Forum Discussion

tayram's avatar
tayram
Copper Contributor
Jan 12, 2021

PWA: Group/Category & Project Permissions -in relation to- SharePoint: Read vs Edit Access

Good morning,   I am hoping someone in the community can help steer me in the right direct… and hopefully help me make sense of the nuances of getting permissions/Groups/Categories setup correctly....
Online
Project
Dominic_M10's avatar
Dominic_M10
Copper Contributor
Jun 27, 2024

Dear Guru Dale_HowardMVP , thanks for your wisdom on this question, I have a supplementary ask around the same topic.

 

We have recently unpicked an overly complex security regime, 29 different groups, not quite so many categories and in some cases users in a large number of groups, record being 19 out of 29 possible. 

 

i have been banging the drum to promote implicit permissions against projects through groups rather than explicit access through the options permitted by Basic Project Permissions. 

 

Is it fair to say that explicit permissions impose more of an overhead on determining what users can see and do compare to implicit permissions arising from group membership? Our old security regime appeared to be placing a heavy demand on the server in terms of navigating the myriad permutations arising from so many security groups.

 

As part of our transition some users are not seeing what they used to see, which is good as it indicates that explicit permissions were not being employed, however users are tempted to use Project Permissions and granting explicit permissions to overcome this challenge rather than running with the security model as it is designed to work. We are looking at disabling Basic Project Security for the majority of our new groups as a result.

 

Dale_HowardMVP's avatar
Dale_HowardMVP
MVP
Jun 27, 2024
Dominic_M10 --

Based on your description of your current security model, I suspect that what you have created is simply too complex to work reliably. It surely must be an app admin's worst nightmare. But if your PMs start adding special permissions for their projects, that will only make matters worse. My recommendation would be to do your best to reduce the number of security Groups and Categories instead. Since I cannot see your Project Online instance, I cannot advise you how to accomplish this, but I think that would be the better way to move forward. Hope this helps.
  • Dominic_M10's avatar
    Dominic_M10
    Copper Contributor
    Jun 27, 2024
    Hi Dale - thanks for the swift response. We made a change to the security model and now only have 7 security groups, I have recommended that we remove Basic Project Security permissions from users as to allow this to persist undermines the intent in simplifying the security model we now have. I will let you know if this argument wins the day.

Resources