Expand my Community achievements bar.

SOLVED

Limit Access to Projects

Avatar

Level 2

I have several projects set up, and I have several project managers. I desire to allow the project managers to see only projects that belong to them (either project that they own or that have been shared with them). Basically, a project manager does not need to see other projects from other project managers unless specifically shared with them.

However, the problem is that everyone seems to have at least view access to every project no matter what I do! If they click on Projects > All, they can see anything and everything! And it's not just the project managers, it seems to be EVERYONE!

The access always seems to be hidden in the Inherited Permissions. I know that I can remove Inherited Permissions project-by-project, but we have too many projects to do that scalably. Further, you cannot remove Inherited Permissions from the project templates---only after the project has been created. So, there is no streamline for this.

I thought that maybe it was because I was sharing access with groups that were too high. But I tested moving a user exclusively to one subgroup that had no projects, and they can still view everything.

I thought maybe it was that the Access Level was too high, so I moved the Access Levels to No Access for projects hoping to restrict view down to projects that were shared or owned by the project manager, but that totally removed their access to projects.

Can anyone point me in the right direction? Is there any way to only let people see the projects they are on? It seems like this would be a really simple thing. What am I doing wrong?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 4

If you're using Portfolios, you might need to look into your Portfolio sharing. Most of our users get their inherited permissions through the portfolio, so as soon as a project gets placed into a portfolio, the proper permissions get automatically added. If "Visible System Wide" is set, that's likely why they're getting view access to everything. It could also be that they're getting automatic access based on their role (we have some sharing set up so that anyone with specific roles can get auto-manage access within the portfolio).

Sometimes a trick that I like to use is to pretend to re-share a project with someone that received inherited permissions. There should be a little "i" icon that pops up next to their name and it'll tell you where the inherited access came from. So in this example, I can see that my Test user got view access through a group that they're in. Might help narrow down where you should be looking.

0694X00000G7cvHQAR.png

View solution in original post

4 Replies

Avatar

Correct answer by
Level 4

If you're using Portfolios, you might need to look into your Portfolio sharing. Most of our users get their inherited permissions through the portfolio, so as soon as a project gets placed into a portfolio, the proper permissions get automatically added. If "Visible System Wide" is set, that's likely why they're getting view access to everything. It could also be that they're getting automatic access based on their role (we have some sharing set up so that anyone with specific roles can get auto-manage access within the portfolio).

Sometimes a trick that I like to use is to pretend to re-share a project with someone that received inherited permissions. There should be a little "i" icon that pops up next to their name and it'll tell you where the inherited access came from. So in this example, I can see that my Test user got view access through a group that they're in. Might help narrow down where you should be looking.

0694X00000G7cvHQAR.png

Avatar

Level 2

Ah! Alas! That was it! Apparently, I shared the portfolio with a high-level group and that gave inherited permissions to dozens of people so that everyone in that group could see all projects in that portfolio! Removing the group did the trick! I have now learned to be as minimalistic as possible when sharing an object.

Also, the little (i) trick really helped! That was the bullseye in terms of narrowing down where the inherited permissions were coming from. I don't know why I didn't think of that before.

This was perfect! Thank you so much!

Avatar

Level 5

On a side note, I put an idea in Innovation Lab awhile back asking for the ability to remove inherited permissions by individual user. The only option is to remove ALL inherited permissions. Vote if find this helpful!

Idea: Allow someone with Manage permission to remove just ONE inherited permission on an object (cur...

Avatar

Level 10

Hi

I agree with @Chloe Rock‚ , in addition to above suggestion it is also possible to give view access via template also. If the specific template for specific portfolio type, it also makes easier after creating projects. Then even the project manager don't have access via portfolio then can see via access given via template too. Even you can create a team of managers and share is there also.

This will also reduce the challenges we face for inherited permission part.

Mvh

Kundan.