PWA: Group/Category & Project Permissions -in relation to- SharePoint: Read vs Edit Access

%3CLINGO-SUB%20id%3D%22lingo-sub-2053093%22%20slang%3D%22en-US%22%3EPWA%3A%20Group%2FCategory%20%26amp%3B%20Project%20Permissions%20-in%20relation%20to-%20SharePoint%3A%20Read%20vs%20Edit%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2053093%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20morning%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20hoping%20someone%20in%20the%20community%20can%20help%20steer%20me%20in%20the%20right%20direct%E2%80%A6%20and%20hopefully%20help%20me%20make%20sense%20of%20the%20nuances%20of%20getting%20permissions%2FGroups%2FCategories%20setup%20correctly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CU%3EBasic%20Setup%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EWhen%20a%20new%20Project%20is%20created%2C%20it%20kicks%20off%20a%20corresponding%20Teams%20Team%20and%20a%20SharePoint%20site.%20The%20owner%20of%20the%20Project%20then%20opens%20the%20Project%20in%20PWA%2C%20and%20uses%20Build%20Team%20to%20add%20users%2Fresources%2C%20and%20then%20uses%20%E2%80%98Project%20Permissions%E2%80%99%2C%20which%20seems%20to%20be%20%E2%80%98the%20key%E2%80%99%20in%20giving%20certain%20levels%20of%20access%20to%20the%20Documents%20in%20the%20SharePoint%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20have%202%20main%20%E2%80%98Groups%E2%80%99%20that%20are%20used%20when%20setting%20up%20a%20new%20User%2FResource%20in%20Project%20Web%20App%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EProject%20Managers%20%E2%80%93%20In%20PWA%3A%20Have%20a%20Project%20license%2C%20work%20with%20publishing%20the%20Schedule.%20In%20Project%20SharePoint%3A%20Upload%20documents%20into%20various%20%E2%80%98Focused%20Libraries%E2%80%99%20(folders%20for%20specific%20types%20of%20files.%3C%2FLI%3E%3CLI%3EForeman%20%E2%80%93%20In%20PWA%3A%20A%20few%20have%20an%20Essentials%20license%2C%20which%20is%20likely%20unnecessary.%20In%20Project%20SharePoint%3A%20View%20any%20documents%20that%20have%20been%20uploaded.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ENote%3A%3C%2FSTRONG%3E%20Not%20sure%20if%20it%20matters%20(it%20might!)%2C%20but%20when%20initially%20getting%20a%20new%20Project%20going%2C%20the%20PM%20will%20open%20the%20Project%20in%20PWA%2C%20and%20go%20into%20%E2%80%98Project%20Permissions%E2%80%99.%20Currently%2C%20they%20assign%20%E2%80%98Project%20Permissions%E2%80%99%20with%202%20configurations%E2%80%A6%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPMs%2FAdmins%3A%20Open%20the%20project%20within%20Project%20Professional%20or%20Project%20Web%20App.%20Edit%20and%20Save%20the%20project%20within%20Project%20Professional%20or%20Project%20Web%20App.%20Edit%20Project%20Summary%20Fields%20within%20Project%20Professional%20or%20Project%20Web%20App.%20Publish%20the%20project%20within%20Project%20Professional%20or%20Project%20Web%20App.%20View%20the%20Project%20Summary%20in%20the%20Project%20Center.%20View%20the%20Project%20Schedule%20Details%20in%20Project%20Web%20App.%20View%20the%20Project%20Site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EForemen%2FSuperintendents%3A%26nbsp%3B%20Open%20the%20project%20within%20Project%20Professional%20or%20Project%20Web%20App.%20View%20the%20Project%20Summary%20in%20the%20Project%20Center.%20View%20the%20Project%20Schedule%20Details%20in%20Project%20Web.%20App%20View%20the%20Project%20Site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CU%3EGOAL%3A%3C%2FU%3E%3C%2FSTRONG%3E%20What%20I%20am%20looking%20to%20do%20is%20setup%20a%203rd%20Group%2C%20between%20these%202%20Groups%2C%20which%20would%20basically%20be%20setup%20as%20such%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ESuperintendents%20%E2%80%93%20In%20PWA%2C%20like%20Foremen%2C%20really%20don%E2%80%99t%20do%20anything.%20In%20Project%20SharePoint%3A%20View%20all%20documents%2C%20with%20the%20ability%20to%20mark-up%20(edit)%20documents.%20This%20group%20needs%20the%20ability%20to%20%E2%80%98edit%E2%80%99%20so%20that%20they%20are%20able%20to%20highlight%20and%20make%20notes%20on%20Design%20Drawings.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CU%3EQUESTION%3A%3C%2FU%3E%3C%2FSTRONG%3E%20Where%20exactly%20would%20I%20need%20to%20make%20changes%20to%20get%20the%20Superintendents%20edit%20access%20in%20SharePoint%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESpecific%20toggle(s)%2Fpermission(s)%20in%20a%20Group%3F%20Category%3F%20Security%20Template%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESpecific%20toggle(s)%2Fpermission(s)%20when%20utilizing%20%E2%80%98Project%20Permissions%E2%80%99%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20always%2C%20I%20absolutely%20appreciate%20this%20community%20and%20yall%E2%80%99s%20knowledge!