Project Server 从2013版开始，增加了sharepoint 模式，并默认使用sharepoint权限模式，设置中可以对比sharepoint权限模式（图一）和project server权限模式（图二）的显示区别：
可以使用命令修改两种模式：Set-SPPRojectPermissionMode -Url "http://sp2016-1/sites/pwa2" -Mode ProjectServer
Set-SPPRojectPermissionMode -Url "http://sp2016-1/sites/pwa2" -Mode SharePoint
Project online使用的project server 权限模式。
Unified security management through SharePoint Server
Permissions inheritance for PWA and Workspaces
Direct authorization against Active Directory security groups
Manage authorization by role-based groups
Extensible and customizable
Ability to secure work resources
Security filtering using the Resource Breakdown Structure
Custom Security Categories
SharePoint permissions mode creates SharePoint groups that directly correspond to the default security groups found in Project Server permission mode.
The following table describes the Project Server 2013 SharePoint groups and what user functionality they enable in Project Web App.
Users have all global permissions as well as category permissions through the My Organization category. This allows them complete access to everything in Project Web App.
Users have permissions to view Project and Project Web App data. This group is intended for high-level users who need visibility into projects but are not themselves assigned project tasks.
Users have permissions to create and manage projects. This group is intended for project owners who assign tasks to resources.
Users have assorted project-creation and team-building permissions. This group is intended for high-level managers of groups of projects.
Users have most global and category-level resource permissions. This group is intended for users who manage and assign resources and edit resource data.
Users have limited permissions around task creation and status reports. This group is intended for persons in a lead capacity that do not have regular assignments on a project.
Users have general permissions for using Project Web App, but limited project-level permissions. This group is intended to give everyone basic access to Project Web App.
When you add individual users to one of the SharePoint groups, that user is synchronized to Project Web App automatically. User synchronization runs on a SharePoint timer job, by default every ten minutes.
When you add Active Directory groups to one of the Project Server-specific SharePoint security groups, the users are not automatically added to the list of users in Project Web App. Each user is individually added to Project Web App the first time she or he accesses the Project Web App site.
Because users in Active Directory groups do not appear on the list of Project Web App resources until they have accessed the Project Web App site, we recommend that you configure Active Directory synchronization in Project Web App to prepopulate your resource list. This allows you to have a complete resource list and to assign work to resources before they have accessed the Project Web App site.