This behaviour is by design if you don’t give sufficient privileges in the Internet Explorer Security settings. The solution is as follows :
Configure Internet Explorer permissions for ActiveX controls
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Security tab, click Trusted Sites, and then click Sites.
In the Add this Web site to the zone box, type the Web address for your Microsoft Project Web Access site if it is not already present. Click Add, and then click OK.
For the following five ActiveX controls and plug-ins settings, click either Enable or Prompt, depending on whether you want to be prompted before you load ActiveX controls:
-Download signed ActiveX controls
-Initialize and script ActiveX Controls not marked as safe for scripting
-Run ActiveX controls and plug-ins
-Script ActiveX controls marked safe for scripting
– Enable Access data sources across domains (needed for data analysis)
On the Project Server 2010 however you won’t encounter the same issue as this uses ajax instead of the activx controls that need to downloaded.
If you really want to limit this somehow due to security concerns you could create a GPO and assign it only for the users (AD Group) that really need to connect to the project client and need to export data from PWA.