Does anyone have an easy way to see who made a change to a TFS Collection's Global Settings?
You can get the information from Activity Log.
To see the Activity log, just go to http://<yourserver>/tfs/_oi if you have admin privileges.
You can filter the activities if you know the certain identities.
You can reference below screenshot, I changed the security setting in collection level, then can find the specific activity accordingly in the log.
Related
Is there a way in TFS that user have permission to add Issue in a project and should not have permission to add/edit other work Items like User Story etc ??
is there any extension or utility to do this on TFS ??
You cannot restrict the editing of specific work item types. Permissions are controlled at the area path level. A user with permissions to create work items under an area path can create any type of work item under that area path.
No, there is no such build-in configuration. It's also not able to use any extension or utility to do this on TFS.
Permissions for work items are based on the areas/iterations where they occur, and are set through the dialogue that defines areas and iterations.
In other words, you are not able to set any permission either to a specific work item or work item type.
You could submit a user voice here, our PM will kindly review your suggestion.
There is only one out-of-box way to do this: Create child nodes, modify work items under an area path. You may try the following:
Create new team and area path for Issues Team Add a team, move from one default team to several teams.
Edit Security for the Root Area Path and restrict edit work items for the Issues Team.
Edit Security for the Issues Team Area Path and allow to edit work items for the Issues Team.
In this case, your Issues Team can create and edit any work items under Issues Team Area Path, but can not edit any other work items.
I am using Folder plugin and AD groups to control access to folder. This morning a team can't access their project anymore and later I found the AD group assignment in Assign Roles has been changed to wrong groups. Is there a way to find out which id did it? We only have a few admin ids.
Jenkins does not appear to keep an audit trail by default, as stated in this post on cloudbees.com, the folks that develop Jenkins.
The relevant lines:
Many Jenkins users look for a recommend a strategy for keeping an audit trail. This article is supposed to be a gap filler until more comprehensive compliance capabilities in JE/JOC are developed.
There are two open source plugins that enable you to track “WHO did WHAT?” in Jenkins:
...
The first plugin listed is Audit Trail Plugin which looks to provide exactly what you are seeking.
The description from the plugins page:
Keep a log of who performed particular Jenkins operations, such as configuring jobs.
This plugin adds an Audit Trail section in the main Jenkins configuration page. Here you can configure log location and settings (file size and number of rotating log files), and a URI pattern for requests to be logged. The default options select most actions with significant effect such as creating/configuring/deleting jobs and views or delete/save-forever/start a build. The log is written to disk as configured and recent entries can also be viewed in the Manage / System Log section.
I spent a few minutes looking through Jenkins various xml and log files, but could not find a log that contained something useful (username and/or timestamp). In this case it seems user auditing isn't built into Jenkins as of yet. Unfortunately it appears that you might not be able to determine who made those changes after the fact.
I have created custom checkin policy for TFS. It is deployed to the client system. I have added the custom checkin policy for project collection in TFS. But I have a number of clients that have not installed the custom checkin policy, when these developers want to check in, Visual Studio shows an error
Internal error in Check for PMS Details. Error loading the Check for PMS Details ...
So I want to apply the custom checkin policy for certain users. For example the user is admin then no need to run the custom checkin policy.
As others mention, the policy needs to be installed on the Client machine to work. There is no getting around that. You can, however, in the policy itself check the Identity and group membership of the user doing the check-in and skip the policy validation (always return an empty array of PolicyFailures) in that case.
I have been working on such a policy, but never found time to finish it. The policy I have been building works in the same way as the ConditionalPath policy that ships in the TFS Power tools. Basically it wraps another (set of) rules and places a condition on their execution.
Custom policies need to be installed onto the client system, they are not centrally processed.
A check in policy can be scoped only to the project level within TFS, as far as I am aware you are unable to limit a policy in any other way unless you handle this within the policy itself.
You must install your check-in policies on all TFS Windows clients, otherwise you get the nasty error.
A conditional policy can be implemented in two ways.
set the condition inside the custom policy code
use a Gated check-in build and customize the Build template
There is a third option, a Server side event handler, but I generally discourage it.
I created a tfs group that would work on a specific project located in a collection. Now we're using work items to track bugs etc, but that group doesn't have access to those work items via the Team Web Access portal. I don't want this group to have access to all the projects in the collection, just the one they are working on. But i need them to be able to access work items that come up.
Currently when they access the Team Web Access portal, they get message indicating there are no accessible team projects in this team project collection.
if they can access their code in the collection already, how come they can't see the work items, and how can i change that, but still limit what they see?
Ok, found what i was looking for after some time. for the benefit of the community here is where that hidden security setting is done.
For the new group, i needed to go under Team/Team Project Settings/Area and Iterations!!!!
Yes, this silly place to but a SECURITY button. If you go in there, click the security button on the bottom of the dialog, you will then see ALL the WORK ITEM related permissions.
EDIT work items in this node;
Manage Test plans;
View this node;
View work items in this node.
I needed to check all of these to ALLOW.
Again, seems like a stupid place to put these settings, than with all the other security settings via TEAM Project Settings. I hope they had a good reason for that.
They will need the View collection-level details permission added to their group (at the collection level). By default, the Project Collection Valid Users group has these permissions, so you can just add your group as a member of the valid users group.
this may sound like a silly question but our IT department wants us to use their approved backup tool instead of using the standard back solution that comes packaged within TFS2010. My question is, is there a config file holding all settings found within the TFS Admin Console or are all these values saved within the TFS_Configuration table.
Please note that we are using TFS2010
Thanks
The settings are indeed stored in the config database.