CIPD
asked on
Project server 2007 Inherit permissions
I was wondering how to apply inherit permissions to all my project workspaces with out having to click all 350 ish and select inherit permissions, altho I think this all started from when I did that on one site trying to "fix" an access issue for a user.
Allow me to elaborate, I have EPM 2007 runnin on a vmware box that has a guest OS of Win 2003 R2 SP2, Before i "Fixed" an issue with some users that needed access to a few project workspaces Team members used to be able to see all projects and project managers used to be able to edit all projects but after I set 1 workspace to inherit permissions from it's parent workspace users started calling saying they could not access the server anymore, it seems if they were a member of resource managers they could not access the home page and now even some project owners don't have access to view there own workspace. if I look at any workspaces now all is see is individual users added from when it was first set up they seem to be all members of the admin's group but there are no groups in any sites permissions.
I'd like to know what i did but what i feel i must do is "re-apply" permissions from the top level home site to all the project workspaces that are under it giving all project managers edit rights again but without clicking each individual workspace and click inherit permissions.
I hope this makes scence to you sharepoint guru's out there, any questions let me know
Allow me to elaborate, I have EPM 2007 runnin on a vmware box that has a guest OS of Win 2003 R2 SP2, Before i "Fixed" an issue with some users that needed access to a few project workspaces Team members used to be able to see all projects and project managers used to be able to edit all projects but after I set 1 workspace to inherit permissions from it's parent workspace users started calling saying they could not access the server anymore, it seems if they were a member of resource managers they could not access the home page and now even some project owners don't have access to view there own workspace. if I look at any workspaces now all is see is individual users added from when it was first set up they seem to be all members of the admin's group but there are no groups in any sites permissions.
I'd like to know what i did but what i feel i must do is "re-apply" permissions from the top level home site to all the project workspaces that are under it giving all project managers edit rights again but without clicking each individual workspace and click inherit permissions.
I hope this makes scence to you sharepoint guru's out there, any questions let me know
ASKER
Thanks for the reply, I have tested this out and watched the queue, it gets to about 51% fails but does not block, I'm just going to go thru the log files to see if i can get and giv you some more info
ASKER
So i removed the global permissions and removed all users from that group and basically got the error listed below, I re-enabled the permissions on the group and I saw nothing in the queue but when i added a member back into tem members i got the same type of sync error message
Your SynchronizeSingleUserMembe
To get more information about the job failure, please go to Project Web Access. Select Personal Settings from the left menu. Then select My Queued Jobs.
The errors returned from the queue are as follows:
Error ID: 26000
Detailed error below - send it to the administrator for more detailed troubleshooting.
<?xml version="1.0" encoding="utf-16"?>
<errinfo>
<general>
<class name="Queue">
<error id="26000" name="GeneralQueueJobFaile
</class>
</general>
</errinfo>
You can do the following:
1. Try troubleshooting using the error IDs, error XML.
2. Contact administrator with your jobID (0c7ed787-6553-4279-a555-1
Your SynchronizeSingleUserMembe
To get more information about the job failure, please go to Project Web Access. Select Personal Settings from the left menu. Then select My Queued Jobs.
The errors returned from the queue are as follows:
Error ID: 26000
Detailed error below - send it to the administrator for more detailed troubleshooting.
<?xml version="1.0" encoding="utf-16"?>
<errinfo>
<general>
<class name="Queue">
<error id="26000" name="GeneralQueueJobFaile
</class>
</general>
</errinfo>
You can do the following:
1. Try troubleshooting using the error IDs, error XML.
2. Contact administrator with your jobID (0c7ed787-6553-4279-a555-1
ASKER
I've googled these errors quite alot but nobody seems to have the exact same error and it generally relates to publishign project rather then being permissions based,
If I was to Create a new site and perhaps use stsadm -o restore backupfile http://project/pwa-live ... or would I be better off creating a new site and just restoring the databases ?
If I was to Create a new site and perhaps use stsadm -o restore backupfile http://project/pwa-live ... or would I be better off creating a new site and just restoring the databases ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ProjectServer permissions are not SharePoint permissions. ProjectServer creates a SharePoint site for the web access to the application, and manages the permissions to that SharePoint site itself. Unless you really know what you are doing, you should never directly change the permissions on the PWA site, and directly changing the SharePoint permissions on the Project Workspaces (subsites) is often not going to fix things, since ProjectServer will reset those permissions.
Sounds like a mess that you've got there. The best path forward may be to reprovision the PWA sharePoint site, but before getting to that point, you should try adjusting permissions in ProjectServer (Not SharePoint) and see if you can force Project Server to reapply the appropriate permissions.
In PWA, navigate to Server Settings -> Manager Groups. For one of the groups that is having problems, maybe "Team Members", select the group and edit their permissions. Deselect the Global permission "Log On." (Don't use a "Deny" Setting, you can lock all users, including administrators out of the system.) Save the permissions, and give the server a few minutes to think about this. (You can watch the Queue job process.)
Then go back into the same group and select the "Log on" permission.
I think this should force a resync of the SharePoint PWA permissions.
This is a tricky / messy spot that you are in. If you aren't comfortable with these procedures, open a support case with Microsoft or call an EPM MS partner for help...
James Fraser