VSTS Project Security at the Collection Level? - tfs

We are trying VERY hard to come up with a method to apply security to all of our projects without having to add to each project individually. We have 1300 projects to migrate from other source control to hosted projects on VisualStudio.com.
How do you recommend adding security groups at the collection level to control 1300+ projects using inheritance.
Any pointers?

In TFS/VSTS there are different levels or group/permission settings:
Server-level (TFS)
Collection-level
Project-level
(object-level) eg:Build ...
Refer to Permissions and groups in VSTS and TFS for details.
You need to set them based on your requirements accordingly to make the system working as expected. That means you have to set them separately and for each team project individually. We cannot achieve that by simply set it only on Collection Level.
Default permissions and access for VSTS and TFS for your reference.
However in VSTS we can crate groups (eg: Developers, Testers ...) and add users to the groups accordingly, also can add them to multiple projects during adding the users:
Manage Settings(gear icon) --> Users --> Add new users --> Enter the user eamil address --> select Access level --> Projects --> Add all --> set other options ... --> Add

Related

TFS Customized security groups at collection level

We have group of developers, Testers & BA's who will work for more that 30 projects under collection, so instead of adding them for each project want to create security groups at collection level so everyone will have access to all the projects under collection.
On TFS, we want to have customized groups like Developers, Testers, BA's at collection level so they will have access to all the projects so that I don't need to add them for each project.
So instead of adding them for each project want to create security groups at collection level so everyone will have access to all the projects under collection? So how can I do that!!!
You can try to add the new customized groups as members of the "Project Collection Administrators" group. This will grant access to all projects in the collection, including the futures ones.

Where do you add a TFS 2017 (on prem) user to be able to modify test suites?

I'm a TFS project administrator.
I'd like to add a member of the team to whatever group is needed so that they can manage test plans/export test suites and the like.
The simplest way is just adding the user to Contributors group for a team project, which will have the manage test plans and test suites task.
Note: Stakeholders cannot create or manage test plans. You must have at least Basic access.
If you don't want to add the user to default Contributors group in project, you could also directly assign permission to him or by creating a new group, permissions can be given at Project level and at Area path level(Manage test plans & suites permission).
More details please refer: Default manual testing permissions and access
Update
work- Areas- Right click area - select Security- Contributor

change check-in setting for entire project

We have a TFS server setup with three projects. Recently we wanted to change TFS so that code checkins had to have a Work Item Number associated with it. I was able to accomplish this by:
In Visual Studio
Team -> Team Project Settings -> Source Control
Then select checkin policy tab and add "Require associated work items."
Source
The problem is that it only seemed to work for one of the three (the first one) projects. I've tried Team -> Team Project Collection Settings but there is no option for the checkin policy.
I've also tried highlighting the individual project I wanted to change the check in policy but they all seem to show that the checkin policy has been setup correctly for requiring a work item with code checkin.
How can I change the settings that all the projects on the TFS server have the same checkin policy?
Check-in policies are set per team project. There is no global meaning collection or server level way of setting and enforcing check-in policies on all of existing and future team projects. You will need to add appropriate check-in policies for each and every team project you need using the project level source control setting in Team Explorer. You can also use TFS client SDK to automate that process to iterate all or some of the existing team projects and add check-in policies. Another option is to take advantage of TFS server side events to get notified when a new team project is created and add check-in policies in response in case of automating the configuration of check-in policies for newly created team projects.
Team Foundation Server Event Service

Areas and iterations, permissions required

What are the correct permissions/settings to allow an user to create/edit areas and iterations?
I have an user that is getting this message in the admin section of areas or iterations:
You do not have one or more permissions required to update the iterations for this team
The weird thing is that the user can indeed create/edit areas and iterations, this user is part of a TFS Group I created for the Project, the Security properties of this group are:
Create test runs - Allow
Delete team project - Not Set
Delete test runs - Allow
Edit project-level information - Not Set
Manage test configurations - Allow
Manage test environments - Allow
View project-level information - Allow
View test runs - Allow
The Security of Areas and Iterations have allow to everything.
This used to be enough in TFS 2010, but it don't know why the message appears in TFS 2012.
Another thing, If I change the Security Property of "Edit project-level information" to Allow the user does not get the message, but in TFS 2010 this setting allowed users to change the permissions of another users and I don't want that.
U can use TFS Sidekick to effectively see how a users inherited different permissions on the different area's in TFS. U can use this tool to check out other projects where the permissions work and see if the adjustments u made had the effect u wanted. I dont advice to change permissions by this tool but use the administrator console to give this permissions to the group u want to.
Tfs 2012 Sidekick
I don't know if its the correct answer, but i added my custom group to the Project "Team". I have to read more about this Teams thing in TFS2012.
You (as project admin) have to use security policies on Iteration and area nodes from project web portal. (ex: http://tfsxxxx:8080/tfs/<collection>/<project>/_admin/_iterations ..../_areas).
Select an iteration or area node, right-click and select Security in order to set right to:
Create child nodes
Delete this node
Edit this node
View permissions for this node

Team Foundation Server 2010 Project Collection and Project Permissions

I'm new to Team Foundation Server 2010 and I have a question about permissions.
Is it possible for a project to inherit permissions from a project collection? I want to setup a custom contributor group at the project collection level and add the developers to it. Each time they create a new project I want to inherit the permissions from the project collection. That means I don't have to explicitly add the developers to the project each time they create one.
Maybe there is some other way of doing this and not having to setup a custom contributors group? Any help would be appreciated!
I would recommend setting up some Active Directory Groups along the lines of:
TFS Contributors
TFS Administrators
TFS Project Managers
(You could also do this for specific projects. You get the idea.)
Give these AD groups the permissions you need, and simply add/remove the developers to the AD groups. If you can get the ability to manage the AD group, this will be much simpler that administering through the TFS admin tools.
Hopefully, you'll already have AD groups that fit these needs, saving you the trouble. Maybe a team-wide distribution list, for example?
You can create collection level roles (TFS Groups) and edit your process template to grant permissions to those roles so there are set by default in every new project.

Resources