contoso iris carr owner amelia wade lead ba joseph pettis ba melvin mcdowell lead client developer...
TRANSCRIPT
![Page 1: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/1.jpg)
Anaheim, CA | February 2-5, 2014
![Page 2: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/2.jpg)
Michael Wharton, MVPProject/SharePoint ArchitectWharton Computer Consulting
Understanding security in Project Online and Project Server 2013 Nadin Merali
Program ManagerMicrosoft
PC330
![Page 3: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/3.jpg)
Speaker: Michael WhartonAwarded Project MVP (Microsoft Valuable Professional)Over Ten Years Experience with Project Pro and Project ServerOver 25 Project Server Deployments into PMOOver seven Project Server MigrationsTrained over thousand Project Managers using Project ProfessionalTechnical Reviewer for Missing Manual: Project Professional 2013 and 2013Web Site: www.WhartonComputer.ComBlog: www.MyProjectExpert.comTwitter: MyProjectExpertPassed over 42 Microsoft Certification ExamsMichael Wharton, MBA, PMP, MCT, MCITP, MCTS, MCSE+I, MCDBA, MCSD
![Page 4: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/4.jpg)
Speaker: NadinProgram ManagerWorks on Project Online and SecurityWorking on Project < 1 yearPMP CertifiedSoftware Consultant 8+ years
![Page 5: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/5.jpg)
Agenda
Contoso ScenarioPMO Security FundamentalsDifference between Security ModesSharePoint Permissions ModeDeep Dive in Project PermissionsSecurity Strategies and Best PracticesQuestions
![Page 6: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/6.jpg)
Who Are You?
![Page 7: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/7.jpg)
Contoso
![Page 8: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/8.jpg)
ContosoSoftware CompanyBanking softwareCurrently has Client/Server application - SentinelWorking on a new Cloud application – Sky FortressWant to use Project to manage projectsSentinel ClientSentinel ServerSky Fortress – New cloud based service
![Page 9: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/9.jpg)
ContosoOrganization Iris Carr
Owner
Amelia WadeLead BA
Joseph Pettis
BA
Melvin McDowellLead Client Developer
Martha Ramirez
Developer
Toni HuntDeveloper
Elsa Barber
Developer
Billy HatleyServer
Developer Lead
Earl RamsayDevelo
per
Lourdes MossDeveloper
Clyde Stitt
Developer
Helene GoodmanOnline Developer
Lead
Dwight Slattery
Developer
Joni WongDeveloper
Angel Chau
Developer
Marvin OverbyTest On-
Premise Lead
Clifton Mahaffey
Tester
Mayra CollierTester
Terrance MarkleyTester
Rodolfo WooleyTest Online
Lead
Rufus Moorman
Tester
Gabrielle GlennTester
Wilfred LewHR
Josh GowerMarketing/Sale
s Lead
Simone PeckMarketing/Sa
les
Hugo StongeIT
![Page 10: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/10.jpg)
ContosoAD
Executive Business Analyst
Client Developers
Server Developers
Online Developers
On-Premise Testers
Online Testers Marketing/Sales
Engineering leads Domain Admin Doman Users
![Page 11: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/11.jpg)
ContosoPWA Layout
Site Collection
PWA
Sentinel Client Sentinel Server
Sky Fortress
![Page 12: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/12.jpg)
ContosoRequirementsIT AdministratorGeneral AdministratorHandles AD, networking, SharePoint administration
Business Analyst PM’s of the companyNeed to oversee all projects
Developer/Test LeadHandle task assignmentsneed to understand what the their counterparts are doing
![Page 13: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/13.jpg)
ContosoRequirementsDeveloper/TesterSee the work they have to doShare designs/documentation/project collateral
Marketing and SalesWants to know what is going on so they can give feed back to the customers
ExecutiveWants to see the big pictureDoesn’t know what is going on the lower levels so provide restricted access
![Page 14: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/14.jpg)
PMO Security Fundamentals
![Page 15: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/15.jpg)
PMO Security Boundaries
What You Can See What You Can Do
![Page 16: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/16.jpg)
Security Strategies• SharePoint Permissions
(simplest)• Project Permissions (flexible)• Use default out-of-box permissions and sync AD
groups• Adjust permissions groups and categories as
needed• Add additional groups and categories• Manage security based on RBS• Manage projects and resources into categories
Simplest / Small PMO
Complex / Large PMO
![Page 17: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/17.jpg)
PWA Security Model Relationship
Users
Groups
Categories
Projects
Resources
Categories
Projects
Resources
Categories
Projects
Resources
Groups
Categories
Groups
Categories
Categories
SharePoint Permission Project Permission
![Page 18: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/18.jpg)
SharePoint Site Permissions LevelsFull ControlDesignContributeRead
![Page 19: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/19.jpg)
Categories associated with Default GroupsProject Server
Category Name AdministratorsPortfolio Managers
Portfolio Viewers Project ManagersResource Managers
Team Leads Team Members
My Direct Reports
My Organization
My Projects
My Resources
My Tasks
![Page 20: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/20.jpg)
Default Group PermissionsAdministratorsSite Permission Level Full ControlUsers have all global permissions as well as category permissions through the My Organization category. This allows them complete access to everything in Project Web App.
