Jan 12 2021 07:15 AM
Good morning,
I am hoping someone in the community can help steer me in the right direct… and hopefully help me make sense of the nuances of getting permissions/Groups/Categories setup correctly.
Basic Setup
When a new Project is created, it kicks off a corresponding Teams Team and a SharePoint site. The owner of the Project then opens the Project in PWA, and uses Build Team to add users/resources, and then uses ‘Project Permissions’, which seems to be ‘the key’ in giving certain levels of access to the Documents in the SharePoint site.
We currently have 2 main ‘Groups’ that are used when setting up a new User/Resource in Project Web App:
Note: Not sure if it matters (it might!), but when initially getting a new Project going, the PM will open the Project in PWA, and go into ‘Project Permissions’. Currently, they assign ‘Project Permissions’ with 2 configurations…
PMs/Admins: Open the project within Project Professional or Project Web App. Edit and Save the project within Project Professional or Project Web App. Edit Project Summary Fields within Project Professional or Project Web App. Publish the project within Project Professional or Project Web App. View the Project Summary in the Project Center. View the Project Schedule Details in Project Web App. View the Project Site.
Foremen/Superintendents: Open the project within Project Professional or Project Web App. View the Project Summary in the Project Center. View the Project Schedule Details in Project Web. App View the Project Site.
GOAL: What I am looking to do is setup a 3rd Group, between these 2 Groups, which would basically be setup as such:
QUESTION: Where exactly would I need to make changes to get the Superintendents edit access in SharePoint?
Specific toggle(s)/permission(s) in a Group? Category? Security Template?
Specific toggle(s)/permission(s) when utilizing ‘Project Permissions’?
As always, I absolutely appreciate this community and yall’s knowledge!
-TRR
Jan 20 2021 09:50 AM
@tayram -- I think you are going down the wrong road asking your PMs to use the Project Permissions button to set special permissions for every project. Project permissions should be controlled almost entirely by Groups and Categories in Project Web App. Your application administrator has control over Groups and Categories, by the way. Also, if your organization is not doing so already, your Project Online system should be set up in Project Permissions mode rather than SharePoint Permissions mode, which will give your organization greater control over "who can do what" within the system.
If you are using Project Permissions mode, then there are basically three security Groups that will give your people the access that they need (or pretty close to that anyway):
So, based on the above, I think your organization could nicely solve your security needs using the default Groups in PWA, adding each user to the appropriate Group. Your app admin might need to "tweak" the permissions in the Group a bit to make things work correctly.
Also, to get things to work correctly for the third group, which you describe as the Superintendents group, each of them would need to be added to the project team of every project. They do not need to be assigned to any tasks in the project, but they do need to be a part of the project team. This will give them the Read/Write permissions they need in the Project Site. Members of the second group, which you describe as the Foreman group, would need to be added to the Portfolio Viewers group, which would give them Read/Only access to the Project Sites, where they could view all Risks, Issues, and Documents, but they would not be able to edit anything.
In addition, if you follow my advice above, your PMs would need to REMOVE all of the special permissions they have set on each of their projects so that the permissions will be totally control by Groups and Categories. Hope this helps.