Using TFS 2017 Update 3, we've defined a variable group in project A, security is setup to share with "Project Collection Valid Users" as "User". When trying to Link Variable Group from Project B, the list is empty.
Link Variable Groups
Any idea?
Note that I've also configured security directly on my user account which is team member of both projects... no success
Microsoft documentation does not contain any sharing information: https://learn.microsoft.com/en-us/vsts/build-release/concepts/library/variable-groups
You can't. Build and release definitions, along with all associated stuff (like task groups and variable groups) are scoped at the Team Project level. This is one of many reasons why it's recommended to keep everything within a single team project.
Related
We have group of developers, Testers & BA's who will work for more that 30 projects under collection, so instead of adding them for each project want to create security groups at collection level so everyone will have access to all the projects under collection.
On TFS, we want to have customized groups like Developers, Testers, BA's at collection level so they will have access to all the projects so that I don't need to add them for each project.
So instead of adding them for each project want to create security groups at collection level so everyone will have access to all the projects under collection? So how can I do that!!!
You can try to add the new customized groups as members of the "Project Collection Administrators" group. This will grant access to all projects in the collection, including the futures ones.
I have almost 400 projects to create in my TFS project collection in TFS 2017. I don't want to have to create and configure each project, one at a time. I'd like to create a custom process template, which seems easy enough to do, but I can't find how to add an AD group to the Project Administrators group.
The GroupsandPermissions.xml file allows the creation of new groups but doesn't accept the Project Administrators group as an option. I've read here where others have tested it. Also the macro for project administrators is reported not to work because the group already exists.
Any ideas how to add an AD group to project administrators in the process template or otherwise?
I am new to Team Foundation server.
1)What is meant by collection in TFS?
2)How can me and my friends work on a project using TFS?
1)What is meant by collection in TFS?
Simply saying a team project collection is a group of team projects in TFS.
When your Team Foundation Server (TFS) hosts multiple team projects, you can manage them more efficiently by grouping them together and assigning the same resources to them. For example, you can group projects that have similar requirements or objectives, such as all team projects that access a particular code base. You can then manage the group of team projects as an autonomous resource with its own user groups, server resources, and maintenance schedule.
A group of team projects is called a team project collection. When you install TFS, a default collection is created to contain all team projects. When you create a collection, you specify the logical and physical resources that team projects within that collection can use. All the artifacts and data that those team projects use are stored in the single database of the collection.
See Manage team project collections in Team Foundation Server for details.
2)How can me and my friends work on a project using TFS?
Too much content for this question. Suggest you reading the Quickstarts documents first.
Basically you need to do following things first:
Create a team project
Add users to a team project or specific team
Add administrators, set permissions at the project-level or project
collection-level
Connect to TFS --> Version Control --> Build/Release
Please refer to the Guide link for each related point : https://learn.microsoft.com/en-us/vsts/?view=vsts#pivot=start
Also here is a simple guide for your reference to Get Started with Team Foundation Server 2015
If I load up TFS Web Access and go to Security > Users, I only see the 3 people I've added to my team. However, when I try to assign a task to someone in Web Access or in Visual Studio, it lists a bunch of users from the domain (not all users, looks like all IT people). Where does this come from? How can I change it... without exporting, editing and importing files via command line?
update: I found this line in the MSDN documentation:
Team Foundation \Team Foundation Valid Users
Members of this group
have access to Team Foundation Server. This group automatically
contains all users and groups that have been added anywhere within
Team Foundation Server. You cannot modify the membership of this
group.
I really don't understand... this is our own team's server, a separate install from the main dev team. I have no idea how these other 30 or 40 users got in this group. Major bonus <3 for any help on this. MikeR's answer will allow me to set administrators as the only assigness which will technically fix the issue, but I'd rather be able to use the groups as they were intended if possible.
The problem was that [TEAM FOUNDATION]\Valid Users included [TEAM FOUNDATION]\Team Foundation Administrators which included [BUILT IN]\Administrators
In the TFS Server Administration Console I selected Application Tier and clicked Group Membership. I then double-clicked on [TEAM FOUNDATION]\Team Foundation Administrators and removed [BUILT IN]\Administrators.
Now I only see my team and not all the SQL admins and engineers that were local admins on the server. All without any command line or addons.
This list of possible assings is defined in the WorkItemTypeDefinition. Usually you would export and import this. If you have the TFS PowerTools (http://visualstudiogallery.msdn.microsoft.com/b1ef7eb2-e084-4cb8-9bc7-06c3bad9148f) installed, you can directly work with the WITD in Visual Studio.
To do this, open "Tools->Process Editor->Work Item Types->Open WIT from Server". Choose the TeamProjectCollection you want to connect to and than choose the TeamProject and WorkItemType you are having trouble with.
Check the rules for "AssignedTo" field. Default could be the "ValidUser" rule, which includes every permitted user in TFS. Remove that rule and add a new one "AllowedValues" rule with values like "[project]\Project Administrators", than only "Project Administrators" can be assigned to this Work Item.
If there is already a group defined and not all "ValidUser", remove users from the group set is set there.
I have a TFS 2010 Work Item Type with a custom field called "Requested By." This field can be populated with any name, but since most of the requests come from project developers throughout the organization, the SUGGESTEDVALUES property should populate the dropdown list with members of any TFS team project.
I have tried various values for SUGGESTEDVALUES, but both Collection\ Project Collection Valid Users and Server\ Team Foundation Valid Users seem to return every valid Active Directory account—well over 10,000 names.
I recognize that one option is to add an ALLOWEDVALUES item with multiple LISTITEM entries for Project\ Contributors for every team project, but with more than 150 team projects in the organization, this would be time-consuming initially and challenging to manage in the future.
Is there any easy way to populate the drop-down with TFS valid users who have actually been assigned to any team project in the collection, and exclude "Valid" users who exist in Active Directory but have never been assigned to a project?
What do you get if you use Project Collection Valid Users?
Project Collection Valid Users is the correct group to use, and I have entered it correctly.
However, one project team wanted to make their code available to the entire organization, and added ORG\Domain Users to the [Project]\Readers group. This was discovered by running a full audit with TFS Projects based on a hunch that something like that must have happened.
Having answered this question with "because a project team was doin' it wrong," I have posted a follow-up question to find out how to correctly grant all valid TFS users access to a specific project. See How can I grant Team Project access to all Project Collection Users? for the discussion on (hopefully) doing this "the right way."