Clarity

User cannot see project in project list.

User is set as project manager and still dont see the project.

If custom portlet from object project is created than user can see project in list.

2 users has similar problem but for not the same projects.

CA PPM version 13.3

Did anybody meet this?

Vit

can you check the avp settings ?

NJ

Hi Vit,

Can you check in database if that project exist and last updated by column is -99?

Regards

Suman Pramanik 

in inv_investments, odf-ca_inv, odf_ca_project there is in column "last updated by" 5mil number which represents PM who cannot see this project

Does the user has the rights to see the project? can admin see the project in project list? 

yes admin can see project in list adn PM can see this project in other portlet but not in project list

AVP settings on project list is set to  max - Use display conditions and secured subpages to protect attribute values on this list

OBS? 

I am not sure how your security is setup, but what if your project is in a confidential OBS, and the PM does not have access to that OBS?

no security OBS used

Hi Vit Posel,

Try this please - from the DB (inv_investments), get the ID (5 mil number) of the 'missing' project. In Project List page, click any project which the user has access to and change the 5mil number to the ID of the missing project and hit enter. 

If the user gets a permission error, then you need to check access rights for that user. If the user is able to view the project, then you should be checking at the filters being used in the project list page. 

Let me know how it goes.

Thanks,

Jerin    

He is able to do editing on project. He can open project from another portlets. And he is able to do editation on project pages and WBS changes Status reports etc. He is only not able to see this project in project list.

The only thing I can think of is rights corruption and that we can find only when we create a user with similar rights who can see the project and compare with non working user,

Newly created user with same rights can see those projects.

Hi Vit,

Will it be possible to share the trace and as Dave said it would be good to have the support ticket as its a clear evidence of rights corruption at database layer.

Regards
Suman Pramanik 

I've seen - very occasionally and under specific circumstances - the project manager losing access to their project (which they should get via the Auto-Project Manager access right) and everything "looks ok" in the system with regard to access right setup etc.

The quick fix for that was to (logged on as the admin user who can see the project) change the project manager to someone else ; save the record ; then change the project manager back to what it should be and save it again.

Might not be the same cause, but perhaps that "fix" might help.

Thank you David but I tried this as one of my first try.

Problem is that second user which cannot see one of those projects has global right to see and edit all projects.

We try to take from him all rights - take him from all groups and then put him back ... no change.

Vit

Definitely sounds weird.

--

The application uses a couple of VIEWS to determine whether a user should be able to see a project.

This boils down to checking these two views with the relevant internal ids (5000000 numbers);

SELECT 1 FROM odfsec_project_v v
WHERE v.user_id = <<user id to check>>

SELECT 1 FROM odfsec_project_v2 v2
WHERE v2.object_instance_id = <<project id to check>>
AND v2.user_id = <<user id to check>>

(first view is checking whether the user has a global right, second whether the user has a specific right to that specific project).

For the application to show a user a project, either one of those views should return '1' - if both views return empty then the user does not have the access to see the project.

I use the above logic in an admin portlet to check whether people I think should have access to a project (users named in a custom attribute as a project role), do actually have access to the project that they are named against.

--

HOWEVER, since you say that your one user has a global view right, that alone sounds wrong enough to warrant raising a support call, since I'm not sure anyone on here would be able to help you without access to your system/data.

Thanks ... I will try test your logic with queries you sent. Then with result we can go faster with support. Thank you anyway for your time.

Vit

It doesn't sound like a security issue, more like a filtering issue for some reason.

Check in the list filter field settings to see if any of the boolean filter fields are set to a check box. If they are, change them to a pull down. I have see that restrict which projects can be viewed in the list view when a value is selected for that filter field.

Click Show All on the list page and see if they can see the project in the list.

Thanks Janet, for sure we try Show All - no change

I haven't checked if this is a possibility - but is your project object partitioned, and is the project manager a member of that partition?

It's one of the only non-rights masking methods of a record I can think would apply to the list views.

can you try to publish all views on project object?

does this help?

BR

Davor

I would not suggest this action as it will replace all user's configuration changes to the pages.

Further, the only configuration within regular object list views that affects the visibility of data are (apart from the actual view permissions) Attribute Value Protection (or 'AVP' for short) settings - and these only affect the visibility of the cell data and not the rows themselves.

At best, if it is suspected that somehow the views for an individual user have become messed up, then you can go to the configuration icon/action for that user's view and under the configuration properties page choose Restore Defaults.  This is effectively a 'publish' for a single user, and wouldn't then impact the configuration of all the other users.

However in this case, it should not make a difference to the results either way.

I agree with you Nick. When you publish the views, you are replacing personal setup and this might be disadvantage if many users are using personal settings.

Anyway, I remember having seen something like that in a 12.x version before and I think the problem was solved by publishing the views.

BR

Davor

publish view doesnt have any impact on that.

Did you get a chance to look into this suggestion yet?  Just curious.

nick_darlington wrote:

 

I haven't checked if this is a possibility - but is your project object partitioned, and is the project manager a member of that partition?

 

It's one of the only non-rights masking methods of a record I can think would apply to the list views.