Group and category values interplay to define a user’s access in the system. A good example of how you can leverage this structure is the default My Organization category. Administrators, Executives, Portfolio Managers, and Project Managers are members of this category by default. The category settings provide sweeping access to portfolio information. In every section, “All current” is selected and all views are exposed, yet these users have very different access based on settings in their individual groups.
As I mentioned before, there are also more direct relationships between permissions set in Groups and the security objects controlled by Categories. Not all permissions are tied directly to category objects this way, but many are. Table 10-4 lists the category sections and their related permissions.
CATEGORY OBJECT | RELATED PERMISSIONS |
---|---|
Projects | Save Project, New Project, Open Project Template, Open Project |
Project Views | View Project Center, View Project View, View Assignments View, View Portfolio Analyzer, See Projects in Project Center, See Projects in Project Views, See Resource Assignments in Assignment Views, Read Summary Assignments |
Resources | Edit Enterprise Resource Data |
Resource Views | Read Summary Assignments, View Resource Center, View Resource Allocation, View Assignments View, See Resource Assignments in Assignment Views |
Project Center Views | View Project Center, See Projects in Project Center, View Models, View Portfolio Analyzer |
The important thing for you to remember is that there are cross-relationships between categories and groups. Moreover, there are dependencies within these entities. For instance, granting a user access to Project Views is useless without also including both category and group permissions for access to the Project Center, where users access the views. I must stress again how important it is to take your time designing your configuration for the sake of ease of management and perhaps your sanity over time.