Applying Security to a PDP

[UPDATE 5/8/11 – after some testing based on reader comments, it looks like there’s an issue with this implementation model.  Make sure to read the comments at the bottom before trying to implement.]

Still obsessing about PDPs and how I can extend them with little or no code.  In this episode, I decided to explore how to lock down a PDP.  The primary goal is to enable read only access to a PDP for select members of a security group.  This post represents my first attempt, to see if I could simply implement security on the page.  In an upcoming post, I’ll document how to emulate a read only PDP by embedding an InfoPath form to surface Project Server data.

Put the two techniques together and you might actually be able to deliver some interesting solutions:

  • Security trim PDPs so that they only show up for Group A and not Group B.
  • Create read only PDPs and make them show up for Group B and not Group A.

And presto, you kind of have field level security as long as the PM doesn’t figure out how to open the project in Microsoft Project Professional to change the fields.  Since many PMs are now working almost entirely in the browser, that might be good enough for some organizations.

So after some experimentation, here’s how to do it.  Navigate to the PDP library in Server Settings.  Click on Library Settings under the Library tab.

image

Mouse over the PDP, and click on the drop down option.  Select the link to Manage Permissions.

SNAGHTML2db6d1

Under the Edit tab, select the option to stop inheriting permissions.

image

Users may now be granted or denied permissions as required.

image

Note that as far as I can tell, even readers of the page will have edit rights within the Webpart (assuming they have permissions to edit the project itself).  Based on the permissions however, the page will appear (or not) in the links on the top left of the project page.

So that’s progress.  Coming up next….using InfoPath to render read only PDPs.

Advertisements
Applying Security to a PDP

10 thoughts on “Applying Security to a PDP

  1. Melodie says:

    Andrew – I had a need for this very thing and had to figure it out on my own as I didn’t see your blog.

    When trying to figure this out on my own, I actually tried your option and everything worked fine for me as I’m an Administrator in Project Server 2010. However, when the PM updated the project information in PWA, they were able to save the information , but they received an error message when they tried to then close the project. The error message said “Value does not fall within the expected range”.

    So then I tried target audiencing on the PDP and still the same error message appeared.

    I ended up finding my own workaround to this and that was to use the ‘personalize this page’ option. So I added my own ‘hidden’ fields to an existing PDP by simply personalizing the page. And voila – I was able to see the fields, but the PMs weren’t.

    Anyway, thought I’d share this with you in case anyone else ran into this same error message issue and needed to find a workaround.

    1. mms says:

      HI Melodie,

      I am getting your exact error when I try to close a saved project.
      I did reset the project details pages library, to inheret permissions but am still getting the error.
      any clue?

  2. Norbert says:

    Hi Andrew,
    this approach seems interesting. Have you figured out a way to do achieve it without any problems?
    Thanks for an update.

    Regards
    Norbert

  3. Sye Faizan says:

    Hi Andrew,

    I would like to know would it be possible to have EPM 2010 Security Groups (Project Managers, Protfolio Managers etc) authorized to PDPs?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s