Project server 2007 Inherit permissions

Posted on 2009-04-23
Last Modified: 2013-11-15
I was wondering how to apply inherit permissions to all my project workspaces with out having to click all 350 ish and select inherit permissions, altho I think this all started from when I did that on one site trying to "fix" an access issue for a user.

Allow me to elaborate, I have EPM 2007 runnin on a vmware box that has a guest OS of Win 2003 R2 SP2, Before i "Fixed" an issue with some users that needed access to a few project workspaces Team members used to be able to see all projects and project managers used to be able to edit all projects but after I set 1 workspace to inherit permissions from it's parent workspace users started calling saying they could not access the server anymore, it seems if they were a member of resource managers they could not access the home page and now even some project owners don't have access to view there own workspace. if I look at any workspaces now all is see is individual users added from when it was first set up they seem to be all members of the admin's group but there are no groups in any sites permissions.

I'd like to know what i did but what i feel i must do is "re-apply" permissions from the top level home site to all the project workspaces that are under it giving all project managers edit rights again but without clicking each individual workspace and click inherit permissions.

I hope this makes scence to you sharepoint guru's out there, any questions let me know

Question by:CIPD
    LVL 13

    Expert Comment

    No, please don't "Reapply" sharepoint permissions. you will create more of a problem.

    ProjectServer permissions are not SharePoint permissions. ProjectServer creates a SharePoint site for the web access to the application, and manages the permissions to that SharePoint site itself. Unless you really know what you are doing, you should never directly change the permissions on the PWA site, and directly changing the SharePoint permissions on the Project Workspaces (subsites) is often not going to fix things, since ProjectServer will reset those permissions.

    Sounds like a mess that you've got there. The best path forward may be to reprovision the PWA sharePoint site, but before getting to that point, you should try adjusting permissions in ProjectServer (Not SharePoint) and see if you can force Project Server to reapply the appropriate permissions.

    In PWA, navigate to Server Settings -> Manager Groups. For one of the groups that is having problems, maybe "Team Members", select the group and edit their permissions. Deselect the Global permission "Log On." (Don't use a "Deny" Setting, you can lock all users, including administrators out of the system.) Save the permissions, and give the server a few minutes to think about this. (You can watch the Queue job process.)
    Then go back into the same group and select the "Log on" permission.
    I think this should force a resync of the SharePoint PWA permissions.

    This is a tricky / messy spot that you are in. If you aren't comfortable with these procedures, open a support case with Microsoft or call an EPM MS partner for help...

    James Fraser


    Author Comment

    Thanks for the reply, I have tested this out and watched the queue, it gets to about 51% fails but does not block, I'm just going to go thru the log files to see if i can get and giv you some more info

    Author Comment

    So i removed the global permissions and removed all users from that group and basically got the error listed below, I re-enabled the permissions on the group and I saw nothing in the queue but when i added a member back into tem members i got the same type of sync error message

    Your SynchronizeSingleUserMembershipInWss job failed.  Its current state is FailedNotBlocking.  It was 50% complete.  It entered the queue at 04/27/2009 10:17:28.

    To get more information about the job failure, please go to Project Web Access.  Select Personal Settings from the left menu.  Then select My Queued Jobs.

    The errors returned from the queue are as follows:
     Error ID: 26000

    Detailed error below - send it to the administrator for more detailed troubleshooting.

    <?xml version="1.0" encoding="utf-16"?>
        <class name="Queue">
          <error id="26000" name="GeneralQueueJobFailed" uid="2fdfe9e5-ab82-4647-94e3-583724d80237" JobUID="0c7ed787-6553-4279-a555-1eb08c10a81b" ComputerName="projectserver" GroupType="SynchronizeSingleUserMembershipInWss" MessageType="SynchronizeSingleUserMembershipInWssMessage2" MessageId="2" Stage="" />

    You can do the following:
    1. Try troubleshooting using the error IDs, error XML.
    2. Contact administrator with your jobID (0c7ed787-6553-4279-a555-1eb08c10a81b) and error XML.

    Author Comment

    I've googled these errors quite alot but nobody seems to have the exact same error and it generally relates to publishign project rather then being permissions based,

    If I was to Create a new site and perhaps use stsadm -o restore  backupfile http://project/pwa-live ... or would I be better off creating a new site and just restoring the databases ?
    LVL 13

    Accepted Solution

    The 26000 error is a generic error for Project Server.

    You can try the stsadm -o restore, and see if that gets you back to a decent place. If it doesn't work then you can create a new PWA site.

    When creating the new PWA site, you may lose the connections to the Project workspaces. Watch for that. Depending on the number of projects and workspaces, these connections can be recreated by hand, or there is a tool that can change many at once:

    The SharePoint workspaces are kept in a SharePoint content DB, not in one of the four ProjectServer databases.

    James Fraser
    LVL 6

    Assisted Solution

    1. Login as an Admin user.
    2. Go to "Server Settings".
    3. Go to "Project Workspaces".
    4. One by one, select (highlight) each project and then click on
    synchronization only after first was ended.

    again run the sync of AD users. Hope this fixes your issue

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    The Scenario: Let’s say you have a quote worksheet in Excel that you use to work up sales figures and such for your clients. You utilize SharePoint to manage and keep track of these documents. You would like values from your worksheet to populate Sh…
    Re-planning is just as important as planning. MS Project files need to be updated regularly to reflect the current status of the project and to streamline the upcoming tasks. We have seen a lot of issues where project managers have not updated the p…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now