To a large degree, your ability to manage category configuration determines your success with simplicity. Categories connect groups and individual users to project views and data. You may assign individual users and groups to categories as well as individual projects. When you begin to approach categories at an individual level, however, you cross the border into high-maintenance territory. Instead, your goal is to use relationship-based rules, perhaps the most important category feature, to automate this for you.
To access category maintenance routines, select Manage security Categories from the Admin menu. The Categories administration page displays, as shown in Figure 10-7. Like the Modify Group interface, available categories display in a grid above the summary of the highlighted category. All four default categories are also shown in the figure.
Figure 10-7. The Categories administration interface
Project Server’s default categories the necessary complement to the default groups to connect their permissions with data and software functions. Here’s a summary of these categories:
My Organization: Includes blanket access to just about everything in Project Server, from projects and resources to views and Analyzer models. The default users of this category are Administrators, Executives, Portfolio Managers, and Project Managers.
My Projects: Connects users who manage plan data to their own data by implementing access based on the users’ relationship to a project. The default users of this category are Project Managers, Resource Managers, and Team Leads.
My Resources: Exists to connect resource managers with their resources’ data. The default user of this category is Resource Managers.
My Tasks: Designed to connect Team Members with their task data. The default user of this category is Team Members.
Whether you choose to add or modify a category, the maintenance interface is the same. You define each category by the following six characteristics:
Category Name and Description: Accepts input accordingly.
Users and Groups: Determines the users or groups associated with this category.
Permissions: As covered under the previous topic.
Projects: May specify all projects, projects specified manually, or projects specified by relationship-based security rule. Detailed project views are also specified in this area.
Resources: May specify all resources, resources specified manually, or resources specified by a relationship-based security rule. You specify Assignment and Resource Center views in this area.
Project Center Views: Specifies the Project Center and Portfolio Analyzer views, as well as manually specified Analyzer models or models by relationship-based security rule.
The first two characteristics in the list are intuitive, and I’ve already covered the third. That leaves the interesting and useful category attributes that boil down to projects, resources, and views. Collectively, these are the objects you control through categories. Keep in mind that no matter what object you expose through a category, corresponding permissions must also allow a user to take the action that accesses the data granted in the category.
Selecting either to open or to modify a category, or choosing to add a new category, opens identical displays except for the screens labeled Modify Category and Add Category, respectively. As shown in Figure 10-8, the Projects section of the Categories interface allows you to specify both projects and views. Specifying views is simple: You simply use the Add or Add All button to move the available views from the left to the right. In Figure 10-8, I used the Add All button to move all the views into the category. This manipulation technique applies to the following two characteristic groups as well.
Figure 10-8. The Projects section of the Categories administration interface
Note that there are no available projects to add manually in Figure 10-8. This image is from a fresh installation. In the example, I’ve selected the “All current and future projects in Microsoft Project Server database” radio button. This is the way the system defines the My Organization category by default. If you were to select the “Only the projects indicated below” radio button instead, then you would have the option to either manually specify projects or specify projects by relationship-based rules, or both. The definable rules are as follows:
Allow users in this category to view all projects they manage: Allows any user or group associated with the category the ability to access projects for which the user or group is the project manager.
Allow users in this category to view all projects to which they are assigned: Allows any user or group associated with the category to view projects in which the user or group has assignments.
Allow users in this category to view all projects managed by resources that they manage: Allows any user or group associated with the category the ability to see projects in the system when the resources that the user or group manages have projects they’re managing in the system.
Allow users in this category to view all projects assigned to resources that they manage: Allows any user or group associated with the category the ability to see projects in the system when the resources that the user or group manages have assignments in a project.
The Resources section of the Categories interface follows a similar structure to the Projects section discussed previously. Figure 10-9 is shot from a server with an established resource pool; therefore, in the example you can see that the Available resources area is populated.
Figure 10-9. The Resources section of the Categories administration interface
The example also shows the default value for My Organization. In addition to the visible part in the figure, a section for Resource Center views isn’t shown. When you want a category to specify access to resources via relationship-based security rules, you may select from the following check boxes:
Allow users in this category to view their own information: Grants access to users to see their own data.
Allow users in this category to view information for all resources in projects that they manage: Allows project managers to view resource information for resources that have assignments in plans that they manage.
Allow users in this category to view information for all resources that they manage: Establishes access to resource data based on a management role.
The final section of Categories administration interface is titled Project Center Views. The options contained in this section, part of which is shown in Figure 10-10, control access to Project Center views, Portfolio Analyzer views, and models. Figure 10-10 doesn’t show the Project Center views portion. These views are handled the same way all other views are handled.
Figure 10-10. The Project Center Views section of the Categories administration interface
No precooked Analyzer views are provided with Project Server. Therefore, you’ll have little to be concerned with until you’ve loaded data in the system and built some Analyzer views. It’s interesting that only Administrators and Executives have permission to see these by default. You’ll need to consider how to structure permissions for your organization and make the appropriate changes. Analyzer views are a big hit in the Project office, and project managers like them, too.
Models don’t come into play until you have data loaded and have created them. Once you or your users have built models, you control access rights through category selections. Once again, you have some relationship-based security rules as well as the blanket All selection to enable your users.
Allow users in this category to view their own models: If a user isn’t granted access through an All selection in a category, this selection is required if a user is to have access to models of his or her own creation.
Allow users in this category to view models created by resources that they manage: Grants access to models to a Resource Manager based on reporting values established in the system.