Presentation is loading. Please wait.

Presentation is loading. Please wait.

DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project.

Published byHugo Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project."— Presentation transcript:

1

2 DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project Microsoft Corporation

3 Approach Short introduction Let’s set up authentication How does authentication work ? Let’s set some security permissions How does authorization work ? What’s special in 2003 ? How do you audit this ? How do we extend this ?

4 Short Introduction We depend on IIS authentication Permissions control access to features and data Project 2002/2003 security <> Windows access control Simplest tool for improving performance and scalability

5 Let’s setup authentication

6 How does auth work ? Authentication type Internet Explorer page Project page Project Data Service page IntegratedLGNINT.ASP LGNINTPJ. ASP LGNINTAU.ASP ApplicationLGNPS.ASP LGNPSPJ.A SP LGNPSAU.ASP BasicLGNBSC.ASPn/a

7 Authentication Data flow

8 Let’s set some security permissions

9 Scenario Engineering1 Marketing1 Sales1 General Manager1 Engineering2 Marketing2 Sales2 General Manager2

10 Scenario Objectives Resource managers can only assign/edit their own resources Project managers can only edit their own projects But both groups can see projects/resources in other organizations GMs can view information in their organizations

11 Scenario – Updated Permissions Engineering1 Marketing1 Sales1 General Manager1 Engineering2 Marketing2 Sales2 General Manager2 R/O

12 Security Objects Includes Projects, Resources, and Views Must secure collections of objects = Categories Can use security rules to auto-populate categories Project Server ships with several pre- configured categories Examples: My Projects My Resources My Organization External Access to Projects External Access to Resources

13 Security Principals UsersGroups Each group represents a common set of permissions on a common set of objects. Project Server ships with several pre- configured groups. Examples: Project Managers Resource Managers General Managers

14 Permissions Global and Object-Level Permissions Three states: Allow, Deny, Not-Allowed Allow permissions are ORed Deny permissions are ANDed Can be defined in Users, Groups, or Category pages Examples: R/W access to my projects and my resources Read access to projects and resources in other groups

15 Resource Breakdown Structure Enterprise Resource Outline Code 30 Can be used just like ANY outline code Leveraged by several security rules Useful for granting access to objects based on the reporting structure in an organization – typically to functional managers Scenario: Use the organizational breakdown to define the look-up table for the RBS Take advantage of field descriptions to reduce size of RBS

16 Best Practices Start with “least access” Add users to groups, Assign permissions to groups Limit the number of categories Leverage security rules whenever possible

17 Project 2003 Enhancements Active Directory Integration Auto-populate Project Server security group with AD security group Auto-populate users with AD security group New Permissions Adjust Actuals, Approve Timesheets for Resources Assign Resource to Team, Build Team for Project Integration with External Timesheet System Save Baseline

18 Project 2003 Enhancements Category Enhancements RBS View Filter Direct Reports security rule

19 Audit tool

20 Extensibility Re-use existing permissions or create your own Add new pages to PWA and leverage permissions Benefits One user interface for Administrators Leverage the in-the-box UI and security work Skills required ASP/VBScript/JscriptSQL

21 Reusing an Existing Permission Add record for new page in MSP_WEB_SECURITY_PAGES Find desired global permission in MSP_WEB_SECURITY_FEATURES_AC TIONS Specify global permission as value for WSEC_PAGE_ACT_ID Add record for new menu in MSP_WEB_SECURITY_MENUS

22 Using Your Own Global Permission Add record for new permission: MSP_WEB_SECURITY_FEATURES_ACTIONS Add permission name into string table: MSP_WEB_CONVERSIONS Define SPROC for permission and add to QYLIBSTD.SQL Add permission into Manage Organization page: MSP_WEB_SECURITY_ORG_PERMISSIONS Create new page and reference new global permission

23 Using Object-Level Permissions Use existing object-level permissions In ASP, create Project Server security object: Var oSec = CreateObject(“PjSvrSecurity.PjServerSecurity”); oSec.setDBConnection( ); Var f = oSec.CheckSPObjectPermission(,, 1, );

24 Using Object-Level Permissions Use custom object-level permissions Create object-level permission in same way as global permission, except: WSEC_ON_OBJECT value = 1 In ASP, check rights by calling Project Server security object and new SPROC

25 Resources MSDN Microsoft Project Server Security Architecture and Planning Guide Microsoft Project Server Security Enhancements article and code samples TechNet Customizing and Administering Microsoft Project Server

26 Questions ?

27 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project."

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Project Server “12”: Developing Project Management Solutions Phil Smail OFF311 Program Manager Microsoft Project Business Unit.

Project Server “12”: Developing Project Management Solutions Phil Smail OFF311 Program Manager Microsoft Project Business Unit.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
SharePoint 2010: Building an enterprise public website Vinod Unny Enterprise InfoTech Microsoft Regional Director.

SharePoint 2010: Building an enterprise public website Vinod Unny Enterprise InfoTech Microsoft Regional Director.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics.

Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics.
Microsoft Office SharePoint Server Business Intelligence Tom Rizzo Director, Microsoft Office SharePoint Server

Microsoft Office SharePoint Server Business Intelligence Tom Rizzo Director, Microsoft Office SharePoint Server
Understanding Active Directory

Understanding Active Directory
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
The What Why and How.  MCTS  These certifications provide the foundation for Microsoft Certification  MCITP  These certifications build on the technical.

The What Why and How.  MCTS  These certifications provide the foundation for Microsoft Certification  MCITP  These certifications build on the technical.
How to write less code to build and extend Enterprise Portal How to share code and metadata between Enterprise Portal and Client.

How to write less code to build and extend Enterprise Portal How to share code and metadata between Enterprise Portal and Client.
Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.

Information About Microsoft Project and Project Server Cumulative December Update Adrian Jenkins Support Escalation Engineer Microsoft Corporation 1 Brian.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Module 1: Introduction to Administering Accounts and Resources

Module 1: Introduction to Administering Accounts and Resources
Introducing Visual Studio ® LightSwitch™ Andrew Coates Microsoft DEV201 #auteched #dev201.

Introducing Visual Studio ® LightSwitch™ Andrew Coates Microsoft DEV201 #auteched #dev201.
Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.

Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.
Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.

Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.

Similar presentations

Ads by Google