I have a TFS instance and I want all the users in corp network to be able to access that TFS link. Is there an easy way to do this other than giving each user /security group permission in TFS settings. Similarly I have a requestor field in the TFS form and I want all these users name to be populated in that drop down. How can I achieve this?
You realize that you need a TFS CAL for each user?
You can create a group in your domain where you add all users then give TFS access to that group.
Related
My TFS installation in on premise and I would like to add users to a project allowing them to create and edit work items, but not work as a developer who can create branches or check in code. Is there a default group like that?
I do not see anything in the permission list that mentions code rights.
That's exactly what the stakeholder access level is for. Access levels are different from security groups. Stakeholders don't even have the ability to see the Code tab.
We're using TFS 2013. The problem we're facing is this:
Several Active Directory users are listed in TFS under the Control panel/Security/Users, but not all.
Where can I control which AD users will also be able to access TFS?
The displayed names are only the names that have been assigned to something and synched into the TFS db's by the AD sync service. If you enter in the full AD name of a valid user in any of the security assignments it will end up showing in the user select list after the next sync run (every hour if I remember correctly).
I.e. you can assign users that are not displayed in the list.
I can successfully setup a feedback request but I can only add one stakeholder at a time. I thought I'd setup a TFS group and it would send the feedback request to each of the members of that group. No such luck, turns out the TFS groups don't even show on the list of stakeholders in my setup.
TFS Permissions on the group. Please let me know if you need any other information.
What am I doing wrong?
The submitted feedback will be sent to stakeholders via email. There's no email address for TFS group, so it is not possible to select TFS groups as Stakeholders.
You need to:
Create a group in Exchange or mail-enable an existing group in Active Directory, create one email address for the created group. (Check this for the details.)
Add the created Windows Group to TFS, and grand it with the required permissions. (Check this for the details.)
When submit the feedback request, type the group alias created in Step1 and click "Check Name". Then, the group will show up correctly, and requested feedback will be sent to everyone in that group.
I also tried a lot of ways to add a tfs group to stakeholder, but prove to be no way to add a tfs group, stakeholder can only show windows group. You can click "Browse" to select multiple users at a time or add a windows group to TFS group and then select this windows group.
I would like to grant a user the ability to check and uncheck iteration checkboxes for a specific iteration path in a TFS 2013 Team Project. This person is a scrum master and would like to be able to manage the iterations that appear in the Team backlog.
I have granted the following iteration level permissions but the checkboxes are still read-only for the user.
The only way I have found to grant edit rights to these checkboxes is by adding the user to the Project Administrators group which I would rather not do. Is there another way to do this?
As you can see on the authorization matrix on MSDN, the Schedule Sprints activity is possible through the Team Administrator.
This blog post explains some more advanced TFS admin tricks to further limit and control similar permissions.
We have a situation where TFS was taken into use when we all had 2 user accounts. We started using TFS with account A but, after a while, found out that account B was better. In the end we want to use the A accounts only for RDP sessions. We would now like to remove all the A accounts from TFS so that we don't make mistakes in assigning tasks to a person.
Deleting the old accounts from the AD is not an option, we still use those accounts for RDP sessions. What we did was migrate all the WI's from account A to account B. Thereafter I removed all permissions for the old A accounts, with in mind that TFS would clear those accounts since they are no longer in use. The double account in the assigned-to field
Unfortunately the old accounts are still visible despite they are no longer involved in any project or group. No rights for the (development) user
How can we remove those accounts from TFS? Maybe there is somekind of cache that needs to be cleared somewhere, or a rebuild of the warehouse?
Thanks in advance!
By Default the Assigned To field shows the list of all Valid TFS Users (this is a specific TFS Group). So if you don't want somebody to show up in that list you have to make sure they are not in the Valid TFS Users group. If you inspect this group in the TFS Admin interface you can see which other groups are members of it. Now it's just a matter of tracing through the many TFS security groups to make sure that those user accounts are not included anywhere that would result in them being part of TFS Valid Users.