Project management security
Permissions for administering the project management module can be set in the Permissions application by selecting Module and then Project Management through the Permissions for drop‑down lists.
The following permissions can be assigned to members of the selected roles:
- Manage - members of the selected roles are allowed to create, modify and delete data in the project management interface, except for the Configuration tab.
- Manage configuration - members of the selected roles are allowed to view and modify data, such as statuses and priorities, on the Configuration tab of the project management interface.
- Read - members of the selected roles are allowed to view all data in the project management interface, except for the Configuration tab.
To access and use the management interface for group projects, users must either have the Read and Manage permissions from the Groups Permission matrix, or belong to a group role that can manage the given group.
Project permissions
Permissions for individual projects can be configured on the Security tab when editing a project. This affects which users can view and manage the project and its tasks using project management web parts.
The following permissions are available:
- Access to project - users with this permission can view and access the project.
- Create - users with this permission can create new tasks under the project.
- Modify - users with this permission can modify the tasks under the project.
- Delete - users with this permission can delete the tasks under the project.
These permissions can be assigned to:
- Nobody - nobody can perform the action.
- All users - all users can perform the action.
- Authenticated users - only signed-in users can perform the action, i.e. anonymous public users cannot perform it.
- Group members - only members of the group can perform the action; this option is only available for projects that belong under a group.
- Authorized roles - only members that are assigned to the roles selected below can perform the action; for group projects, only the roles defined for the given group can be selected.
Project security exceptions
- The user who is set as the owner of a project automatically has full permissions for that project.
- A task can be modified by users that it is assigned to or owned by regardless of the security settings of the project that the task belongs under.
- Users who belong to roles that have the Manage permission for the project management module have full permissions for all projects that do not belong to a group.
- Users who belong to roles that can manage a group have full permissions for all projects under the given group.
- The Project list web part has its own security properties that can be used to override the permissions set for the projects that it displays.