We are often asked by users how one can secure a project they wish to publish using Web-Sharing so that the public will be unable to access it. The follow-on question to this is how permission settings can be set within a given project as well. This user tip covers both questions.
Securing a Project
In order to secure a project so that it is not accessible to anyone, please do the following.
- Select File > Project Settings…
- Click on the “Misc” tab
- Place a checkmark under the Security option: “Hide from anonymous users”
This will protect the access rights so that the project file will not be accessible by all (public).
Permission Settings
Merlin provides a simple way to configure permission settings for those users you want to access a given project file. Here are the basic steps involved:
- Create a resource for each individual who you want to access the project
- Select a resource from the Resource window (Show Resource Well)
- Bring up the Permissions Inspector (see key icon) for the selected Resource
- Place a checkmark in the top field “Is a User” and assign a password (this is the username and password for the Resource to access the project file)
- Now the fun part: Select from the nine read & write permissions listed to configure the specific access rights for that user
As you can see from the screenshot above, setting up permission rights is not only easy, but the configuration options are very flexible to meet your needs.
If you have someone in a group that have permissions and he has a personal record with other levels of permissions, which will be the ruling situation?
May users and groups defined in one project be used in other projects? Or do the have to be redefined in each project?
Merlin 2 has no global resources, so you need to define the resources on the other projects as well.
There is a way though not to do this manually each time for new projects; You create a project, insert the resources, save the project as a template and start new projects from this template.
Best regards, Vicky
@MacJules: Members of the resource group will inherit the resource group permissions unless they were set explicitly.
You may read more about it in Merlin web help:
http://www.projectwizards.net/merlin/webhelp/HTML-Help.en/resourcegroups.html
i am testing the Merlin server.
I would like to share projects with users, but they can see all projects that are published. Can you exlude other projects to this users ?
Peter
Hi Peter, you should not forget in this case to enable the security option: “Hide from anonymous users†(as described in the post).
This means, if you have for example 3 projects; two for user A and another for user B.
and user A and B call the URL of the server, they both see nothing at first. When user A authenticates himself, he sees his 2 projects.
And if user B authenticates himself, he sees only one (his) project.
Best Regards, Vicky
Pingback: Merlin – secure projects for access over a web browser » MacPM
Hi, I have followed these instructions, saved the project and closed it. When I try to open it again, it does not recognize the password I assigned to the user 🙁 It is a project with 10 resources but I assigned privileges just to one user and made it anonymous.
Could it be that I was not the creator of this project (got it from someone else)? I did not get it with password protection but I can not open it now due to the password that I assigned to it.
I figured out what was happening – The resource name (user) was written with a ‘:’ to include company’s and person’s name. So I guess no characters can be used in that field to be able to assign it password.
Thanks Carolina for your comment, oh that’s intersting, I forward this information to the development. Thanks again 🙂
Are user’s passwords sent over the network in cleartext (unencrypted) so that someone else on the network could intercept the user’s password? I see that Merlin appears to only use http… not https. I worry about the security implications of both having our project information transmitted over the network so other employees could potentially view data on projects they should not have access to, and also that their password may be stolen by another employee which could potentially give access to other resources like HR data if a user uses the same password on multiple sites. Any info would be appreciated!
Hi Travis and thanks for your comment 🙂
That’s right, Merlin uses http, which is not encrypting user and password.
We forward your comment as a feature request to the management so it can be taken under consideration for further implementations of MerlinServer.
Hi, I have 2 projects in Merlin Server; when I go to the web address one of them shows up in the list even though the “Hide from anonymous users†is enabled. And when I click on that project to get it open, I get the following message: An exception occured: NSInvalidArgumentException -[MEWebProjectList setOpenedFromProjectList:]: unrecognized selector sent to instance 0x4a20f00. Could you please let me know why this could be happening?
When I use the key to use my user name and password to access this project, it rejects it. But I can see the project already.
In case it matters – When I use the key to open the other project with my user name and password, no problem at all.
Thanks for your help!!!
This option is a project setting, so you should enable it on both files. We suggest you check that you are using the latest Merlin Server version (2.7.7) and if this problem perssists, try re-starting MerlinServer. You may also send us screenshots of the problem in Merlin Support. Our mail address can be found in the support page.
<http://www.projectwizards.net/en/support/>
Thanks for your comment.
Problem solved by just turning OFF and ON Merlin Server. Versions were up to date. Thank you!!
Hi!
How is it possible to add permissions on activities’ level itself! Lets say user X can read its activities and can not write, but he can modify the flag or add comments on it?
Thank you!
Hello Faris,
the user may have read & write access to ‘assignments’, while having read only access onto ‘activities’ and/or no access to ‘Data from others’.
Does this help?
Thanks for your comment.
Thanks Vicky. What I really need is to let a specific user to see his assigned activity and modify specific fields.
for instance, Bob has two activities assigned to him. He can access those two activities and change the ‘completion percentage’ field to 100% or set the flag to green flag yet he can’t edit any other field or delete the activity itself.
I don’t know how to do that with Merlin!!
Exactly…
>for instance, Bob has two activities assigned to him. He can access >those two activities and change the ‘completion percentage’ field >to 100% or set the flag to green flag
This is possible by read&write to assignments
and no access to to ‘Data from others’.
>yet he can’t edit any other field
On the assignment? Some properties may not be accessible when changing other permissions.
>or delete the activity itself.
This is possible by read permissions to the activities.
And of course he/she should have only no read&write to settings.
So here is the set:
Users: read
Settings: Read
Data from Others: No access
Activities: Read
Resource: Read
Assignments: Read & Write
Elements: Read
Financial Data: Read
Actual Values: Read & Write
Best regards, Vicky
We have selected “Hide from anonymous users” and we have enabled the check box of “Is a user” and set passwords for each of our users.
When we do a remote open, the project can’t be seen (good) when I select Connect As no user name and password that I enter works.
Name = ??? Resource name?
Password = password set obviously.
I think the issue is the name?? What is this variable?
Cheers
Taryn
Ahhh, the server just needed to be restarted. Seems it got a little confused with all of the changes.
Taryn
cool 🙂 thanks for your feedback.
HELP – we lost all of our Gantt activities after saving 1 user as a read and write.
Do you mean, the Gantt area is closed?
If the Gantt area is closed, you need to drag the area divider for 2 to 3 cm to the left as shown and in the screencast of the following post:
http://www.projectwizards.net/en/macpm/merlin/merlin-gantt-chart-is-missing
It is easier to do so, if you open first the inspector.
Best regards, Vicky
No, The file was empty after the save!
you may send the file to Merlin support, so they can check it.
Thanks and best regards, Vicky
Hi!
I assigned a resource as as user and clicked the set password button but I did not type anything on the password field. Everytime I try to open the file it prompts me for the name and password. Even if I leave the password field blank it would not let me open it. Please help.
Hi Rommel,
please contact our support: support (at) merlin2 (dot) net
and send a copy of your file.
Best regards, Vicky
Hi, is it possible to connect merlin’s permissions in projects with microsoft active directory users’ accounts?
Hi Andrew and thank you for your comment.
This is not possible sorry. Merlin can connect to the local Address Book, Entourage or LDAP for retrieving names, phone numbers and emails of resources. Passwords and Permissions are to be set within the Merlin project.
Best regards, Vicky
Hi,
is it possible to view(and edit) project via web sharing from different internet connection? My project is already ready for sharing in the same wi-fi, but if I try to connect from different internet connection – that is problem.
Sure it is, you need to enable port forwarding.
Please read here how to do so
http://www.projectwizards.net/en/macpm/merlin/merlin-port-forwarding
Thanks Marian for your comment
Thank you for some other great article. Where else could anyone get that type of info in such a perfect way of writing?
I have a presentation next week, and I’m at the look for such
information.
Feel free to visit my web site seo rankings – google.com,
I have the foll privileges set for my team…
Users: read
Settings: Read
Data from Others: No access
Activities: Read
Resource: Read
Assignments: Read & Write
Elements: Read
Financial Data: Read
Actual Values: Read & Write
They can log in, but they cannot change any field on their tasks.
I need them to be able to update Completion%, Flag & new ETC.
How do I achieve that?
Tx
Mike
Hi Mike,
for flagging, creating new activities, they need to have Read & Write to ‘Activities’
For ‘Completion’ the need Read & Write for ‘Actual Values’, but this is already set.
Best regards, Vicky
Thanks Vicky – but f I do this, then the person can delete off tasks as well.
I want the team members to only be able to amend their progress & ETC but not be able to delete/add tasks assigned to them.
This does not seem to be possible?
This is not possible sorry. If you want to enter progress on assignments, you need read&write on those.
You may then flag assignments as you like.
Note: you can change resource’s assignments not the tasks on which they are assigned on.
A ‘read’ only permission to activities, restricts insertion of new tasks or assignments, BUT… by a ‘read&write’ access on assignments, one can still delete assignments.
Best regards, Vicky
We recently invested in the Merlin Server and is working as advertised. However, when I go to unlock the server to make changes, it no longer recognizes my password. I was using it without issue, then a week later (Nothing). Is there a way to reset the admin password?
Hi Jason,
you mean the password you click onto the lock in the bottom part of the pref pane where it reads ‘click the lock to make changes’?
There you enter a name of a profile defined on that mac having administrative permissions and its password.
If the mac is not recognizing your admin user password… here are some tips on how to reset it:
https://discussions.apple.com/thread/5028206?tstart=0
Best regards, Vicky
Pingback: Merlin – secure projects for access over a web browser | MacPM