Background

By default, the security permissions in Project Online and Microsoft Project Server only allow project managers to open and edit their own projects, and do not allow project managers to see anyone else’s projects in either Microsoft Project or the Project Center page in Project Web App. However, a common security requirement in many organizations is that project managers should be able to open and edit their own projects, and they should be able to open Read-Only the projects that belong to other project managers. Therefore, this article is aimed at users who are application administrators for their organization’s Project Online or Microsoft Project Server. By the way, from this point forward, I will refer to these two software applications as the Microsoft PPM solution.

Setting Up the Security Permissions

The permissions for project managers in Project Web App are controlled the Project Managers security group, along with its interaction with the My Projects and My Organization security Categories. Let’s first take a look at the default permissions for these two security Categories.

To access either the My Organization or My Projects security Category, log into Project Web App with administrator permissions. In the upper right corner of the Home page of Project Web App, click the Settings menu button (it looks like a gear wheel) and then select the PWA Settings item on the menu. In the Security section of the PWA Settings page, click the Manage Categories link. The system displays the Manage Categories page such as shown in Figure 1.

Figure 1: Manage Categories page in PWA

Figure 1: Manage Categories page in PWA

Remember that security Categories grant access to projects, resources, and views. So, let’s take a look at the My Organization category to see how it relates to projects. Click the My Organization link to display the Add or Edit Category page for the My Organization category, such as shown in Figure 2.

In the Projects section of the page, you can see the projects to which users are granted access. Notice that the Include all current and future projects option is selected, which means that through this Category, users are granted access to every current and future project in Project Web App. Click the Cancel button to exit the Add or Edit Category page for the My Organization category.

Figure 2: Add or Edit Category page for the My Organization category

Figure 2: Add or Edit Category page for the My Organization category

Next, let’s take a look at the My Projects category to see how it relates to projects. Click the My Projects link to display the Add or Edit Category page for the My Projects category, such as shown in Figure 3.

In the Projects section of the page, you can see the projects to which users are granted access. Notice that the Include only the following projects option is selected, but that no projects are shown in the Selected Projects list. When the Selected Projects list is empty, the system automatically determines user access to projects using the five checkbox options at the bottom of the section. Notice that only the first checkbox is selected, The User is the Project Owner or the User is the Status Manager on assignments within that Project. With this option selected, each user is granted access to only his/her own projects. Click the Cancel button to exit the Add or Edit Category page for the My Projects category.

Figure 3: Add or Edit Category page for the My Projects category

Figure 3: Add or Edit Category page for the My Projects category

So, after reviewing these two security Categories, we have now seen that they control user access to projects as follows:

  • The My Organization category grants user access to every current and future project.
  • The My Projects category grants user access to each user’s own projects.

With this in mind, let’s now look at the Project Managers group, which utilizes both of these security Categories. In the upper right corner of the Home page of Project Web App, click the Settings menu button (it looks like a gear wheel) and then select the PWA Settings item on the menu. In the Security section of the PWA Settings page, click the Manage Groups link. The system displays the Manage Groups page such as shown in Figure 4.

Figure 4: Manage Groups page

Figure 4: Manage Groups page

Click the Project Managers link to display the Add or Edit Group page for the Project Managers group. Scroll down to the Categories section of the page and then select the My Projects item in the Selected Categories list, such as shown in Figure 5.

The Permissions data grid for the selected category is where you see the overlap between the Project Managers group and the My Projects category. I like to think of the Permissions grid in the following manner:

  • The Category controls what users can access.
  • The Group controls what users can do.
  • The overlap between the Group and a Category controls what users can do with what they can access.

When you look at the Permissions for My Projects data grid, you can see what members of the Project Managers group can do with their own projects. In the Project section of the data grid shown in Figure 5, you can clearly see that members of this group have full control over their own projects. Notice that members of this group have permissions to open, save, and publish their own projects. They also have permissions to view their own projects in the Project Center page and they have permissions to view their own project schedules in Project Web App.

Figure 5: Permissions for My Projects data grid

Figure 5: Permissions for My Projects data grid

Click the My Organization item in the Selected Categories list to display the Permissions for My Organization data grid shown in Figure 6. In this data grid, you can see what members of the Project Managers group can do with everyone else’s projects. You can clearly see that they do not have permission to open anyone else’s projects, since the Allow checkbox is not selected for the Open Project permission. This means they cannot see or open anyone else’s project in Microsoft Project. You can also see that they do not have permission to view anyone else’s projects in the Project Center page, since the Allow checkbox is not selected for the View Project Summary in Project Center permission.

Figure 6: Permissions for My Organization data grid

Figure 6: Permissions for My Organization data grid

If your organization needs to allow your project managers to see everyone else’s projects, but to only open those projects Read-Only, all you need to do is to select the Allow checkbox for the Open Project permission. This will allow each project manager to open other user’s projects in Read-Only mode. And if you want your project managers to be able to see everyone else’s projects in the Project Center page, all you need to do is to select the Allow checkbox for the View Project Summary in Project Center permission. When finished, click the Save button to save the changes to the Project Managers group.

Extra for Experts: What if all of the project managers in your organization need Read/Write access to every project in your Microsoft PPM system? The solution to that security need is very simple. All you need to do is to open the My Projects category for editing, to select the Include all current and future projects option, and then click the Save button. With that one simple change, every project manager will be able to see, open, edit, save, and publish every project in your Microsoft PPM system.