Categories and Global permissions with AD sync

J

JenniferW

I have AD sync running for Enterprise Resource Pool and Groups. It creates
the resources and users ok, and assigns them to the correct group, but none
of the categories or global permissions associated with that group are being
populated on the resource / user.

Is this standard or is something not working right?
 
D

Dale Howard [MVP]

JenniferW --

You are misunderstanding what you see when you edit a User account in PWA.
All you need to see for any User account is the security Group(s) to which
the user belongs. The Category and Global Permissions are within the Group
itself, not in the User account. Merely adding a user to a security Group
is enough most of the time.

In fact, you should RARELY ever add a Category to a User account, or set
Global Permissions for a User account. If you do this, you are creating an
OVERRIDE to the Categories and Global Permissions specified in the Group(s)
to which the user belongs. When you start overriding the permissions for
User accounts, you are creating a maintenance NIGHTMARE.

Best practice here it the KISS (Keep It Simple, Silly) rule. Control
security by simply adding users to Groups. Only add a Category or Global
Permission for a User account as an exception, and do this rarely, if ever.
Hope this helps.
 
J

JenniferW

Perfect. Thanks Dale

Dale Howard said:
JenniferW --

You are misunderstanding what you see when you edit a User account in PWA.
All you need to see for any User account is the security Group(s) to which
the user belongs. The Category and Global Permissions are within the Group
itself, not in the User account. Merely adding a user to a security Group
is enough most of the time.

In fact, you should RARELY ever add a Category to a User account, or set
Global Permissions for a User account. If you do this, you are creating an
OVERRIDE to the Categories and Global Permissions specified in the Group(s)
to which the user belongs. When you start overriding the permissions for
User accounts, you are creating a maintenance NIGHTMARE.

Best practice here it the KISS (Keep It Simple, Silly) rule. Control
security by simply adding users to Groups. Only add a Category or Global
Permission for a User account as an exception, and do this rarely, if ever.
Hope this helps.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to assign permissions using AD sync 1
Resource Pool AD sync with groups from trusted domains 0
Project Server 2007 : AD Sync with Project resources 1
AD sync partially failled (Project Server 2003) 2
Schedule multiple AD groups for resource sync? 2
Project Server 2007 - Synching to Multiple AD groups 2
Users set inactive after every AD sync - Project 2007 2
Cannot keep resources out for editing - Project Server 2003 5

Top