With an out of the box project site, Project Server only manages permission for an individual user at a site level. Project Server manages the permission of the project site based on the access project team members have to the project as defined by the Project Server Security Model. These permissions are then translated to a SharePoint security model within the project site. There are four SharePoint permission sets Project Server manages:
· Web Administrators (Microsoft Project Server)
High level, full access to the Project Site
· Project Managers (Microsoft Project Server)
Edit and Design permissions to the site. Ability to add and modify items as well as editing list schemas. For example, adding list columns and creating views
· Team Members (Microsoft Project Server)
Edit access to the site. Ability to add and modify items for example
· Readers (Microsoft Project Server)
Read only access to the site.
When the process is triggered, Project Server will check if a user is to be granted access to the project site and if so, which of the four permissions the user will be granted. By default, all objects within the project site inherit from the project site. The next level down we can manage security in SharePoint is to a list or document library level. The next level down again is at the item level. The following image provides an example of the SharePoint security levels on a Project Site.
The default Project Site security configuration is set for everything to inherit from the project site level permissions. If you would like to extend this security to lock things down we can leverage off the SharePoint Security model to achieve this. As an example, if we want to create a secured area for the Project Manager and trusted colleagues to manage sensitive Project Documentation, you could create a new SharePoint Document library. Then set the document library permissions to not inherit from the parent (site level) Once we break this link we have the ability to control the member ship and permission of those members for that particular document library. We can however go down another level and lock each document down but I would generally recommend only going down to the library/list level. It is of course possible but the more complex you make the security model, the harder it becomes to administer.
1. From the homepage of the Project Site, Click ‘Site Actions>More Options’ from the top left corner of the screen.
Please note you will require full access to the project site to be able to perform these steps. Please contact the Project Server Administrator for assistance if required.
1. Navigate to the Project Site
2. Click on the list or library you want to secure or manage permissions manually for.
6. Tick all the users who should remain in the list and click ‘Remove User Permissions’ to remove all marked users. NOTE – Ensure you keep yourself in this list otherwise you will lose permissions to manage the library/list. Also keep any administrator type people in the list. Click OK to the warning dialog box to proceed.
8. Select the appropriate permission to use for that particular user. Please note to avoid Project Server trying to be smart and manage the users permissions from it’s own security process, ensure you use the non ‘Project Server’ specific permissions which don’t include the text ‘(Microsoft Project Server)’ in the name. Click OK to apply the permission instantly.
10. Choose the people you want to give permissions to in this list or library. Click the open book icon to get a people search box. Check the appropriate SharePoint permission you wish to grant the user/s. Untick the option to send the user an email. If however you want them to receive an email notification then leave this ticked. Click OK to apply the permissions.