Securing a PWA Custom Menu
This posting only covers securing a Project Web Access custom menu item. Obviously you need to secure the content of the webpage itself or someone could just directly enter the page address in their browser.
When extending Project Server, I have often added functionality with new web pages within PWA. It is easy to add the pages to the PWA menus (Admin > Server configuration > Menus) but it is a little less obvious how to make the menu item appear for a subset of users (say project managers for example).
Let's say you have already created your custom menu items. Maybe you've created a top level menu called "Reports" and a set of submenus, one of which is called "Special PM Report" and that is the one you would like to only be available for Project Managers.
Step 1
From Query Analyzer run the following statement against the Project Server database:
SELECT
wsec_page_menu_id
FROM
msp_web_security_menus
WHERE
wsec_menu_custom_name = 'Special PM Report'This statement should return the identifier for your menu item. In my case the value was 150.
Step 2
Next use that value to update the security pages table. I will set the security feature to 150 to use the User defined 1 field
UPDATE
msp_web_security_pages
SET
wsec_page_act_id = 150
WHERE
wsec_page_menu_id = 10007Step 3
Rename the User defined 1 field to something a little more readable.
UPDATE
msp_web_conversions
SET
conv_string = 'View Special PM Report'
WHERE
conv_value = 90150
AND lang_id = 1033Step 4
Now you need to set the security to allow viewing of the report. In our case we wanted the new report to be available to project mangers so we can start by modifying the Project Mangers group to allow the viewing of the report. In PWA: Admin > Manage users and groups > Groups > Project Managers > Modify Group > Global Permissions > Special PM Report > Allow.
Step 5
Finally, you must ensure that the other groups are set to not allow viewing of the report. To remove access for Team Members (that are not also Project Mangers), in PWA: Admin > Manage users and groups > Groups > Team Members > Modify Group > Global Permissions > Special PM Report > Not Allow. (Note that "Not Allow" means to ensure that Allow is deselected. Selecting Deny in this case would mean that a user assigned to both the Project Managers group and the Team Members group would not have access to the page.)
That should do it. Try it out.
For more information check out the article Microsoft Project Server Security Enhancements in the Microsoft Project 2002 SDK. (Yes, the 2002 SDK. I'm not quite sure why this article did not make it into the 2003 SDK.)
