Call Us Today! 1-800-895-3254
[email protected]
Microsoft Training
Integent offers a comprehensive portfolio of training services, with an ideal fit for every organization. Ranging from general courses to custom solutions, we have you covered.
Learn About TrainingSee Full list of Courses
Microsoft Consulting
Integent provides consulting services for a variety of Microsoft applications including Microsoft Project, Project Online, Project for the Web, Dynamics 365, and Microsoft SharePoint.
Learn About Consulting
Microsoft Support
Microsoft technologies set the standard for project portfolio management, business applications, collaboration, and more. Integent has flexible solutions to support every customer.
Learn About Support
Microsoft Project
Integent has the knowledge and experience to help design and deploy a solution to help your organization manage projects and resources more effectively
Learn More About Microsoft Project
Microsoft Dynamics 365
Integent can help you nsure business continuity with a custom cloud solution that connects sales, service, finance, and operations teams to deliver results.
Learn More About Dynamics 365
Microsoft SharePoint
SharePoint is Microsoft’s collaboration platform that is a place where team members can communicate, exchange data, share files and much more.
Learn More About Microsoft SharePoint
Microsoft Power Platform
Consisting of Power BI, Power Apps, Power Automate and Power Virtual Agents, the Microsoft Power Platform helps streamline and improve business functions.
Learn More About The Power Platform
About Integent
Integent was founded in 2009 on the principles of building long-lasting relationships with customers, exceeding expectations, and providing outstanding customer service. 

We’re dedicated to providing a customized solution backed by our knowledgeable team of Microsoft experts.
Discover What Makes Us Different
GSA Schedule
Integent is GSA Schedule Contract holder. A GSA schedule helps simplify selling our services to government customers.
Read More Here
Stay informed on Integent’s latest company updates and other important industry information. Our passion is customer success.
Read The Latest News
Learning new software doesn’t have to be difficult with our library of dozens of free training videos. Our video training always has something new.
Browse Our Training Video Library
Our industry experts share best practices and common pitfalls to avoid, in order to get the most out of your technology solutions.
Discover More

April 23, 2021

Microsoft Project Online Training - How to configure security in Microsoft Project Online


Security and Permissions in Project Web App

Permissions are what allow users to perform a specific function or action with Project Online.  The security configuration uses Allow and Deny or no selection to configure each and every permission in Project Online.  It is these security settings in the project management tool that ensures team members, project managers, and the entire project team are able to perform their requires tasks in the tool.

For example, the View Project Center permission may be allowed or denied for a given user or group in the system.

To provide more detail, there are two types of permissions in Project Online

  • Global Permissions: These are permissions that are granted or denied that provide the ability to perform actions throughout the entire Project Online system, agnostic to a resource or project.
  • Category Permissions: There are permission that are granted or denied that provide the ability to perform actions on specify resources and/or projects.  Category permission are assigned at the category level.  More in this later.

To make Project Online security more complex, permission may actually be set in a number of different places with the cloud based Project Web App system.  Permissions are allowed or denied by selecting the checkbox in the Allow/Deny columns.  There are MANY permissions to consider and set.  If neither box is selected, the default state is Not Allow.  The Not Allow selection does not prevent a user or users from accessing a specific feature of they are granted the permission in some other way. 

For example, the user may belong to two security groups ( Project Managers and Resource Managers).  Although the permissions in the Resource Managers group will have Not Selected for opening and editing projects, the Project Managers group will have it set to Allow.  It is always best to leave a permission at No Allow (no checkbox selected) than to select Deny.  In the scenario just noted, of the Resource Managers group had the Open and Edit project permission set to Deny, the user that was a member of both groups would ultimately not be able to manage projects as a Project Manage because the Resource Managers group specifically Denies that ability!

Remember, it's the proper selection of Allow and Deny to the various permissions that allow project managers to perform proper project planning, update tasks, see data in Power BI reports, and connect via the Project Online Desktop client.

Permissions are configured by choosing Project Web App Settings from the Project Web App Settings menu.

Again, It is important to consider when you are configuring a permission to Deny that the Deny setting supersedes any Allow settings that apply to the user for that permission by means of other group memberships. Limit your use of the Deny setting to simplify permissions management for large groups of users.

For organizations that have a large number of users, assigning and administering permissions on an individual basis can be an overwhelming task. In these cases.  Well Actually, in most every case it is best to use and assign permission at the group level.  And only at the group level.  This will make assigning and troubleshooting permissions much more direct.  Imagine trying to troubleshoot a permission for a specific user in a Project Online environment where permissions have been assigned at both the user and group level!

Groups in Project Web App

Groups contain sets of users who have the same functionality needs. For example, project managers within your organization may need the same set of Project Online permissions, while executives or resource managers might have different needs.

 Note: Group membership consists of users only. Groups cannot contain other groups.

Users can belong to multiple groups. The following default groups are available in each instance of Project Web App that is in Project Server permission mode. Each is assigned a set of predefined categories and permissions.

Administrators usually assign permissions by adding a user account to one of the built-in groups or by creating a new group and assigning specific permissions to that group.


Categories are collections of projects, resources, and views. Categories define the scope of the information accessible to a given user or group.  Again, it is highly recommended to only assign categories and apply permission at the group level.  This provides an easily maintained system

Resource Breakdown Structure

The Resource Breakdown Structure (RBS) is a hierarchical security structure typically based on the management reporting structure of your organization. The RBS can be an important element in your Project Web App security model when it is used to define the reporting relationships among users and projects in your organization. When you specify an RBS value for each Project Web App user, you can take advantage of the dynamic security options that can be defined for each security category.

The RBS structure is defined by adding values to the RBS custom lookup table that is built in to Project Web App. Once you define the structure, you can assign RBS values to individual users by setting the RBS property in the user's account settings page. Once the RBS is configured, Categories can use RBS codes to dynamically determine which projects and resources particular users can view or access. 

© Copyright 2023 | | All Rights Reserved
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram