[UPDATE 5/8/11 – after some testing based on reader comments, it looks like there’s an issue with this implementation model. Make sure to read the comments at the bottom before trying to implement.]
Still obsessing about PDPs and how I can extend them with little or no code. In this episode, I decided to explore how to lock down a PDP. The primary goal is to enable read only access to a PDP for select members of a security group. This post represents my first attempt, to see if I could simply implement security on the page. In an upcoming post, I’ll document how to emulate a read only PDP by embedding an InfoPath form to surface Project Server data.
Put the two techniques together and you might actually be able to deliver some interesting solutions:
- Security trim PDPs so that they only show up for Group A and not Group B.
- Create read only PDPs and make them show up for Group B and not Group A.
And presto, you kind of have field level security as long as the PM doesn’t figure out how to open the project in Microsoft Project Professional to change the fields. Since many PMs are now working almost entirely in the browser, that might be good enough for some organizations.
So after some experimentation, here’s how to do it. Navigate to the PDP library in Server Settings. Click on Library Settings under the Library tab.
Mouse over the PDP, and click on the drop down option. Select the link to Manage Permissions.
Under the Edit tab, select the option to stop inheriting permissions.
Users may now be granted or denied permissions as required.
Note that as far as I can tell, even readers of the page will have edit rights within the Webpart (assuming they have permissions to edit the project itself). Based on the permissions however, the page will appear (or not) in the links on the top left of the project page.
So that’s progress. Coming up next….using InfoPath to render read only PDPs.