Do More Than Manage
Gord Schmidt's Ideas for Doing More with Microsoft Project Server
Summary Task

Securing a PWA Custom Menu

When extending Project Server, I have often added functionality with new web pages within PWA. It is easy to add the pages to the PWA menus (Admin > Server configuration > Menus) but it is a little less obvious how to make the menu item appear for a subset of users (say project managers for example).

Let's say you have already created your custom menu items. Maybe you've created a top level menu called "Reports" and a set of submenus, one of which is called "Special PM Report" and that is the one you would like to only be available for Project Managers.

Step 1
From Query Analyzer run the following statement against the Project Server database:

SELECT 
  wsec_page_menu_id 
  
FROM 
  msp_web_security_menus 
  
WHERE 
  wsec_menu_custom_name = 'Special PM Report'

This statement should return the identifier for your menu item. In my case the value was 150.

Step 2
Next use that value to update the security pages table. I will set the security feature to 150 to use the User defined 1 field

UPDATE
  msp_web_security_pages 
  
SET 
  wsec_page_act_id = 150 
  
WHERE 
  wsec_page_menu_id = 10007

Step 3
Rename the User defined 1 field to something a little more readable.

UPDATE 
  msp_web_conversions 
  
SET 
  conv_string = 'View Special PM Report' 
  
WHERE 
  conv_value = 90150 
  AND lang_id = 1033

Step 4
Now you need to set the security to allow viewing of the report. In our case we wanted the new report to be available to project mangers so we can start by modifying the Project Mangers group to allow the viewing of the report. In PWA: Admin > Manage users and groups > Groups > Project Managers > Modify Group > Global Permissions > Special PM Report > Allow.

Step 5
Finally, you must ensure that the other groups are set to not allow viewing of the report. To remove access for Team Members (that are not also Project Mangers), in PWA: Admin > Manage users and groups > Groups > Team Members > Modify Group > Global Permissions > Special PM Report > Not Allow. (Note that "Not Allow" means to ensure that Allow is deselected. Selecting Deny in this case would mean that a user assigned to both the Project Managers group and the Team Members group would not have access to the page.)

That should do it. Try it out.

For more information check out the article Microsoft Project Server Security Enhancements in the Microsoft Project 2002 SDK. (Yes, the 2002 SDK. I'm not quite sure why this article did not make it into the 2003 SDK.)

Posted by Gord Schmidt on Tuesday, February 22, 2005 | Permalink | Extend | Resources

Milestone