In Project Server 2003, access to projects, resources, models, and views are controlled by means of security categories. In order to automate the administration of Project Server, security categories use a set of rules to define the objects to which a particular user has access.

Project Server 2003 uses RBS to help define the following five category rules for security categories:

• Allow users in this category to view all projects managed by resources that they manage (Project).
• Allow users in this category to view all projects assigned to resources that they manage (Project).
• Allow users in this category to view information for all resources that they manage (Resources).
• Allow users in this category to view all information for all resources that they manage directly (Resources).
• Allow users in this category to view models created by resources that they manage (Models).

It is recommended that you start with the standard security settings that are available by default (My Resources, My Direct Reports) in Project Server 2003 when you are applying RBS to automate security management. For example, you can use RBS to configure the following Project Server security categories:

• My Resources   This category is used to determine which resources a resource manager is allowed to view. Resource managers should be able to view all of the resources that they manage. You can set this RBS hierarchy by using the Allow users in this category to view information for all resources that they manage rule. Project Server 2003 uses RBS to assign resources by finding every resource in an organization that has an RBS code that is subordinate to the RBS code of the resource manager. A resource manager is any position within the RBS that has subordinate (one or more levels below) positions.

   Note   When creating RBS, use group names rather than individual names because group names change less often than individual names. This minimizes changes to the RBS hierarchy.

• My Direct Reports   This category uses the Allow users in this category to view information for all resources that they manage directly rule to allow only resource managers to view resource data for resources immediately subordinate to (one level below) them in the RBS.

Before determining the best approach to RBS for your organization, examine the default security categories that are available in Project Server 2003. RBS is an important part of defining Project Server security categories.

RBS rules (circled) on the Security Categories page in Project Web Access.

Each of these rules is based on resources that the users manage, which is determined by RBS. If the RBS that is assigned to a manager is an outline parent of the RBS of a resource, Project Server 2003 can determine that the manager manages the resource.