Project server 2007 Inherit permissions

I was wondering how to apply inherit permissions to all my project workspaces with out having to click all 350 ish and select inherit permissions, altho I think this all started from when I did that on one site trying to "fix" an access issue for a user.

Allow me to elaborate, I have EPM 2007 runnin on a vmware box that has a guest OS of Win 2003 R2 SP2, Before i "Fixed" an issue with some users that needed access to a few project workspaces Team members used to be able to see all projects and project managers used to be able to edit all projects but after I set 1 workspace to inherit permissions from it's parent workspace users started calling saying they could not access the server anymore, it seems if they were a member of resource managers they could not access the home page and now even some project owners don't have access to view there own workspace. if I look at any workspaces now all is see is individual users added from when it was first set up they seem to be all members of the admin's group but there are no groups in any sites permissions.

I'd like to know what i did but what i feel i must do is "re-apply" permissions from the top level home site to all the project workspaces that are under it giving all project managers edit rights again but without clicking each individual workspace and click inherit permissions.

I hope this makes scence to you sharepoint guru's out there, any questions let me know

Who is Participating?
jbfraserConnect With a Mentor Commented:
The 26000 error is a generic error for Project Server.

You can try the stsadm -o restore, and see if that gets you back to a decent place. If it doesn't work then you can create a new PWA site.

When creating the new PWA site, you may lose the connections to the Project workspaces. Watch for that. Depending on the number of projects and workspaces, these connections can be recreated by hand, or there is a tool that can change many at once:

The SharePoint workspaces are kept in a SharePoint content DB, not in one of the four ProjectServer databases.

James Fraser
No, please don't "Reapply" sharepoint permissions. you will create more of a problem.

ProjectServer permissions are not SharePoint permissions. ProjectServer creates a SharePoint site for the web access to the application, and manages the permissions to that SharePoint site itself. Unless you really know what you are doing, you should never directly change the permissions on the PWA site, and directly changing the SharePoint permissions on the Project Workspaces (subsites) is often not going to fix things, since ProjectServer will reset those permissions.

Sounds like a mess that you've got there. The best path forward may be to reprovision the PWA sharePoint site, but before getting to that point, you should try adjusting permissions in ProjectServer (Not SharePoint) and see if you can force Project Server to reapply the appropriate permissions.

In PWA, navigate to Server Settings -> Manager Groups. For one of the groups that is having problems, maybe "Team Members", select the group and edit their permissions. Deselect the Global permission "Log On." (Don't use a "Deny" Setting, you can lock all users, including administrators out of the system.) Save the permissions, and give the server a few minutes to think about this. (You can watch the Queue job process.)
Then go back into the same group and select the "Log on" permission.
I think this should force a resync of the SharePoint PWA permissions.

This is a tricky / messy spot that you are in. If you aren't comfortable with these procedures, open a support case with Microsoft or call an EPM MS partner for help...

James Fraser

CIPDAuthor Commented:
Thanks for the reply, I have tested this out and watched the queue, it gets to about 51% fails but does not block, I'm just going to go thru the log files to see if i can get and giv you some more info
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

CIPDAuthor Commented:
So i removed the global permissions and removed all users from that group and basically got the error listed below, I re-enabled the permissions on the group and I saw nothing in the queue but when i added a member back into tem members i got the same type of sync error message

Your SynchronizeSingleUserMembershipInWss job failed.  Its current state is FailedNotBlocking.  It was 50% complete.  It entered the queue at 04/27/2009 10:17:28.

To get more information about the job failure, please go to Project Web Access.  Select Personal Settings from the left menu.  Then select My Queued Jobs.

The errors returned from the queue are as follows:
 Error ID: 26000

Detailed error below - send it to the administrator for more detailed troubleshooting.

<?xml version="1.0" encoding="utf-16"?>
    <class name="Queue">
      <error id="26000" name="GeneralQueueJobFailed" uid="2fdfe9e5-ab82-4647-94e3-583724d80237" JobUID="0c7ed787-6553-4279-a555-1eb08c10a81b" ComputerName="projectserver" GroupType="SynchronizeSingleUserMembershipInWss" MessageType="SynchronizeSingleUserMembershipInWssMessage2" MessageId="2" Stage="" />

You can do the following:
1. Try troubleshooting using the error IDs, error XML.
2. Contact administrator with your jobID (0c7ed787-6553-4279-a555-1eb08c10a81b) and error XML.
CIPDAuthor Commented:
I've googled these errors quite alot but nobody seems to have the exact same error and it generally relates to publishign project rather then being permissions based,

If I was to Create a new site and perhaps use stsadm -o restore  backupfile http://project/pwa-live ... or would I be better off creating a new site and just restoring the databases ?
sabby447Connect With a Mentor Commented:
1. Login as an Admin user.
2. Go to "Server Settings".
3. Go to "Project Workspaces".
4. One by one, select (highlight) each project and then click on
synchronization only after first was ended.

again run the sync of AD users. Hope this fixes your issue
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.