One of the main configuration items with respect to Project Server / Project Online is the creation of project level Enterprise Custom fields and their layout on separate Project Detail Pages. Assuming that you are not using workflow* then by default anyone with read access to the project can see all of the fields on the PDP, and anyone with with write access (obviously this includes the project owner) has the rights to change any of the fields at any time.
Securing Project Enterprise Custom Fields
Example Customer Requirement
Budgets and cost fields often contain the type of data that needs to be protected, and in my scenario my customer only wants the members of the Portfolio Management Office (PMO Group) to be able to update the Budget and Cost fields, but they realise the value of all the project team members being able to view these fields.
In order to implement this requirement, we’re going to need to setup 4 ECFs, two that are used for display purposes only, and two that can be edited by the PMO. Historically this duplication of ECFs would have caused us an issue due to the reporting limitations of oData, but Microsoft kindly fixed this (https://support.office.com/en-gb/article/Project-Online-software-boundaries-and-limits-5a09dbce-1e68-4a7b-b099-d5f1b21ba489) and we can now have up to 450 other custom field types (cost, date, duration, number, flag).
Setting up the ECFs
The 1st field I’ll set up holds the Updated Budget. This field will be edited by members of the PMO only. It’s just a normal Project level ECF of type cost.
Next, set up the Approved Budget field. This field holds a copy of the Updated Budget which is set by using the formula
Approved Budget = [Updated Budget].
This field can be viewed by anyone with view access on the project.
I’ll also set up Current Cost, and Latest Cost in a similar way. Current Cost = [Latest Cost]
Creating the PMO group who can edit Updated Budget and Latest Cost
From the default PWA page, use the gear icon to create a new group under Users and Permissions and then add the relevant users to this group.
Setting up the Project Detail Pages
The trick here is to create a new PDP with containing two Project Web App Basic Info web parts.
Add them both to the page. For the 1st web part, add in the read-only fields, and change the title to something appropriate (eg Cost Information)
The 2nd web part needs a little more work.
1. Add in the editable fields (eg Updated budget and Latest Cost)
2. Change the title to something appropriate (eg Updateable fields – only seen by the PMO Group)
3. Browse to the bottom of the Edit Web Part dialogue box, and expand the Advanced Tab. Select the previously created group as the Target Audience.
Add the Project Detail Page to the Enterprise Project Type
This is well documented elsewhere… so I’ve just shown you the screen shot here…
Update the project as a user who is a member of the PMO Group
Open and edit the Project as a member of the PMO Group. You can see both web parts, and you are able to edit the Updateable fields web part. Note that of course I’m expecting these users to be a member of the relevant groups within Project Online.
View/edit the project as a user who is NOT a member of the PMO Group
Here I’m logged in a the user Rachel Hales, who has rights to edit the project but is not a member of the PMO Group. Note how the Updateable fields web part is not displayed for her.
*workflow will only allow to specify during which stage a custom field is displayed and editable, it does not allow you to specify who can edit the field.