I have a user that will be auditing our team projects.We have 200+ projects and he needs access to all of them at stakeholder level. how can I add this user to all team projects, without having to click through the web interface. Can I script this out somehow?
Related
I've got a TFS server in which team projects exists. These team projects have area paths below them. These area paths represents projects of certain customers. We want to give customers access to their area path.
The problem is when we do that they automatically gain access to all other area paths withing that team project. Is there a way of limiting access so the customers can only see their area path and nothing else?
No such a feature to limit users in team project level with the area path set.
Area path only restricts the users on work items:
Area paths allow you to group work items by team, product, or feature
area. Whereas, iteration paths allow you to group work into sprints,
milestones, or other event-specific or time-related period. Both these
fields allow you to define a hierarchy of paths.
Please see About area and iteration paths (aka sprints) for details.
So, if you don't want to the users see the specific team projects, then you just need to remove the users from the related TFS groups.
If you just want to restrict the users on manage the sources/files or source control on specific Repository/branches, then you can create teams or groups and set the permission accordingly. Please see below articles for details:
Add teams and team members
Permissions and groups in VSTS and TFS
As mentioned in this thread, by design a team can access other teams backlogs and work items.
To deny different teams access to other teams work items I used a workaround which might work for you as well.
The workaround is to use TFS security groups to limit teams access to area paths. By default, every team is created as a member of the default security group [project]\Contributors which gives the team access to all area paths.
Here are the steps I followed:
Create a new security group for every team
Make the new groups members of the Contributors default group
Add every team as a member of its new respective security group
Remove all teams from the Contributors group
In the project's areas admin screen, open each area's context menu and click the security option (check this article)
In the security view, add the newly created security groups
For each group, allow/deny the permissions based on your requirements
Please note, this workaround will not hide other area paths from the users in the not allowed groups. They still can navigate to backlogs of other groups but they will not view or edit the work items. This behavior is same for reports and dashboards as well
What is the difference between work teams and TFS groups?
because I see that they are the same privileges.
Simply say they have the same and different points.
Same:
A group of people;
Can manage security permission based on Team, or Group. Assign
permission to team or group.
Different
Team is used to reorganize team project, user can select to show data
within team project, or a specified team. See Configure team settings and Add teams and team members for details.
Group mainly used to manage security for TFS users.
You can also reference below article to understand the teams and groups:
Understanding teams
Team Foundation Server Security for Users and Groups
Configure initial groups, teams, members, and permissions
About permissions and groups
My question is how to create client specific projects in JIRA cloud, so that clients can't view company's internal project and are restricted to their own project view in JIRA?
You'll have to configure:
User Groups
Project Roles
Project Permissions
Typically your customer users are part of a customers group. Your internal users are part of other groups, e.g. internal.
Within a project you have different roles. You can assign groups to a role, ie. customers can have the users role in the project that is relevant to them. Your internal people can for example be in the developers role of projects that are relevant to them.
In a project's permission scheme, you then configure which permissions correspond to each role. If you assign the browse permission to the users role, and the customers group has that role, then they will be able to view the issues in that project.
If you don't put the customers group in a role then they won't be able to see or do anything with the issues in that project.
I am trying to migrate source control only from a TFS2013 system to VSTS and I have a question about how to manage user migration.
We have been using TFS since it was released and have a >250000 changeset history that we would like to preserve.
We have linked our Azure AD to the VSTS project and I have added in a relevant group that contains most of our current users, but these are not showing up in the user mapping screen presumably as they are not 'proper' users until they have logged on and applied their MSDN license. Is there an easy way of adding around 200 users to the system and applying a license?
Most of the other users that require mapping have long since left the company but it is useful to see which person made which changeset. This class of user will never have an active account on TFS but the current system would force me to remap these users to a current account losing that information. Is there any way of keeping this data?
We have a situation where TFS was taken into use when we all had 2 user accounts. We started using TFS with account A but, after a while, found out that account B was better. In the end we want to use the A accounts only for RDP sessions. We would now like to remove all the A accounts from TFS so that we don't make mistakes in assigning tasks to a person.
Deleting the old accounts from the AD is not an option, we still use those accounts for RDP sessions. What we did was migrate all the WI's from account A to account B. Thereafter I removed all permissions for the old A accounts, with in mind that TFS would clear those accounts since they are no longer in use. The double account in the assigned-to field
Unfortunately the old accounts are still visible despite they are no longer involved in any project or group. No rights for the (development) user
How can we remove those accounts from TFS? Maybe there is somekind of cache that needs to be cleared somewhere, or a rebuild of the warehouse?
Thanks in advance!
By Default the Assigned To field shows the list of all Valid TFS Users (this is a specific TFS Group). So if you don't want somebody to show up in that list you have to make sure they are not in the Valid TFS Users group. If you inspect this group in the TFS Admin interface you can see which other groups are members of it. Now it's just a matter of tracing through the many TFS security groups to make sure that those user accounts are not included anywhere that would result in them being part of TFS Valid Users.