The Code tab in a Team Project's TFS web portal allows users to check in/out items. Is there a way other than assigning users to the Stakeholder access level to prevent them from being able to check things in via the Web Portal if they have the permissions to actually check into a Team Project? It seems like you cannot explicitly exclude the Code tab form the Default or Advanced access levels, nor can you define a custom access level.
Our issue with the check in of an item from the Web Portal is that it does not evaluate any check in polices, nor can you associate the object you are checking in with a Work Item. We to want enforce developers using only Visual Studio to check in items into source control.
TFS doesn't provide the feature to stop users from checking in at web page. The workaround it to give the access level for your users.
Here is an user voice about your issue that you could vote and add comments: https://visualstudio.uservoice.com/forums/330519-team-services/suggestions/19026091-prevent-users-to-check-in-changes-from-tfs-web-pag
Maybe that you could consider to user Git version control in TFS. In Git repository of TFS, it provide git branch policies that may solved your issue. This is much similar to the check in policies.
Here is a document about move from TFVC to Git: https://www.visualstudio.com/learn/migrate-from-tfvc-to-git/
Related
I am developing an extension for TFS (Team Foundation Server), specifically version 2017, using JavaScript.
In this extension, I am adding a Hub Group (see picture below)
However, this Hub Group should only be accessible/visible to certain users.
How do I accomplish this? I have not been able to find this feature in the TFS extension tutorials and documentation.
Sorry, it's impossible either from extension side or permission side. Even with the build-in hub group such as Code/ Work /Build and Release. There is also not able to directly hide the hub group. Unless you change the access levels.
Assign Stakeholder access to those users who need to enter bugs,
view backlogs, boards, charts, and dashboards, but who don't have a
TFS CAL. Stakeholders can also view releases and manage release
approvals. Stakeholder access is free.
Source Link: About access levels
See Stakeholder access for details of features available to stakeholders.
Most extensions require that users have at least Basic access, not Stakeholder.
In your case, I will not suggest you directly change the user access level. Since he will also lose other features he had before. As a workaround, it's able to forbid him to see or use the things under hub group/hub you have on TFS. This is another concept called Permissions in TFS.
For example, you could be able to deny the Read permission for branch/folder level
Read
Can read the contents of a file or folder. If a user has Read
permissions for a folder, the user can see the contents of the folder
and the properties of the files in it, even if the user does not have
permission to open the files.
I have a user who is a stakeholder in VSTS. He needs to be able to access a branch in the project I am working on. So he can work on it then commit to it. I don't want him to see any other projects I have on VSTS. Is this possible? I don't really want him to be able to access the other branches but it doesn't matter too much - hiding the other projects is more important.
Actually people with Stakeholder access level could not commit their work on branch.
Assign Stakeholder access to those users who need to enter bugs,
view backlogs, boards, charts, and dashboards, but who don't have a
TFS CAL. Stakeholders can also view releases and manage release
approvals. Stakeholder access is free.
Source Link: About access levels
See Stakeholder access for details of features available to stakeholders.
The user should have either Basic access or VS Enterprise which include code feature.
Moreover, it's able to forbid him to see any other projects you have on VSTS. This is another concept called Permissions in VSTS. Do not add him to any other project team group expect the one he will work on.
You could also be able to deny the Read permission for branch/folder level
Read
Can read the contents of a file or folder. If a user has Read
permissions for a folder, the user can see the contents of the folder
and the properties of the files in it, even if the user does not have
permission to open the files.
I need to restrict access to source code for certain users (e.g. testers from a third-party company), but still give them access to the project for logging bugs etc. How can I achieve this? I cannot see a permission in the security tab that relates to source code access.
Assuming TFVC: Right click on the folder you want to exclude from the "Code" tab in the web and go to "Security". If you're using Git, choose "Manage Repository".
The Security area in the admin console does not show security for all aspects of the application.
I was able to achieve this in GIT TFS by removing the users from the "Contributor" Group.
In Visual Studio Online, is it possible to have a user that can access things such as the product backlog, but are unable to access the code (read or write)?
Yes. Permissions are quite granular in VSO.
There's no default group with those permissions, so you'll need to create a new group in the admin pages. Give that new group permissions to the work items, etc (look at the settings for the contributors group to see an example) and in the version control tab ensure that all the permissions are set to deny for each of the available options.
After that, just add users to that group and you should be good to go.
Yes, it is also available by default in the (free) Visual Studio Online Stakeholder plan that was recently released.
We use visualstudio.com hosted TFS service.
I need to add a QA / tester to our TFS account, but I do not want them to have any access to our code. Simply just access to the GUI to report bugs, nothing more.
Any tips? Right now I believe when I add the user to the project, they can access our code.
You can secure the "Code" separately from the Work Items by going to the "Code" tab and selecting the dropdown next to the project name and selecting Security.