Project Server 从2013版开始,增加了sharepoint 模式,并默认使用sharepoint权限模式,设置中可以对比sharepoint权限模式(图一)和project server权限模式(图二)的显示区别:

可以使用命令修改两种模式:Set-SPPRojectPermissionMode -Url "http://sp2016-1/sites/pwa2" -Mode ProjectServer     

                                                 Set-SPPRojectPermissionMode -Url "http://sp2016-1/sites/pwa2" -Mode SharePoint

Project online使用的project server 权限模式。

p_w_picpath

p_w_picpath

 

这两种权限模式差别如下:

Feature

SharePoint

permission mode

Project Server

permission mode

Unified security management through SharePoint Server

X

 

Permissions inheritance for PWA and Workspaces

X

 

Direct authorization against Active Directory security groups

X

 

Claims-based authorization

X

X

Manage authorization by role-based groups

X

X

Extensible and customizable

X

X

User delegation

 

X

Ability to secure work resources

 

X

Impersonation

 

X

Security filtering using the Resource Breakdown Structure

 

X

Custom Security Categories

 

X

SharePoint permissions mode creates SharePoint groups that directly correspond to the default security groups found in Project Server permission mode.

The following table describes the Project Server 2013 SharePoint groups and what user functionality they enable in Project Web App.

SharePoint group

Function

Administrators

Users have all global permissions as well as category permissions through the My Organization category. This allows them complete access to everything in Project Web App.

Portfolio Viewers

Users have permissions to view Project and Project Web App data. This group is intended for high-level users who need visibility into projects but are not themselves assigned project tasks.

Project Managers

Users have permissions to create and manage projects. This group is intended for project owners who assign tasks to resources.

Portfolio Managers

Users have assorted project-creation and team-building permissions. This group is intended for high-level managers of groups of projects.

Resource Managers

Users have most global and category-level resource permissions. This group is intended for users who manage and assign resources and edit resource data.

Team Leads

Users have limited permissions around task creation and status reports. This group is intended for persons in a lead capacity that do not have regular assignments on a project.

Team Members

Users have general permissions for using Project Web App, but limited project-level permissions. This group is intended to give everyone basic access to Project Web App.


When you add individual users to one of the SharePoint groups, that user is synchronized to Project Web App automatically. User synchronization runs on a SharePoint timer job, by default every ten minutes.

When you add Active Directory groups to one of the Project Server-specific SharePoint security groups, the users are not automatically added to the list of users in Project Web App. Each user is individually added to Project Web App the first time she or he accesses the Project Web App site.

Because users in Active Directory groups do not appear on the list of Project Web App resources until they have accessed the Project Web App site, we recommend that you configure Active Directory synchronization in Project Web App to prepopulate your resource list. This allows you to have a complete resource list and to assign work to resources before they have accessed the Project Web App site.