Portfolio ManagersSite Permission Level Design and Manage Sub SitesUsers have permissions to view Project Online data. This group is intended for high-level users who need visibility into projects but are not themselves assigned project tasks.
Portfolio ViewersSite Permission Level ContributeUsers have permissions to view Project and Project Web App data. This group is intended for high-level users who need visibility into projects but are not themselves assigned project tasks.
![Page 21: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/21.jpg)
Default Group PermissionsProject Managers for PWASite Permission Level Design and Manage Sub SitesUsers have permissions to create and manage projects. This group is intended for project owners who assign tasks to resources.
Resource Managers Site Permission Level DesignUsers have most global and category-level resource permissions. This group is intended for users who manage and assign resources and edit resource data.
Team LeadsSite Permission Level ContributeUsers have limited permissions around task creation and status reports. This group is intended for persons in a lead capacity that do not have regular assignments on a project.
![Page 22: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/22.jpg)
Default Group PermissionsTeam MembersSite Permission Level ContributeUsers have general permissions for using Project Web App, but limited project-level permissions. This group is intended to give everyone basic access to Project Web App.
![Page 23: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/23.jpg)
Project Server 2013 ArchitectureW
FEA
pp
SQ
L
Project Professional
2013
3rd party on-premises
applications
SharePoint AppsPowerShellBrowser
ASPX Pages Web Services WCF Endpoints
CSOM OData
ForwarderBusiness ObjectsBusiness ObjectsBusiness Objects
WCF Endpoints
Business ObjectsBusiness ObjectsBusiness ObjectsEventin
gQueue PCS Workflow
content configS
hare
Poin
tarchive
dbopublishdraft
Pro
ject
Event Receiver
AzureWorkflow
cubes
![Page 24: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/24.jpg)
Where do I get the users from?On Premise
Active Directory
User/Groups
Project Professional
2013Browser
SharePoint Project Server
Exchange
![Page 25: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/25.jpg)
Where do I get the users from?On Premise Office 365
Active Directory
User/Groups
Active Directory
User/Groups
SharePoint Online
Project Online
Directory Sync
Project Professional
2013Browser
Exchange Online
![Page 26: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/26.jpg)
Permission Modes Differences
![Page 27: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/27.jpg)
SharePoint vs Project Permission Mode
User Management + Permissions controlled through SharePoint
Permissions controlled through Project Server
Simple Permission Model
Allows Resource Delegation (Impersonation)Easy to use AD Group/Custom
Claims
Allows RBS-driven security
SharePoint Project
Customize specific user/group security
Complex + Flexiable
![Page 28: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/28.jpg)
SharePoint Permission Mode GroupsAdministrators for Project Web AppPortfolio Managers for Project Web AppPortfolio Readers for Project Web AppProject Managers for Project Web App
Sync
SharePoint Group Project Group
Team Member for Project Web App
Team Leads for Project Web App
Resource Manager for Project Web App
Administrators
Portfolio Managers
Portfolio Readers
Project Managers
Team Member
Team Leads
Resource Manager
![Page 29: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/29.jpg)
Project Permission Mode Groups
Administrators for Project Web AppPortfolio Managers for Project Web AppPortfolio Readers for Project Web AppProject Managers for Project Web App
SharePoint Group Project Group
Team Member for Project Web App
Team Leads for Project Web App
Resource Manager for Project Web App
Administrators
Portfolio Managers
Portfolio Readers
Project Managers
Team Member
Team Leads
Resource Manager
Sync
![Page 30: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/30.jpg)
Project ServerJob: Synchronization of SharePoint Server permissions to Project Web App permissions job for Project Service Application Every minute by default
Project OnlineEvery minute
SharePoint Permission Synchronization
![Page 31: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/31.jpg)
Project PermissionCalculates amount of changeSmall changes occur immediatelyLarge changes are queued for later time
User Profile Sync
![Page 32: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/32.jpg)
Changing Permission ModeProject Permission Mode SharePoint Permission modeDestructive actionSharePoint groups will override all Project Server permissions
