Thread: Hidden Permissions
View Single Post
  #1 (permalink)  
Old 09-02-2008, 06:13 PM
Penny Penny is offline
Junior Member
  
Join Date: Sep 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Hidden Permissions
Hi all,

I am new here so I apologise for jumping straight in with a question but I could really use some experience and wisdom on it.

We have recently installed a new instance of project server 2007 in our producton environment migrating the data off the old project server 2007, and I have been doing a lot of the work at the web administrator end while working with the AD person to get the AD groups cleaned up too.

However I am having trouble with my permissions. I have established new Site settings User groups (ie using PS defaults, Owner, Member, Visitor) with corresponding permisson levels templates (tweeked) applied and then adding AD groups as members.

The previous project server instance did not utilise groups and membership was at individual level but seems to coordinate to membership in AD groups. These individual membership rights carried over to the new server set up so after I have created my new PS groups and mapped in the corresponding AD groups I delete away all individual membership which had members at the wrong permission level.

But after syncronisation these individuals members seem to come back and their indivdual membership is saying they have a different permission level than the new one's I have set in the above groups. E.g I have members in the Owners group (psadministrator AD group) with web administrators permisson but they are showing up with project manager permission at individual level. Then it gets more confusing with the other groups, although mostly the group membership is the higher one.

So to me it appears that there is some underlying rule or grouping somewhere in PS (that we carried over) that is populating the membership in PS and we don't have control over. I have been in as site collecitons administrator and can see not other groups and there are no policies so I am at a loss to where this original rule telling PS to assign permission level x to members in AD group X is.

Unfortunately the person who installed the original PS instance and set it up is long gone. The contractors who we brought in to install the new instance of PS (while we get our OCS Support member Administrator trained) are dragging their feet about helping with this. So I am at a loss to what to do and this is holding up launching the new instance as I don't know how serious it is. I have search the internet but have found nothing specific to my problem.

Can anyone help.
Kind regards
Penny








Reply With Quote
Sponsored links