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-TRR%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2053093%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOnline%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EProject%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2079510%22%20slang%3D%22en-US%22%3ERe%3A%20PWA%3A%20Group%2FCategory%20%26amp%3B%20Project%20Permissions%20-in%20relation%20to-%20SharePoint%3A%20Read%20vs%20Edit%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2079510%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F826331%22%20target%3D%22_blank%22%3E%40tayram%3C%2FA%3E%26nbsp%3B--%20I%20think%20you%20are%20going%20down%20the%20wrong%20road%20asking%20your%20PMs%20to%20use%20the%20Project%20Permissions%20button%20to%20set%20special%20permissions%20for%20every%20project.%26nbsp%3B%20Project%20permissions%20should%20be%20controlled%20almost%20entirely%20by%20Groups%20and%20Categories%20in%20Project%20Web%20App.%26nbsp%3B%20Your%20application%20administrator%20has%20control%20over%20Groups%20and%20Categories%2C%20by%20the%20way.%26nbsp%3B%20Also%2C%20if%20your%20organization%20is%20not%20doing%20so%20already%2C%20your%20Project%20Online%20system%20should%20be%20set%20up%20in%20Project%20Permissions%20mode%20rather%20than%20SharePoint%20Permissions%20mode%2C%20which%20will%20give%20your%20organization%20greater%20control%20over%20%22who%20can%20do%20what%22%20within%20the%20system.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20using%20Project%20Permissions%20mode%2C%20then%20there%20are%20basically%20three%20security%20Groups%20that%20will%20give%20your%20people%20the%20access%20that%20they%20need%20(or%20pretty%20close%20to%20that%20anyway)%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%20Project%20Managers%20group%20gives%20each%20project%20manager%20Read%2FWrite%20access%20to%20his%2Fher%20own%20projects.%26nbsp%3B%20It%20also%20gives%20the%20PM%20access%20in%20the%20Project%20Site%20to%20create%20and%20edit%20Risks%20and%20Issues%2C%20as%20well%20as%20to%20upload%20and%20edit%20documents.%3C%2FLI%3E%0A%3CLI%3EThe%20Team%20Members%20group%20gives%20each%20team%20member%20access%20to%20view%20their%20tasks%20in%20only%20the%20projects%20to%20which%20they%20are%20assigned%20tasks%20(so%20that%20they%20can%20report%20progress%20on%20either%20the%20Tasks%20page%20or%20Timesheet%20page%20in%20PWA).%26nbsp%3B%20Members%20of%20this%20group%20can%20also%20create%20and%20edit%20Risks%20and%20Issues%2C%20as%20well%20as%20being%20able%20to%20upload%20and%20edit%20documents.%3C%2FLI%3E%0A%3CLI%3EThe%20Portfolio%20Viewers%20group%20can%20view%20information%20about%20EVERY%20project%20in%20your%20system%20and%20EVERY%20resource%20in%20your%20system%2C%20but%20they%20CANNOT%20change%20anything.%26nbsp%3B%20They%20can%20also%20view%20the%20Project%20Site%20for%20EVERY%20project%2C%20but%20they%20can%20only%20VIEW%20items%20such%20as%20Risks%2C%20Issues%2C%20and%20documents%2C%20but%20they%20CANNOT%20edit%20any%20of%20them.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3ESo%2C%20based%20on%20the%20above%2C%20I%20think%20your%20organization%20could%20nicely%20solve%20your%20security%20needs%20using%20the%20default%20Groups%20in%20PWA%2C%20adding%20each%20user%20to%20the%20appropriate%20Group.%26nbsp%3B%20Your%20app%20admin%20might%20need%20to%20%22tweak%22%20the%20permissions%20in%20the%20Group%20a%20bit%20to%20make%20things%20work%20correctly.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%2C%20to%20get%20things%20to%20work%20correctly%20for%20the%20third%20group%2C%20which%20you%20describe%20as%20the%20Superintendents%20group%2C%20each%20of%20them%20would%20need%20to%20be%20added%20to%20the%20project%20team%20of%20every%20project.%26nbsp%3B%20They%20do%20not%20need%20to%20be%20assigned%20to%20any%20tasks%20in%20the%20project%2C%20but%20they%20do%20need%20to%20be%20a%20part%20of%20the%20project%20team.%26nbsp%3B%20This%20will%20give%20them%20the%20Read%2FWrite%20permissions%20they%20need%20in%20the%20Project%20Site.%26nbsp%3B%20Members%20of%20the%20second%20group%2C%20which%20you%20describe%20as%20the%20Foreman%20group%2C%20would%20need%20to%20be%20added%20to%20the%20Portfolio%20Viewers%20group%2C%20which%20would%20give%20them%20Read%2FOnly%20access%20to%20the%20Project%20Sites%2C%20where%20they%20could%20view%20all%20Risks%2C%20Issues%2C%20and%20Documents%2C%20but%20they%20would%20not%20be%20able%20to%20edit%20anything.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20if%20you%20follow%20my%20advice%20above%2C%20your%20PMs%20would%20need%20to%20REMOVE%20all%20of%20the%20special%20permissions%20they%20have%20set%20on%20each%20of%20their%20projects%20so%20that%20the%20permissions%20will%20be%20totally%20control%20by%20Groups%20and%20Categories.%26nbsp%3B%20Hope%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Good morning,

