Wednesday, February 29, 2012

How to create a secured document library in a Project Server 2010 project site

How the Project Server Security Model Integrates with the SharePoint Security Model

With an out of the box project site, Project Server only manages permission for an individual user at a site level. Project Server manages the permission of the project site based on the access project team members have to the project as defined by the Project Server Security Model. These permissions are then translated to a SharePoint security model within the project site. There are four SharePoint permission sets Project Server manages:

·         Web Administrators (Microsoft Project Server)
High level, full access to the Project Site

·         Project Managers (Microsoft Project Server)
Edit and Design permissions to the site. Ability to add and modify items as well as editing list schemas. For example, adding list columns and creating views

·         Team Members (Microsoft Project Server)
Edit access to the site. Ability to add and modify items for example

·         Readers (Microsoft Project Server)
Read only access to the site.


When the process is triggered, Project Server will check if a user is to be granted access to the project site and if so, which of the four permissions the user will be granted. By default, all objects within the project site inherit from the project site. The next level down we can manage security in SharePoint is to a list or document library level. The next level down again is at the item level. The following image provides an example of the SharePoint security levels on a Project Site.

The default Project Site security configuration is set for everything to inherit from the project site level permissions. If you would like to extend this security to lock things down we can leverage off the SharePoint Security model to achieve this. As an example, if we want to create a secured area for the Project Manager and trusted colleagues to manage sensitive Project Documentation, you could create a new SharePoint Document library. Then set the document library permissions to not inherit from the parent (site level) Once we break this link we have the ability to control the member ship and permission of those members for that particular document library. We can however go down another level and lock each document down but I would generally recommend only going down to the library/list level. It is of course possible but the more complex you make the security model, the harder it becomes to administer.


Creating a document library

1.      From the homepage of the Project Site, Click ‘Site Actions>More Options’ from the top left corner of the screen.

2.      Click the ‘Library’ link on the left, select ‘Document Library’, enter a name for the library and click the ‘Create’ button.

3.      Once the Document Library has been created, a link on the left navigation menu will automatically appear.

Secure the document library

Please note you will require full access to the project site to be able to perform these steps. Please contact the Project Server Administrator for assistance if required.

1.      Navigate to the Project Site

2.      Click on the list or library you want to secure or manage permissions manually for.

3.      Click on the Library Tab at the top of the screen and select ‘Library Permissions’ for a document library or ‘List Permissions’ for a list.

4.      Click the ‘Stop Inheriting Permissions’ button

5.      Click OK to acknowledge the inheritance breakage

6.      Tick all the users who should remain in the list and click ‘Remove User Permissions’ to remove all marked users. NOTE – Ensure you keep yourself in this list otherwise you will lose permissions to manage the library/list. Also keep any administrator type people in the list. Click OK to the warning dialog box to proceed.

7.      To edit the permissions of an individual users, select the user and click ‘Edit User Permissions’.

8.      Select the appropriate permission to use for that particular user. Please note to avoid Project Server trying to be smart and manage the users permissions from it’s own security process, ensure you use the non ‘Project Server’ specific permissions which don’t include the text ‘(Microsoft Project Server)’ in the name. Click OK to apply the permission instantly.

9.      Add additional SharePoint users to the project site by clicking the ‘Grant Permissions’ button.

10.  Choose the people you want to give permissions to in this list or library. Click the open book icon to get a people search box. Check the appropriate SharePoint permission you wish to grant the user/s. Untick the option to send the user an email. If however you want them to receive an email notification then leave this ticked. Click OK to apply the permissions.


No comments:

Post a Comment