What is the best practice for Security Groups in Project 2010 Adminstrator Setup?
Is it best to keep out of box Security Groups intact and not change them? Should we copy / rename / modify groups for my company’s use?
Will changing the existing out of box Security Groups (without a copy/rename) pose an issue for future patches, upgrades, Service Packs, where our work would be overwritten?
Is it not easier and more efficient to test your setup by comparing the “intact” Out of box group vs. a renamed/modified group?
Rob Harris, PMP
Robert,Very good question that I’m sure will prompt a few opinions. I like using the out of box security groups as they provide a good base for incorporating changes to permissions. If you aren’t very familiar with Project Server security you might want to copy/create your own so that you can validate what you are changing. It would be a bit of work (and a bit of risk to make sure you duplicate them correctly), but using out of box security groups/categories won’t cause any issues with future releases. Hope that helps.
I was always told to leave the default groups intact even if you intend to create your own groups and categories. In the MSPE book on Project Server administration, they have a “Best Practice” box which states:
“MSProjectExperts recommends that if you do not need any of the default groups that ship with Project Server 2010, that you set the description for those groups to “Not Used.” If you do not wish to use a group, simply remove any users included in the Users section of the group. You can create a replica of each standard group using Security Templates if you do not alter the templates. This is a strategy you can apply both before and after the first time you make changes to the built-in security groups.”
I would also recommend adding groups and categories to your administrative back-ups. If you accidentally delete one, there’s no way to get it back unless you do.