[VIDEO] Project for the web PERMISSION model review

Project for the web stores its data in the Common Data Service (now Dataflex Pro). The project can be managed directly from the new Project (Office) UI and in the context of a model driven Power App. Furthermore, the new Project uses Office365 Groups which again can be used to manage the security from a Microsoft Teams team. So many areas of a Microsoft platform to keep in sync and why I made this blog post.

All in all, for every new project that gets created in Project for the web, lots of settings are done behind the scenes impacting:

  • Office Groups (admin and members)
  • Common Data Service roles (owner, owning team and project manager)
  • Project for the web (team members and project manager)

There can be many steps to ending up with a certain permission model for each project created in the new Project for the web. One example and scenario could be:

  1. MOD Administrator creates a new project
  2. MOD Administrator is automatically set as the project manager visually in the Project UI (sometimes it takes a few seconds)
  3. Opening up the same project inside a model-driven app shows that MOD Administrator is set as Owner and Project Manager
  4. Both Project Manager and Owner cant be changed in the Power App UI. You can try, but the system will throw an error and block you
  5. MOD Administrator now opens the project in the Project UI and changes the project manager to Adele Vance
  6. In the Power App UI you will now see the new Project Manager but the owner remains the same (the original creator of the project)
  7. You now start to add a person to a task either from the Project or Power Apps UI. You will be asked to create an Office365 Group to manage the security
  8. After the Group is createfd, navigating back in the Power Apps UI shows that the Owner has been replaced from MOD Administrator to a Team User, which will have the same name as the project title, in this case Security Review
  9. If you looked at the new Team User (Owner) it will show that the only member of the team is in fact still the author of the project, MOD Administrator
  10. Opening up the newly created Office365 group will show that the group owner is also MOD Administrator

For those who could follow the above technical steps, you are probably thinking that the scenario shows its almost impossible to change the Owner of a project, and that the Project Manager field doesn’t really impact/sync with the security and permission model. Not ideal but still the case with the current release of Project for the web.

It is also something that I am really hoping will be updated by the Microsoft Project team, as being able to safely change a Project Manager, is a core requirement in most enterprise organizations.

To better explain the above with live examples I made video in YouTube (~16 minutes long), and also please help me surface the need to Microsoft by giving you vote on UserVoice: https://microsoftproject.uservoice.com/forums/914203-project-for-the-web/suggestions/41027752-security


Leave a Reply