One of the most common areas of confusion in Microsoft Enterprise Project Management Solution (MSEPM) is security. EPM has a very granular security model and a fair amount of complexity.

Within EPM, the first set of security objects defines group and individual access to the application. You can manage access to application features and functions through the use of Users and Groups and Security Templates, found under the Administration screen in Project Web Access (PWA).

• Users - Any individuals who access Project Web Access.
• Groups - Collections of individual users with the same permission requirements.
• Security Templates - Rules applied to groups to simplify the administration of permissions.

The second set of security objects provides ways to access, or limit access, to data including projects, resources and views. Categories are the collection of projects, resources, assignments, views and models to which users and groups are granted access.

A defined Resource Breakdown Structure (RBS) is a major tool used by categories in defining how they grant access.  Project Web Access includes the following default Categories:

• My Tasks - Intended for individual team members who are assigned to tasks in one or more enterprise projects.
• My Projects - Intended for project managers, grants read and write access to projects created by project managers.
• My Resources - Intended for resource managers and uses a security rule based on RBS.  It is useful only when RBS is defined.
• My Direct Reports - Intended for resource managers who need to approve timesheets.
• My Organization - This category is used to grant access to all information in the organization. It is intended for members of a Project Management Office, or Executives in an organization, and other key users who require the ability to view projects and resources across the entire organization.

Security Rules are used to query the Project Server database to determine the list of projects, resources and models a particular user can access. Examples are:

• Information for all resources that a resource manager manages.
• A project manager’s or resource manager’s own models.
• Models created by resources that a resource manager manages.

So to summarize, Security Templates and Groups are just convenient ways for system administrators to assign rights to a large number of users. Categories and Security Rules define and automate the granting of access to data relating to projects, resources and models in the project server database.

Troy Wheeler, Vice President of Technology, EPM2e, can be reached at 800-878-0385.

Tags: Microsoft Project Server, Security

This entry was posted on Friday, July 21st, 2006 at 3:00 am and is filed under Microsoft Project Server. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.