TFS 2018 Stakeholder role - tfs

My TFS installation in on premise and I would like to add users to a project allowing them to create and edit work items, but not work as a developer who can create branches or check in code. Is there a default group like that?
I do not see anything in the permission list that mentions code rights.

That's exactly what the stakeholder access level is for. Access levels are different from security groups. Stakeholders don't even have the ability to see the Code tab.

Related

TFS 2013 Web Access - Licence Permissions

As you know, in TFS 2013, from a permissions point of view, we have 3 licences available to us:
Stakeholder
Basic
Advanced
As far as I am aware, Advanced is the only way of accessing 'TEST' area (Test Case Management), however, is it possible to create 'custom' security licences as we would like to give access to certain users to the 'TEST' area but not have them access other areas where they can create other WITs or potentially modify open WITs - We just want them to be able to view and run Test Cases + create a BUG where required.
We are using TFS 2013 On Premise.
No, we cannot achieve that. We cannot custome the access levels to add/reduce the supported features for each level.
For TFS 2017 and earlier versions, you should assign the Advanced
level to those users for whom you've purchased the full Test feature
set.
Advanced access level include all Basic features. And TFS doesn't provide a more granular permissions settings. So we cannot restrict the users who in Advanced access level to only view and run Test Cases + create a BUG. That is contradictory. We can only set the user permissions based on the existing options.
Please see About access levels; Change access levels and Permissions and groups in VSTS and TFS for more information.

TFS 2017 Permission management seems to be least Privledged?

Background
I'm working on implementing Agile permissions along with Code permissions for a TFS project. There will be multiple teams in this project, we currently have 3 but will grow. I am set up with Project Admin rights.
Area Permissions
At the root TFS Area Project Admins have the ability to create, delete and edit this node rights. Team members do not.
Problem
When I add my self to one of the teams groups I'm no longer able to delete items from this node even though I am a Project Admin. That means I can never be a part of the teams? This will hurt me in capacity planning amongst other areas where I work on tasks when not administrating the project.
Am I missing something? Is there a setting to allow Most Privileged or something that allows me to be a team member and still perform administration of the project?
Don't use explicit Deny permissions -- an explicit Deny overrides explicit Allows. "Not Set" is what you're looking to use -- that means "deny, unless otherwise allowed".
The problem is that "Deny" will override any other permissions. Deny always wins.
you can do 2 things
Remove ADMIN from the team group. An admin account shouldn't need to
be a member of a contributors group as admin is a superset of the
permissions given to contributors.
If for some reason you cannot remove the account from this group then
change the permissions. TFS permissions have 3 states. Allow, not set, Deny.
As the deny is causing the issue, then change the
permissions to "not set" this will still prevent members of the
contributors group from being able to manage permissions, but will
stop overriding the admin users permissions

VSO Share Repository Browse Only?

Not exactly like this - How to publicly share a Visual Studio Online Repository? - I am trying to share the source code repository (Git) from Visual Studio Online to registered stakeholders. They need to get at the latest stuff at the Master branch to eval it along with work items. How can I do that?
Thanks.
If you have people with a Stakeholder license they won't be able to see the code. The Stakeholder license only gives access to:
View team dashboards and portfolio backlogs
View, add, and modify items on the backlog
View, create, and modify work items such as stories, features, and bugs
View, create, and save queries
Create and receive alerts when changes are made to work items
Submit, view, and change your feedback responses.
For people to see the code, they will at least need a Basic license. If you then want to restrict their access, you can do so by creating a TFS Group and setting the correct permissions. In this case, you want to limit the Code permissions to only Read so they can't modify the code.
See Permission reference for Team Foundation Server for more information.
This means there is no free way to allow users to read your code. You do start with 5 free basic licenses however, so if that's enough you can assign those to your users.

How do I grant permissions to manage test plans in VSO?

I am unsure whether this is the correct stackexchange site to ask this question, however it is about software tools commonly used by programmers (sort of).
I am collection administrator of 100s of .net projects that I have recently migrated from an on-premise TFS to VSO. I am receiving requests from developers to grant them permission to create/manage test plans.
Now, these developers are members of the "Developer" and "Contributor" groups and as such have the following permissions:
But even so, they are unable to create test plans (using Microsoft Test Manager 2013). I have searched throughout the VSO control panel and I cannot find out why my developers don't have permission to create/manage test plans.
Even the documention provided by Microsoft seems to fall short when it comes to managing permissions in VSO.
Any help is much appreciated. How do I grant my developers these permissions?
Edit: I should add that I myself am able to create test plans. I have compared my permissions in a given project with one of the developers and they are pretty much equal (with some unrelated exceptions like deleting projects).
You can control the "Manage test plan" permission on area node level.
Go to area part, right click on the area your test plans belong to and then click on "Security"
Now you can grant rights for managing test plans:
If the area "Manage test plans/suites" permissions are set to allowed as suggested above and you still can't create test plans, don't forget to adjust the Access levels of your user!
Basic users (which should be default) can't access the test case management even if they have the right permissions.
This does not work in the local install I have done. It is stating that advanced permissions is deprecated. And the link to learn more goes no where.
For those that haven't found a solution even turning all the options provided in Elena's answer, you can check this out:
https://developercommunity.visualstudio.com/content/problem/80055/cant-add-a-new-test-plan.html
It seems that Microsoft ask you for a subscription in order to manage test plans. If the user doesn't have a subscription, even if you add him to the project administrator group, he won't be able to create test plans.

What permission controls the Iterations checkbox in TFS 2013?

I would like to grant a user the ability to check and uncheck iteration checkboxes for a specific iteration path in a TFS 2013 Team Project. This person is a scrum master and would like to be able to manage the iterations that appear in the Team backlog.
I have granted the following iteration level permissions but the checkboxes are still read-only for the user.
The only way I have found to grant edit rights to these checkboxes is by adding the user to the Project Administrators group which I would rather not do. Is there another way to do this?
As you can see on the authorization matrix on MSDN, the Schedule Sprints activity is possible through the Team Administrator.
This blog post explains some more advanced TFS admin tricks to further limit and control similar permissions.

Resources