 

I am hoping someone in the community can help steer me in the right direct… and hopefully help me make sense of the nuances of getting permissions/Groups/Categories setup correctly.

 

Basic Setup

When a new Project is created, it kicks off a corresponding Teams Team and a SharePoint site. The owner of the Project then opens the Project in PWA, and uses Build Team to add users/resources, and then uses ‘Project Permissions’, which seems to be ‘the key’ in giving certain levels of access to the Documents in the SharePoint site.

 

We currently have 2 main ‘Groups’ that are used when setting up a new User/Resource in Project Web App:

 

  1. Project Managers – In PWA: Have a Project license, work with publishing the Schedule. In Project SharePoint: Upload documents into various ‘Focused Libraries’ (folders for specific types of files.
  2. Foreman – In PWA: A few have an Essentials license, which is likely unnecessary. In Project SharePoint: View any documents that have been uploaded.

 

Note: Not sure if it matters (it might!), but when initially getting a new Project going, the PM will open the Project in PWA, and go into ‘Project Permissions’. Currently, they assign ‘Project Permissions’ with 2 configurations…

 

PMs/Admins: Open the project within Project Professional or Project Web App. Edit and Save the project within Project Professional or Project Web App. Edit Project Summary Fields within Project Professional or Project Web App. Publish the project within Project Professional or Project Web App. View the Project Summary in the Project Center. View the Project Schedule Details in Project Web App. View the Project Site.

 

Foremen/Superintendents:  Open the project within Project Professional or Project Web App. View the Project Summary in the Project Center. View the Project Schedule Details in Project Web. App View the Project Site.

 

GOAL: What I am looking to do is setup a 3rd Group, between these 2 Groups, which would basically be setup as such:

 

  1. Superintendents – In PWA, like Foremen, really don’t do anything. In Project SharePoint: View all documents, with the ability to mark-up (edit) documents. This group needs the ability to ‘edit’ so that they are able to highlight and make notes on Design Drawings.

 

QUESTION: Where exactly would I need to make changes to get the Superintendents edit access in SharePoint?

 

Specific toggle(s)/permission(s) in a Group? Category? Security Template?

 

Specific toggle(s)/permission(s) when utilizing ‘Project Permissions’?

 

As always, I absolutely appreciate this community and yall’s knowledge!

 

-TRR

1 Reply

@tayram -- I think you are going down the wrong road asking your PMs to use the Project Permissions button to set special permissions for every project.  Project permissions should be controlled almost entirely by Groups and Categories in Project Web App.  Your application administrator has control over Groups and Categories, by the way.  Also, if your organization is not doing so already, your Project Online system should be set up in Project Permissions mode rather than SharePoint Permissions mode, which will give your organization greater control over "who can do what" within the system.

 

If you are using Project Permissions mode, then there are basically three security Groups that will give your people the access that they need (or pretty close to that anyway):

 

  • The Project Managers group gives each project manager Read/Write access to his/her own projects.  It also gives the PM access in the Project Site to create and edit Risks and Issues, as well as to upload and edit documents.
  • The Team Members group gives each team member access to view their tasks in only the projects to which they are assigned tasks (so that they can report progress on either the Tasks page or Timesheet page in PWA).  Members of this group can also create and edit Risks and Issues, as well as being able to upload and edit documents.
  • The Portfolio Viewers group can view information about EVERY project in your system and EVERY resource in your system, but they CANNOT change anything.  They can also view the Project Site for EVERY project, but they can only VIEW items such as Risks, Issues, and documents, but they CANNOT edit any of them.

So, based on the above, I think your organization could nicely solve your security needs using the default Groups in PWA, adding each user to the appropriate Group.  Your app admin might need to "tweak" the permissions in the Group a bit to make things work correctly.

 

Also, to get things to work correctly for the third group, which you describe as the Superintendents group, each of them would need to be added to the project team of every project.  They do not need to be assigned to any tasks in the project, but they do need to be a part of the project team.  This will give them the Read/Write permissions they need in the Project Site.  Members of the second group, which you describe as the Foreman group, would need to be added to the Portfolio Viewers group, which would give them Read/Only access to the Project Sites, where they could view all Risks, Issues, and Documents, but they would not be able to edit anything.

 

In addition, if you follow my advice above, your PMs would need to REMOVE all of the special permissions they have set on each of their projects so that the permissions will be totally control by Groups and Categories.  Hope this helps.