I am new to TFS.
How to give file level Check in access to the user or user group in TFS 2013?
For example, my ASP.NET MVC project has around 50 .cs files and for the contributer "someone" I want to give the Check in access to only 10 files.
Is this possible in TFS?
For your question "is this possible?"
Yup it is very much possible in TFS to control the access rights at the file level. But it can be a painful process depending on how those 10 files are located within your folder structure. If you manage the access rights to TFS at individual user level (not using AD groups) then I would advice you to define new TFS groups and classify users based on their check-in rights and this way it will easier for you to manage.
Let me know if you need any clarification.
Edit: Screenshots added
Right click the file -> Advanced -> Security
Now within each group (Contributor, Builder etc), you can define the check-in/checkout rights.
Related
I have my TFS server and it has multiple branch like Dev,Test, UAT and Main. my problem is I have some security concern regarding web.config resides under Main branch. I want so access mechanism using which I can apply access permission on single file only.
I need that my team lead can only able to see that web.config file resides into Main branch but my developers can't see it.
how is this possible using TFS 2013?
Yes, this could be achieved. The simplest way is through source control explorer, select the file in Main branch from source control explorer and right click it, choose security.
On the pop-up dialog, you could be able to change the related permissions of this single file xxx.config.
In TFS deny trumps allow, then simply change the read permission for the group of developers from allow to deny.
I would like to know how I can secure an Area (folder within project) - i.e. give access to external consultants for reading and writing.
But I do not want them to be able to access other folders within that Project.
I know how to assign access to the folder (defined Area), but I'm not sure how I can safely remove their rights on the Project without cutting off their access to the folder (Area).
Any help appreicated.
It depends wither you mean Area Paths or Source Control folders.
!!Source Control
In TFVC you can open the web access and go to the code tab. There you can right click on any folder and select permissions. Her you can use any fine grain you like and control inheritance.
In Git you can only control permission ls at the Repository and Branch level.
!!Work Item Tracking
If you open the web access and go to the administration section (cog on top right) and then the Area Path tab you can control the permission in the same way you can with source code. If you have VSTS or TFS 2015 Update 2 you can also control inheritance.
!!Real solution
However any sort of compartmentalisation comes with significant overhead of managing it. If you are a defence company or bank and there is that one folder that you don't want externals to have access then it's easy. Remove inheritance for that folder and only allow specific access.
Anything more and you run into complexity and friction for users. Ultimately you should trust everyone you give access to your Team Project. Ifnuoy don'ttrust them, then don'tgive them access...
Go to the Administer Server page and create a new TFS user group.
Add the users to the TFS user group.
Go to the Code screen, right click the folder and choose Security. Next add the TFS User Group you create and give them the rights you want:
We use TFS as source control. In TFS we host a solution consisting of multiple Visual Studio projects. We do not want our contractors to see the source code of ONE of these projects (limited users should still see all compiled assemblies). What is the best way to achieve our objective without setting up two repositories and having to synchronize all code changes between them?
I would recommend that instead of just changing the permissions in place that you move the projects that you want to protect to a separate folder with its own solution. Secure that folder as above. You can then build it separately and deploy it to an internal nuget repository.
you can then reference that repository from within the Visual Studio package manager and it will be managed as an external dependency. If you update and publish the other solution then the other devs will be notified of updates..
You control access rights to a folder by selecting Advanced->Security from Source Control Explorer. From there, you can turn off security inheritance for the item(s) you need to protect. Then, create a TFS-specific group containing the 'limited users' only and only allow them access to the particular project folder. Alternatively, create a group for the contractors and deny them access.
This is based on VS/TFS 2012.
But my guess is that you will also need to create a specific solution for the contractors that doesn't have the particular project included.
Is it possible to grant an Windows Group Rights "Reading Rights" to an whole Collection?
By "Reading Rights" I mean that anyone in this Group can get the Sources out of TFS but can not check-in something or Edit "Tasks" oder Launch Builds or anything else.
I found no such things in the Security Settings of the "Team Foundation Administration Console" on the Server.
There is actually a much easier way to do this. Open up Source Control Explorer for the Team Project Collection you would like to set this permission on. In the tree-view on the left, right-click the top-most node (which likely has your collection name in it) and select "Security". This will bring up the security options that take precedence over the whole collection.
From here, find the group that you would like to grant this permission to and select them. Next, in the permissions area, grant them the "Read" permission. This will allow everyone in that group to view and download the source in that Team Project Collection.
Let me know if you have any other questions.
-Taylor, TFS Version Control Development Lead
You can do this by customizing the process by changing the permission for the contributions group which I not recommended, or by adding new group which has your needed permissions, see the following image
Note: you can do this by Process Editor using TFPT (Team Foundation Power Tool) or by customizing the XML files directly.
I'm new to Team Foundation Server 2010 and I have a question about permissions.
Is it possible for a project to inherit permissions from a project collection? I want to setup a custom contributor group at the project collection level and add the developers to it. Each time they create a new project I want to inherit the permissions from the project collection. That means I don't have to explicitly add the developers to the project each time they create one.
Maybe there is some other way of doing this and not having to setup a custom contributors group? Any help would be appreciated!
I would recommend setting up some Active Directory Groups along the lines of:
TFS Contributors
TFS Administrators
TFS Project Managers
(You could also do this for specific projects. You get the idea.)
Give these AD groups the permissions you need, and simply add/remove the developers to the AD groups. If you can get the ability to manage the AD group, this will be much simpler that administering through the TFS admin tools.
Hopefully, you'll already have AD groups that fit these needs, saving you the trouble. Maybe a team-wide distribution list, for example?
You can create collection level roles (TFS Groups) and edit your process template to grant permissions to those roles so there are set by default in every new project.