![Page 33: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/33.jpg)
Changing Permission Mode using Project Online
![Page 34: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/34.jpg)
Changing Permission Mode using Project Online
![Page 35: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/35.jpg)
Changing Permission Mode on PremisePowerShellSet-SPProjectPermissionMode
–URL “http://domain/PWA” -AdministratorAccount “domain\AdminAccount”-Mode ProjectServer
Set-SPProjectPermissionMode –URL “http://domain/PWA” -AdministratorAccount “domain\AdminAccount”-Mode SharePoint
![Page 36: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/36.jpg)
SharePoint Permission Mode
![Page 37: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/37.jpg)
SharePoint Permission Mode PWA Groups
Administrators for Project Web AppPortfolio Managers for Project Web AppPortfolio Readers for Project Web AppProject Managers for Project Web App
Sync
SharePoint Group Project Group
Team Member for Project Web App
Team Leads for Project Web App
Resource Manager for Project Web App
Administrators
Portfolio Managers
Portfolio Readers
Project Managers
Team Member
Team Leads
Resource Manager
![Page 38: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/38.jpg)
SharePoint Permission ModeShare Point Project Site GroupsVisitorsMembersOwners Project: Heavy
GalaxySharePoint Group: Heavy Galaxy Visitors
SharePoint Group: Heavy Galaxy Members
SharePoint Group: Heavy Galaxy Owners
![Page 39: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/39.jpg)
SharePoint Group Sync
Team Member for Project Web App
Team Member
Custom
Sync
AD Users
AD Groups
Windows Group
Forms-based
Sync
AD Users
AD Groups
Windows Group
Forms-based
Custom
![Page 40: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/40.jpg)
ContosoSharePoint PWA Assignments
Administrators
Domain Admin
Portfolio Managers
Business Analyst
Portfolio Viewers
Executive
Marketing/
Sales
Project Managers
Engineering leads
Resource Managers
Engineering leads
Team Members
Domain Users
![Page 41: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/41.jpg)
ContosoSharePoint Site Collection AssignmentsSentinel Client
Owners
Business Analyst
Members
Client Develope
rs
On-Premise Testers
Visitors
Engineering leads
Marketing/Sales
Sentinel Server
Owners
Business Analyst
Members
Server Developer
s
On-Premise Testers
Visitors
Engineering leads
Marketing/Sales
Sky Fortress
Owners
Business Analyst
Members
Online Developer
s
Online Testers
Visitors
Engineering leads
Marketing/Sales
![Page 42: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/42.jpg)
ContosoChanges Iris Carr
Owner
Amelia WadeLead BA
Joseph PettisBA
Melvin McDowellLead Client Developer
Martha Ramirez
Developer
Toni HuntDeveloper
Elsa BarberDeveloper
Billy HatleyServer Developer
Lead
Earl RamsayDevelop
er
Lourdes Moss
Developer
Clyde Stitt
Developer
Helene GoodmanOnline Developer
Lead
Dwight Slattery
Developer
Joni WongDeveloper
Angel ChauDeveloper
Clyde StittDeveloper
Marvin OverbyTest On-Premise
Lead
Clifton Mahaffey
Tester
Mayra CollierTester
Terrance MarkleyTester
Rodolfo WooleyTest Online Lead
Rufus Moorman
Tester
Gabrielle GlennTester
Wilfred LewHR
Josh GowerMarketing/Sales
Lead
Simone PeckMarketing/Sal
es
Aarif MaaloufMarketing/Sal
es
Hugo StongeIT
![Page 43: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/43.jpg)
DemoSyncing in SharePoint Permission Mode
![Page 44: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/44.jpg)
Deep Dive Project Permissions
![Page 45: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/45.jpg)
Determining Security Mode• SharePoint Permissions
(simplest)• Project Permissions (flexible)• Use default out-of-box permissions and sync AD
groups• Adjust permissions groups and categories as
needed• Add additional groups and categories• Manage security based on RBS• Manage projects and resources into categories
Simplest / Small PMO
Complex / Large PMO
![Page 46: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/46.jpg)
Server Settings / Project Premise
![Page 47: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/47.jpg)
Out-of-Box Security for Project PremiseUsers
Portfolio Managers
My Organization
Project Managers
My Organization
Projects
Resources
My Projects
Projects
Resources
My Tasks
Projects
Resources
Team Members
My Tasks
Resource Managers
My Organization
My Projects
My Resources
Global Permissions
Category Permissions
![Page 48: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/48.jpg)
Permission is the authority to perform a specify action with the context of Project Server
Global Permissions grant users and groups the ability to perform actions throughout PWA and are assign to a group or user.
