Approving Time

RandyK · Jun 21, 2007

I set up a new group for Project Coordinators with the business need that
they are not permitted to approve time (they only create and publish new
project schedules and then pass them on to Project Managers who take
ownership).

Accordingly, I created a new security template that and placed a hard deny
on the "Approve Timesheets for Resources" and "Timesheet Approval" (not sure
what the difference between the two is though).

We placed one person in the group to test it. He is only in this new group
and Team Members. Yet he can still approve timesheets. Why is this?

Dale Howard [MVP] · Jun 21, 2007

Randy --

You are barking up the wrong tree, my friend!

The permissions you set
to Deny are permissions used with the Timesheet Approval feature that is a
part of Managed Time Periods. Furthermore, you need to be extraordinarily
careful with setting any permission to Denied because permissions are
cumulative across the Groups and Categories containing that permission.

The permission I believe you need is found in the Global Permissions grid.
It is called "Publish/Update/Status". To set up this Project Coordinators
group, set the Publish/Update/Status permission to Not Allowed (neither
Allow or Deny is selected). Assuming the people in this Group are not a
part of any other security Group, the Not Allowed permission will do the
job. Do know, however, that the members of this Group will not be able to
publish the project. I think that defeats your business need, however.
Hope this helps.

RandyK · Jun 22, 2007

Helps immensely - Thanks Dale.

Hope to get a chance to meet you if you go to the conference in October...

--
Thanks much!
Randy

Dale Howard said:
Randy --

You are barking up the wrong tree, my friend! The permissions you set
to Deny are permissions used with the Timesheet Approval feature that is a
part of Managed Time Periods. Furthermore, you need to be extraordinarily
careful with setting any permission to Denied because permissions are
cumulative across the Groups and Categories containing that permission.

The permission I believe you need is found in the Global Permissions grid.
It is called "Publish/Update/Status". To set up this Project Coordinators
group, set the Publish/Update/Status permission to Not Allowed (neither
Allow or Deny is selected). Assuming the people in this Group are not a
part of any other security Group, the Not Allowed permission will do the
job. Do know, however, that the members of this Group will not be able to
publish the project. I think that defeats your business need, however.
Hope this helps.

Dale Howard [MVP] · Jun 22, 2007

RandyK --

I can assure you I will be there!

RandyK said:
Helps immensely - Thanks Dale.

Hope to get a chance to meet you if you go to the conference in October...

RandyK · Jun 27, 2007

Dale -

As suggested, I went into the Global Permissions and did a "not allow" (soft
deny) on the permission - "Publish/Update/Status". I currently only
have one person in this group and that person is not a part of any other
group (except Team Members). He was still able to approve time on the same
project as before. Further, I even try to change the permission to a hard
deny - with the same results. Is this permission grandfathered only to new
projects?

Am I missing something? I am using a newly created security group
template (Project Coordinators) that was copied over from the Project Manager
template and then massaged to meet our needs (i.e. granted access to Manage
Enterprise Features).

Dale Howard [MVP] · Jun 28, 2007

Randy --

I regret to say that I am stumped. Quite frankly, if you set that
permission to Deny, there is no way the PM should be able to Publish ANY
project period. Perhaps someone else has an idea of what would explain this
behavior and how to solve it. Sorry.

RandyK · Jun 28, 2007

Hi Dale -

Okay - it worked - I'm set. The "update" icon/button is now grayed out so
the person cannot update the time (or publish). But they can save project
schedules to the server - which is what we want.

Here's what happened - In MSPS Admin Security, I created the security
template called "Project Coordinators" and applied it to a newly created
group with the same name. Initially, I allowed the "Publish/Update/Status"
permission.

After placing a deny on the "Publish/Update/Status" in the template per your
instructions, I did not go back to the group and "re-apply" the updated
template to the group.

Thanks for the assist!

Randy

Dale Howard [MVP] · Jun 28, 2007

Randy --

Thanks for sharing the solution to the problem! Now I'm not stumped...

Mike Reeves · Jul 2, 2007

Is there a way to automate the approving of non-project time (Admin Time?)?
I looked at the Project server 2003 SDK and the PDSTest.Net sample briefly,
but I want to verify that this can be done with the SDK and not some other
easy method.

Thanks!
Mike Reeves

Approving Time

RandyK

Dale Howard [MVP]

RandyK

Dale Howard [MVP]

RandyK

Dale Howard [MVP]

RandyK

Dale Howard [MVP]

Mike Reeves