So as as i was going through the managing security in my last post and left the subject of RBS for next post, so starting here with RBS vs Security Category, so when should you be really using RBS
Though the topic is quite subjective and requires discussion but trying to make it somewhat objective you will find many other view points so here is one of mine
Also i wouldn’t be going in details on configurations and other aspect of RBS as there are so many great posts out there which already gives what you would need
When should you Consider RBS
Only if you want to limit access to Project and Resource data based on your organization hierarchy or to be more specific say reporting hierarchy then you should go with RBS, where in any resource would be able to see data at his peer level or below
But what if someone would want to see data above there level ? you might end up mixing RBS with Category & groups and this has what has caused problems with security my personal recommendation try avoiding mixing RBS and security categories & groups as much as possible (not that it shouldnt be done, its just my experience), else at times there are unintentional circular relationships built and it becomes difficult to trouble shoot security issues on who is assigned where and what RBS is doing / restricting and where category is playing the role
Many a times it has been asked how to handle/accommodate vendor resources within RBS, hence thought this reference might be useful in getting better insight & understanding
When you should consider Security Categories instead
If security is required to be role based, rather than hierarchy example PM needs edit access to his own project which in any case he will have, but as a fact of transparency need read access to all other projects (Cross business unit products )
In my opinion using Role based security model i.e. Categories is more flexible & manageable than RBS and with project server 2010 onward having Dept as another filtering mechanism you can make use of the combination and derive what you want easily than ever before
but as pointed out in last post managing security categories are not always easy & often leads to manual overhead but customizing it might be a good option for managing overhead
Nice One…. 🙂