide data based on the information needs and functionality requirements of the user. The security model can be configured to personalize information so that users only see data relevant to them, rather than a mass of data. For example, users interested in seeing only their own tasks, making project and portfolio views of information unnecessary to them.

  • Enforce project management process discipline within the organization. Assigning specific responsibilities and permissions to roles can help ensure discipline within the organizations project management process. For example, the options for adding, rejecting, and delegating tasks can be removed from the resource group.

Project Server Security Terminology

Microsoft Project Server security is based on the concepts of Microsoft Windows NT security. Here, security is based on objects, principles, and templates:

  • Security Objects. Items that can have actions carried out on them or items that contain data. In Microsoft Project Server, this includes categories that consist of collections of projects, resources, assignments, and views.

  • Security Principles. Define access to security objects. In Microsoft Project Server, users and groups have rights, or permissions, over security objects. This allows them to access or manipulate Microsoft Project Server objects.

    • Users. Any persons who access the Microsoft Project Server. In order to gain access, they need to have a user account recognized, or authenticated, by the server. Authentication of a user can be via a Microsoft Windows account or using the Microsoft Project Servers own accounts. Each user has a set of permissions or rights to perform actions and access data on the server.

    • Groups. Collections of users that have similar information and functionality needs. These are usually aligned with the type of roles played within an organization. Users can belong to multiple groups depending on the jobs they perform or the specific part of the organization they work in. Groups allow administrators to efficiently assign rights and permissions to users.

      Note: Microsoft Project security varies from the Microsoft Windows security model when it comes to the concept of hierarchical groups of users. This is not supported in Microsoft Project Server, but can be managed by duplicating groups for each level of a group hierarchy.

    • Permissions. Rules that determine the actions a user can perform on Microsoft Project Server. Global permissions provide rights over functionality within the server. Object permissions are associated with categories. These give users or groups the necessary rights to perform actions on objects associated with a category. Permissions are applied on a server (or organization), group, category, and user basis. This means a users actual permissions will consist of the combination of all the permissions the server has, the groups they belong to, the categories they have access to, as well as their individual permissions.

    • Categories. Define common sets of data access needs, usually aligned with business units, departments, or other project boundaries. Categories are collections of projects, resources, assignments, views, and models. Categories define the scope of the information accessed, providing multiple types of access to data for groups or users.

    • Views. Define the sets of data fields that can be displayed for the collections of projects, assignments, and resources in a category. Views also define the format of the display, such as the Gantt chart type, group style, and filters.

  • Templates. A quick way of applying predefined permission profiles to new or existing users, groups, and categories. By applying security templates you can easily standardize the rights being applied according to the role being played. This eliminates the tedious task of replicating permission across users by automatically mapping permissions by role.

Accessing Project Server Data

What a user sees in terms of data and what they can do in terms of performing actions or manipulating that data is governed by the relationship between the user, the users permissions, the servers permissions, the permissions or categories associated with any groups the user belongs to, and the views of data within those categories.

This model is reflected in the predefined groups, templates, and categories that are created when Microsoft Project Server is installed.

Cc768055.pj1scv01(en-us,TechNet.10).gif

Figure 1: Microsoft Project Server security layers

Additional Resources

The following links provide more information about security and Microsoft Project Server 2002: