Having permissions denied by default is fine. HOWEVER, you need to create an option where a resource can automatically see all tasks assigned to that resource regardless of permissions. Without this feature, it is counter-intuitive and cumbersome to create a way for employees to only view tasks that are assigned to them when you have a project task group involving multiple employees and where you do not want employees to see tasks assigned to other employees for that project.
Right now, the only solutions are either to (1) set individual permissions for each and every task assigned (which takes a long time), or (2) for every project, create sub-groups for each employee (which is also cumbersome and time-consuming.
Ideally, there would be an automated way to have projects which contain tasks assigned to various persons where each person can only see the tasks assigned to them. Giving us the option to allow employees to automatically see all tasks assigned to them, regardless of permissions, would be the easist way to solve this problem.
I have to believe that other companies have run into this same situation where they don't necessarily want all employees on a project to see all the tasks associated with the project.
My two cents,
Mark