Category Permissions grant users and groups the ability to perform actions on specify projects and resources and are assign on a category level
![Page 49: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/49.jpg)
Enabling and Disabling Permissions
ALLOWCheck to EnableUncheck to Disable
DENYCheck to Disable
EverywhereUncheck to ignore
![Page 50: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/50.jpg)
Permissions that may get changeProject Manager Roles
Delete ProjectNew ProjectSave Project TemplateManage Rules
Resource Manager RolesLog on Project Server from Project ProfessionalTeam Member RolesCreate New Task or AssignmentSelf-Assign Team TasksReassign Task
![Page 51: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/51.jpg)
Contoso Security ModelUsers
Administrators
My Organization
Project / Resources
Marketing/Sales
My Organization
Project / Resources
Business Analyst
My Organization
Project / Resources
E n g in eer in g Lead s ( Project Man ag er s an d Resou r ce Man ag er )
My Organization
Project / Resources
Team Members
My Organization
Project / Resources
Resource Managers
My Organization
Project / Resources
Executive
My Organization
Project / Resources
![Page 52: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/52.jpg)
Demo: Create Project Group
Create New GroupAdd Categories and Set PermissionsAssign Group to a User
![Page 53: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/53.jpg)
Designing Security and Best Practices
![Page 54: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/54.jpg)
Putting it all togetherBuild Team to Define Security RequirementsGather Security RequirementsDesign and Build Security ModelTest Security Design Rollout Security
![Page 55: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/55.jpg)
Best PracticesUse AD Groups for Group SyncingAssign user to Project Groups or SP GroupsSet permissions on Groups (not Users)Do not add categories to usersDo not use the DENY permissions
![Page 56: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/56.jpg)
Feature SharePoint Permission
Project Server
Use a single set of security groups across Project Web App and SharePoint Server.
*
Permissions inheritance for PWA and Project Sites *
Direct authorization against Active Directory security groups *
Claims-based authorization * *
Manage authorization by role-based groups * *
Extensible and customizable * *
User delegation *
Ability to secure work resources *
Impersonation *
Security filtering using the Resource Breakdown Structure *
Custom Security Categories *
Summary of Permission Mode
![Page 57: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/57.jpg)
QuestionsQuestions
Michael Wharton, MVPProject/SharePoint ArchitectWharton Computer Consulting
Nadin MeraliProgram ManagerMicrosoft
![Page 58: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/58.jpg)
Thank You
Michael WhartonNadin Merali
![Page 59: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/59.jpg)
MyPC fill out evaluations & win prizes!
Fill out session evaluations by logging into MyPC on your laptop or mobile device.
Evaluation prizes daily! Claim your prize at the Registration Desk on Level 1.
www.msprojectconference.com
After the event, over 100 hours of resources; including all of the PPT decks and session videos will be available.
![Page 60: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/60.jpg)
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 61: Contoso Iris Carr Owner Amelia Wade Lead BA Joseph Pettis BA Melvin McDowell Lead Client Developer Martha Ramirez Developer Toni Hunt Developer](https://reader037.vdocuments.us/reader037/viewer/2022110207/56649d875503460f94a6c167/html5/thumbnails/61.jpg)
Design and Build Security Model
• SharePoint Permissions (simplest)
• Project Permissions (flexible)• Use default out-of-box permissions and sync AD
groups• Adjust permissions groups and categories as
needed• Add additional groups and categories• Manage security based on RBS• Manage projects and resources into categories
Simplest / Small PMO
Complex / Large PMO