Disable TFS check-in permissions at the server or collection level - tfs

I want to deny/restrict users from checking-in/out files in TFS. We are using TFVC with 2017.1 TFS.
I know I can do this at project level but that will be cumbersome as we have 200 projects. Is this something doable at root or collection level. I just want Collection administrators to have access but no one else.

Navigate to the Security page for any of your Team Projects in the collection, like:
https://account.visualstudio.com/project-name/_settings/repositories?itemPath=%24%2Fproject-name
Then change the itemPath to $/. That should bring up the security page for the whole collection:
https://account.visualstudio.com/project-name/_settings/repositories?itemPath=%24%2F
Screenshot from Azure DevOps, I no longer have TFS 2017 at hand.
Or use Team Explorer's Source Control Explorer to get to the Security dialog inside Visual Studio.
Set the appropriate denies here and that should cascade down.

Related

File level access permission in TFS

I have my TFS server and it has multiple branch like Dev,Test, UAT and Main. my problem is I have some security concern regarding web.config resides under Main branch. I want so access mechanism using which I can apply access permission on single file only.
I need that my team lead can only able to see that web.config file resides into Main branch but my developers can't see it.
how is this possible using TFS 2013?
Yes, this could be achieved. The simplest way is through source control explorer, select the file in Main branch from source control explorer and right click it, choose security.
On the pop-up dialog, you could be able to change the related permissions of this single file xxx.config.
In TFS deny trumps allow, then simply change the read permission for the group of developers from allow to deny.

TFS 2015 Prevent Checkin via Web Portal

The Code tab in a Team Project's TFS web portal allows users to check in/out items. Is there a way other than assigning users to the Stakeholder access level to prevent them from being able to check things in via the Web Portal if they have the permissions to actually check into a Team Project? It seems like you cannot explicitly exclude the Code tab form the Default or Advanced access levels, nor can you define a custom access level.
Our issue with the check in of an item from the Web Portal is that it does not evaluate any check in polices, nor can you associate the object you are checking in with a Work Item. We to want enforce developers using only Visual Studio to check in items into source control.
TFS doesn't provide the feature to stop users from checking in at web page. The workaround it to give the access level for your users.
Here is an user voice about your issue that you could vote and add comments: https://visualstudio.uservoice.com/forums/330519-team-services/suggestions/19026091-prevent-users-to-check-in-changes-from-tfs-web-pag
Maybe that you could consider to user Git version control in TFS. In Git repository of TFS, it provide git branch policies that may solved your issue. This is much similar to the check in policies.
Here is a document about move from TFVC to Git: https://www.visualstudio.com/learn/migrate-from-tfvc-to-git/

Visual Studio Team Services (TFS Online) - Restrict access to code

I need to restrict access to source code for certain users (e.g. testers from a third-party company), but still give them access to the project for logging bugs etc. How can I achieve this? I cannot see a permission in the security tab that relates to source code access.
Assuming TFVC: Right click on the folder you want to exclude from the "Code" tab in the web and go to "Security". If you're using Git, choose "Manage Repository".
The Security area in the admin console does not show security for all aspects of the application.
I was able to achieve this in GIT TFS by removing the users from the "Contributor" Group.

change check-in setting for entire project

We have a TFS server setup with three projects. Recently we wanted to change TFS so that code checkins had to have a Work Item Number associated with it. I was able to accomplish this by:
In Visual Studio
Team -> Team Project Settings -> Source Control
Then select checkin policy tab and add "Require associated work items."
Source
The problem is that it only seemed to work for one of the three (the first one) projects. I've tried Team -> Team Project Collection Settings but there is no option for the checkin policy.
I've also tried highlighting the individual project I wanted to change the check in policy but they all seem to show that the checkin policy has been setup correctly for requiring a work item with code checkin.
How can I change the settings that all the projects on the TFS server have the same checkin policy?
Check-in policies are set per team project. There is no global meaning collection or server level way of setting and enforcing check-in policies on all of existing and future team projects. You will need to add appropriate check-in policies for each and every team project you need using the project level source control setting in Team Explorer. You can also use TFS client SDK to automate that process to iterate all or some of the existing team projects and add check-in policies. Another option is to take advantage of TFS server side events to get notified when a new team project is created and add check-in policies in response in case of automating the configuration of check-in policies for newly created team projects.
Team Foundation Server Event Service

Team foundation Server and Work Item

I'm looking for a way to add work items into tfs from the project portal that it creates. Basically we want our helpdesk to be to raise workitems inside of tfs, so we can then track the build etc that there fixed in.
Can anyone shed any light on this?
Microsoft released the Visual Studio Team System Web Access 2008 Power Tool.
Base download
Service pack 1
Team System Web Access SP1 lets you do all the things you can do in Visual Studio in your browser. You can view, create, and edit work items, associate work items with each other and with changesetsand view source, diffs, changeset contents, and branches.
SP1 also includes what was once called TFS Work Item Web Access. Work Item Web Access lets users without TFS licenses submit and view work items through the browser.
With a little SharePoint magic you should be able to frame Team System Web Access within your existing team sites.

Resources