Security is a BIG piece of Project Server 2010 as we all know.  Many questions arise and I find that they are more around the Security Approach, meaning for our organization, how do we want to implement security.  There are several guidelines on setting up permissions and many of us would agree that a Role-base permission approach is the best practice.

Once you know your approach, Microsoft has documented the necessary options/functions of Security of Project Server 2010.  For this helpful link we thank MSFT:  http://technet.microsoft.com/en-us/library/cc197354.aspx

Looking forward to additional security questions and follow-up.
Have a great day.
-Jacques