How to Configure Enterprise Security for Microsoft Project Server 2002
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
Microsoft Project Server 2002
Microsoft Project Professional 2002
Summary Learn how to configure security in a Microsoft Project Professional and Microsoft Project Server enterprise environment.
On This Page
This article is part of a series of six articles about Microsoft Project Server 2002 security. You can access the other security articles from the links below:
Microsoft Project Server is designed to support large organizations in centrally managing a portfolio of projects and resources. In a Microsoft Project Professional and Microsoft Project Server enterprise configuration, multiple departments use a centrally defined resource pool and a centrally defined set of project, resource, and task fields. Typically, enterprise configurations must support multiple layers of management.
This configuration is appropriate for customers using the enterprise features of Microsoft Project Professional and Microsoft Project Server. Like the hosted department configuration, multiple layers of management need to have access to reports. In addition, enterprise configurations frequently need to support resource managers and portfolio managers. Resource managers need to be able to view projects and view and edit resource information. Portfolio managers need to be able to view and edit the enterprise global template and the enterprise resource pool.
From a security perspective, planning for an enterprise configuration is quite similar to planning for a hosted department configuration. One exception is the ability to use the (resource breakdown structure (RBS) enterprise resource outline code. Microsoft Project Server categories support a security rule based on the RBS code. This security rule allows users and groups granted permissions to a category to view all resources managed by the user. The security rule works by:
Querying for the RBS value of a user who is assigned permissions on the category.
Using the returned value to find all resources with a RBS value that is a child node of the security principal's RBS value.
This security rule can significantly simplify the setting of resource manager permissions. However, it requires the RBS lookup table to be designed, and it requires all users to have RBS values.
Typically, post-setup configuration for enterprise servers is similar to configuration of hosted department servers. Categories and groups should be defined for departmental and middle managers, as in the hosted multiple department configuration.
Portfolio manager accounts should be created and added to the predefined portfolio managers group.
Resource manager accounts should be created and added to the pre-defined resource managers group. The predefined resource managers group depends on all resources being assigned an RBS value.
If resources are not assigned RBS values, resource manager groups and, possibly, categories should be created. In general, the groups and categories should be designed to correspond to the reporting structure for resource managers.
As new projects are launched within a department, these projects must be added to the appropriate executive category or categories.
Security map example for the enterprise configuration
The map below illustrates the categories and groups for an organization with two departments and two layers of executives: departmental managers and executives. Departmental managers can view only the projects and resources within their department. Executives can view all projects and resources. The executives, project managers, team members, resource managers, and portfolio managers groups can be used as created during setup.
The following links provide more information about security and Microsoft Project Server 2002: