DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project.

Slides:



Advertisements
Similar presentations
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Advertisements

The System Center Family Microsoft. Mobile Device Manager 2008.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Project Server “12”: Developing Project Management Solutions Phil Smail OFF311 Program Manager Microsoft Project Business Unit.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
SharePoint 2010: Building an enterprise public website Vinod Unny Enterprise InfoTech Microsoft Regional Director.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics.
Microsoft Office SharePoint Server Business Intelligence Tom Rizzo Director, Microsoft Office SharePoint Server
Understanding Active Directory
Module 8: Implementing Administrative Templates and Audit Policy.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
The What Why and How.  MCTS  These certifications provide the foundation for Microsoft Certification  MCITP  These certifications build on the technical.
How to write less code to build and extend Enterprise Portal How to share code and metadata between Enterprise Portal and Client.
Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Module 1: Introduction to Administering Accounts and Resources
Introducing Visual Studio ® LightSwitch™ Andrew Coates Microsoft DEV201 #auteched #dev201.
Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.
Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.
Business Solutions Using Microsoft ® Office SharePoint ® Server ROADSHOW.
D402 Extending your LOB Solution with Microsoft EPM Larry Duff Senior Consultant Microsoft Corporation.
How to organize and plan your people and resources for EPM Roy Kayahara Program Manager Microsoft Office Project Microsoft Corporation.
Timesheet Deployment Considerations with Microsoft Office EPM Solution David Ducolon Program Manager Project Microsoft Corporation.
Implementing Resource Management within EPM Roy Kayahara Program Manager Microsoft Office Project Microsoft Corporation.
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Project 2003 Presentation Ben Howard 15 th July 2003.
Tips and Tricks for Managing and Administering your Enterprise Project Management Server Solution Mike Joe / Karthik Chermakani Software Test Engineer.
Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.
Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics.
Name Microsoft Student Partner Overview of the Visual Studio 2005 Express Products.
Windows Role-Based Access Control Longhorn Update
SVR330 Introduction to The Microsoft Office Project 2003 Software Development Kit (SDK) Bob Walker IW Product Technical Specialist - EPM EPG Microsoft.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Microsoft Office Project 2003: A tour of the EPM Solution.
Module 10: Implementing Administrative Templates and Audit Policy.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
Spaso Lazarević Microsoft MVP Nova banka ad Banja Luka Building business application using Visual Studio 2013 LightSwitch.
D300 Introduction to the Project Data Service (PDS) Larry Duff Senior Consultant Microsoft Services for Partners Microsoft Corporation.
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
ASP.NET 2.0 Mohammed Abdelhadi Developer.NET Evangelist Microsoft Corporation.
Portfolio Analyzer Extender v. 1240
Demand Management and Workflow
Windows 7 Training Microsoft Confidential.
MODULE 10 – PROJECT SERVER
Security Management: Successes and Failures
O365 & AZURE ADDS Mladen Baranek, Miadria
6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Timesheets and Statusing in Project 2013
9/11/2018 4:10 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Extensible Platform Microsoft Dynamics 365
Microsoft Dynamics NAV 2017
SharePoint Online Management and Control
Performance Management Microsoft Office PerformancePoint Server 2007
Microsoft Virtual Academy
TechEd /4/2018 3:19 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
TechEd /11/ :54 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Dynamics GP 2018 – Payroll and Human Resources
LitwareHR v2: an S+S reference application
Visual Studio 2005 Tools For Office: Creating A Multi-tier Application
Visual Studio 2010 SharePoint Development Tools Overview
2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Using Employee Development in ADP Workforce Now
Andrew Fryer Microsoft UK
Mark Quirk Head of Technology Developer & Platform Group
Microsoft Virtual Academy
Microsoft Virtual Academy
Presentation transcript:

DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project Microsoft Corporation

Approach Short introduction Let’s set up authentication How does authentication work ? Let’s set some security permissions How does authorization work ? What’s special in 2003 ? How do you audit this ? How do we extend this ?

Short Introduction We depend on IIS authentication Permissions control access to features and data Project 2002/2003 security <> Windows access control Simplest tool for improving performance and scalability

Let’s setup authentication

How does auth work ? Authentication type Internet Explorer page Project page Project Data Service page IntegratedLGNINT.ASP LGNINTPJ. ASP LGNINTAU.ASP ApplicationLGNPS.ASP LGNPSPJ.A SP LGNPSAU.ASP BasicLGNBSC.ASPn/a

Authentication Data flow

Let’s set some security permissions

Scenario Engineering1 Marketing1 Sales1 General Manager1 Engineering2 Marketing2 Sales2 General Manager2

Scenario Objectives Resource managers can only assign/edit their own resources Project managers can only edit their own projects But both groups can see projects/resources in other organizations GMs can view information in their organizations

Scenario – Updated Permissions Engineering1 Marketing1 Sales1 General Manager1 Engineering2 Marketing2 Sales2 General Manager2 R/O

Security Objects Includes Projects, Resources, and Views Must secure collections of objects = Categories Can use security rules to auto-populate categories Project Server ships with several pre- configured categories Examples: My Projects My Resources My Organization External Access to Projects External Access to Resources

Security Principals UsersGroups Each group represents a common set of permissions on a common set of objects. Project Server ships with several pre- configured groups. Examples: Project Managers Resource Managers General Managers

Permissions Global and Object-Level Permissions Three states: Allow, Deny, Not-Allowed Allow permissions are ORed Deny permissions are ANDed Can be defined in Users, Groups, or Category pages Examples: R/W access to my projects and my resources Read access to projects and resources in other groups

Resource Breakdown Structure Enterprise Resource Outline Code 30 Can be used just like ANY outline code Leveraged by several security rules Useful for granting access to objects based on the reporting structure in an organization – typically to functional managers Scenario: Use the organizational breakdown to define the look-up table for the RBS Take advantage of field descriptions to reduce size of RBS

Best Practices Start with “least access” Add users to groups, Assign permissions to groups Limit the number of categories Leverage security rules whenever possible

Project 2003 Enhancements Active Directory Integration Auto-populate Project Server security group with AD security group Auto-populate users with AD security group New Permissions Adjust Actuals, Approve Timesheets for Resources Assign Resource to Team, Build Team for Project Integration with External Timesheet System Save Baseline

Project 2003 Enhancements Category Enhancements RBS View Filter Direct Reports security rule

Audit tool

Extensibility Re-use existing permissions or create your own Add new pages to PWA and leverage permissions Benefits One user interface for Administrators Leverage the in-the-box UI and security work Skills required ASP/VBScript/JscriptSQL

Reusing an Existing Permission Add record for new page in MSP_WEB_SECURITY_PAGES Find desired global permission in MSP_WEB_SECURITY_FEATURES_AC TIONS Specify global permission as value for WSEC_PAGE_ACT_ID Add record for new menu in MSP_WEB_SECURITY_MENUS

Using Your Own Global Permission Add record for new permission: MSP_WEB_SECURITY_FEATURES_ACTIONS Add permission name into string table: MSP_WEB_CONVERSIONS Define SPROC for permission and add to QYLIBSTD.SQL Add permission into Manage Organization page: MSP_WEB_SECURITY_ORG_PERMISSIONS Create new page and reference new global permission

Using Object-Level Permissions Use existing object-level permissions In ASP, create Project Server security object: Var oSec = CreateObject(“PjSvrSecurity.PjServerSecurity”); oSec.setDBConnection( ); Var f = oSec.CheckSPObjectPermission(,, 1, );

Using Object-Level Permissions Use custom object-level permissions Create object-level permission in same way as global permission, except: WSEC_ON_OBJECT value = 1 In ASP, check rights by calling Project Server security object and new SPROC

Resources MSDN Microsoft Project Server Security Architecture and Planning Guide Microsoft Project Server Security Enhancements article and code samples TechNet Customizing and Administering Microsoft Project Server

Questions ?

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.