Windows LiveWindows Live
 
 
Sean's profileThe 7th (Sean Dai's Proj...BlogListsSkyDrive Tools Help

Blog
    February 01

    Customize WSS Role/User permission for Project Server 2003

    By default, project server will create four roles in WSS workspace and put users in corresponding roles.  This is default setting:
     
    Role Name Project Server User Permissions
    Project Managers (Microsoft Office Project Server) Project Managers who have published the project, or who have Save Project permission on the project All permissions except Manage List Permission, Manage Site Groups, and Manage Web Site
    Readers (Microsoft Office Project Server) Who have View Issue permission on the project View Items and View Pages permissions.
    Team Members (Microsoft Office Project Server) Who have assignments in the project or who are the team lead of the assignments in the project Add Items, Edit Items, Delete Items, View Items, Browse Categories, View Pages, Manage Personal Views, Add/Remove Private  WebPart, and Update Private WebPart
    Web Administrators (Microsoft Office Project Server) Who have Manage Sharepoint global permission All Permissions

     

    However, clients may have different requirement.  For example, let project manager be the web administrator of its own project workspace.  Select/deselect one of the default permission of specific role.  Project Server cannot customize the roles and users.  If we change the role configuration in WSS, then after synchonization, the setting will be restored to default settings.

     

    The customization can be done by modifing the project server ASP file.  The permission of each role is defined in DOCLIB\STSADUTL.ASP, and the function name is StsAdminUtil_DoCustomSOAPToWSSOM.  The mask defines the permission matrix.  You may find the permission matrix in WSS SDK or as follows:

    Name Value Description Site Groups
    AddAndCustomizePages 0x00040000 Add, change, or delete ASPX pages, HTML pages, or Web Part Pages, and edit the Web site using a Windows SharePoint Services-compatible editor. Web Designer, Administrator
    AddDelPrivateWebParts 0x10000000 Add or remove Web Parts on a personalized Web Part Page. Contributor, Web Designer, Administrator
    AddListItems 0x00000002 Add items to lists, add documents to document libraries, and add Web discussion comments. Contributor, Web Designer, Administrator
    ApplyStyleSheets 0x00100000 Apply a style sheet (.CSS file) to the Web site. Web Designer, Administrator
    ApplyThemeAndBorder 0x00080000 Apply a theme or borders to the entire Web site. Web Designer, Administrator
    BrowseDirectories 0x04000000 Browse directories in a Web site. Contributor, Web Designer, Administrator
    BrowseUserInfo 0x08000000 View information about users. This right is not available through the user interface. Guest, Reader, Contributor, Web Designer, Administrator
    CancelCheckout 0x00000100 Check in a document without saving the current changes. Web Designer, Administrator
    CreatePersonalGroups 0x01000000 Create, change, and delete site groups, including adding users to the site groups and specifying which rights are assigned to a site group. Contributor, Web Designer, Administrator
    CreateSSCSite 0x00400000 Create a Web site using Self-Service Site Creation. Reader, Contributor, Web Designer, Administrator
    DeleteListItems 0x00000008 Delete items from a list, documents from a document library, and Web discussion comments in documents. Contributor, Web Designer, Administrator
    EditListItems 0x00000004 Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries. Contributor, Web Designer, Administrator
    EmptyMask 0x00000000 Has no permissions on the Web site. Not available through the user interface. N/A
    FullMask -1 Has all permissions on the Web site. Not available through the user interface. N/A
    ManageListPermissions 0x00000400 Grant, deny, or change user permissions to a list. Administrator
    ManageLists 0x00000800 Approve content in lists, add or remove columns in a list, and add or remove public views of a list. Web Designer, Administrator
    ManagePersonalViews 0x00000200 Create, change, and delete personal views of lists. Contributor, Web Designer, Administrator
    ManageRoles 0x02000000 Create, change, and delete site groups, including adding users to the site groups and specifying which rights are assigned to a site group. Administrator
    ManageSubwebs 0x00800000 Manage or create subsites. Administrator
    ManageWeb 0x40000000 Manage a site, including the ability to perform all administration tasks for the site and manage contents and permissions Administrator
    OpenWeb 0x00010000 Open the SharePoint Web site and get metadata related to the site, as well as see the underlying navigation structure (not exposed in the user interface). Guest, Reader, Contributor, Web Designer, Administrator
    UpdatePersonalWebParts 0x20000000 Update Web Parts to display personalized information. Contributor, Web Designer, Administrator
    ViewListItems 0x00000001 View items in lists, documents in document libraries, view Web discussion comments, and set up e-mail alerts for lists. Reader, Contributor, Web Designer, Administrator
    ViewPages 0x00020000 View pages in a Web site. Reader, Contributor, Web Designer, Administrator
    ViewUsageData 0x00200000 View reports on Web site usage. Administrator

     

    To change the permission or add more roles, you can modify the mask or the whole function.

    Also in STSADUTL.ASP file, StsAdminUtil_RoleUsers function defines who should be put in each role.  You may change the function to change the user role.

    12:19 PM | Blog it | Project Server 2003

    Comments (3)

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up
    Noynoywrote:
    Hi,

    If I want to disallow Project Managers to change themes and borders (ApplyThemeAndBorder checkbox) how should I do it?
    In the STSADUTL.ASP file, I saw this portion:

        sRequest += "  <ROLE>";
        sRequest += "    <NAME>" + this.GetStringForSiteLCID(IDS_ADMIN_MANAGE_STS_PROJ_MGR_ROLE, sWebUrl) + "</NAME>";
        sRequest += "    <DESCRIPTION>" + this.GetStringForSiteLCID(IDS_ADMIN_MANAGE_STS_PROJ_MGR_DESCRIPTION, sWebUrl) + "</DESCRIPTION>";
        sRequest += "    <MASK>905841423</MASK>";
        sRequest += "  </ROLE>";

    Is the "905841423" the value that I need to change? If it is, what is the new value?

    thanks!

    rgds,

    Noynoy
    Feb. 19
    Picture of Anonymous
    Dave wrote:
    This was a very informative article. I was just wondering if you could put an article on how to do the same on Project Server 2007.
    thanks
    Nov. 28
    Picture of Anonymous
    Dave wrote:
    This was a very informative article. I was just wondering if you could put an article on how to do the same on Project Server 2007.
    thanks
    Nov. 28

    Trackbacks

    The trackback URL for this entry is:
    http://netsleeper.spaces.live.com/blog/cns!2D6B305EBBD50AA5!143.trak
    Weblogs that reference this entry
    • None