I am unsure whether this is the correct stackexchange site to ask this question, however it is about software tools commonly used by programmers (sort of).
I am collection administrator of 100s of .net projects that I have recently migrated from an on-premise TFS to VSO. I am receiving requests from developers to grant them permission to create/manage test plans.
Now, these developers are members of the "Developer" and "Contributor" groups and as such have the following permissions:
But even so, they are unable to create test plans (using Microsoft Test Manager 2013). I have searched throughout the VSO control panel and I cannot find out why my developers don't have permission to create/manage test plans.
Even the documention provided by Microsoft seems to fall short when it comes to managing permissions in VSO.
Any help is much appreciated. How do I grant my developers these permissions?
Edit: I should add that I myself am able to create test plans. I have compared my permissions in a given project with one of the developers and they are pretty much equal (with some unrelated exceptions like deleting projects).
You can control the "Manage test plan" permission on area node level.
Go to area part, right click on the area your test plans belong to and then click on "Security"
Now you can grant rights for managing test plans:
If the area "Manage test plans/suites" permissions are set to allowed as suggested above and you still can't create test plans, don't forget to adjust the Access levels of your user!
Basic users (which should be default) can't access the test case management even if they have the right permissions.
This does not work in the local install I have done. It is stating that advanced permissions is deprecated. And the link to learn more goes no where.
For those that haven't found a solution even turning all the options provided in Elena's answer, you can check this out:
https://developercommunity.visualstudio.com/content/problem/80055/cant-add-a-new-test-plan.html
It seems that Microsoft ask you for a subscription in order to manage test plans. If the user doesn't have a subscription, even if you add him to the project administrator group, he won't be able to create test plans.
Related
I am developing desktop application using Microsoft Graph API. Application needs to write feedback for a specific assignment on Teams. The problem is that I don’t have an Assignment tab in Teams and I can’t test the application. Does anyone know how I can solve this?
If you’re working for a software company, you can choose to become a Microsoft Partner. The cheapest way is by buying the Action Pack which costs $400 if I’m correct.
Once you’re a Microsoft Partner, you can go to demos.microsoft.com and request a Demo tenant for testing applications (be sure to pick the education demo tenant)
If it’s for a brief test, and you can figure out my e-mailadres (see it as a quest, you should be able to). I can maybe provide you with an temp account for a few days.
You would require a Teams Education License in order for using Assignment Tab. Here are the further details.
I have been converting access to Team projects using Active Directory groups.
I am a project collection admin and we host around 40 odd team projects.
On all the other proects everything is fine, I have been able to add all the AD groups I needed to the Various TFS groups that exist in a Team Project (Contributors, Readers etc).
When I come to the problem project I can see the add button, and I am able to search for and select the AD group I want, but when I click save, I see a red banner message with the text:
Unable to add members to this group.
Failed to resolve the specified groups to join.
You do not have sufficient permissions to add members to the following groups:
[Team Project]\Build Administrators
I have looked at the oi and all I can see around the time of the issue are activities reporting a 200 response.
I am looking at the api and the database to see what I can do but not sure where to start. I thought I might be able to see something about security but it is asking for a guid that I am not sure how to get hold of.
Looking at the database I thought there might be a security table, but not sure where to start.
I'm going to keep looking at what to do, so I am going to keep this updated
update 2019-03-27
We have a support call open with Microsoft, I still have issues managing the teams, but I have been able to update the team via the Apis, I even found a useful little CLI tool to help with the tasks I needed to do.
In my case, I was trying to add someone to a group that I was in - which I don't need since I'm a Project Administrator. Once I took myself out of the group, I was able to add others again.
Got the answer and the fix worked.
After a lot of back and forth, sending files and running some tfssecurity queries, they were able to determine the problem.
What I had done was add the domain User AD containing our project collection admin account in as a project reader, as the security on tfs works on a least level principle it was then applying a deny permision on my Project collection admin account, by simply removing the AD group from the reader level, which I was able to do, the ablity to manage the securities came back.
I havent been able to find the specific group that I belonged to that then set the deny, but there is no denying that removing the AD group from the reader level fixed the issue.
My TFS installation in on premise and I would like to add users to a project allowing them to create and edit work items, but not work as a developer who can create branches or check in code. Is there a default group like that?
I do not see anything in the permission list that mentions code rights.
That's exactly what the stakeholder access level is for. Access levels are different from security groups. Stakeholders don't even have the ability to see the Code tab.
As you know, in TFS 2013, from a permissions point of view, we have 3 licences available to us:
Stakeholder
Basic
Advanced
As far as I am aware, Advanced is the only way of accessing 'TEST' area (Test Case Management), however, is it possible to create 'custom' security licences as we would like to give access to certain users to the 'TEST' area but not have them access other areas where they can create other WITs or potentially modify open WITs - We just want them to be able to view and run Test Cases + create a BUG where required.
We are using TFS 2013 On Premise.
No, we cannot achieve that. We cannot custome the access levels to add/reduce the supported features for each level.
For TFS 2017 and earlier versions, you should assign the Advanced
level to those users for whom you've purchased the full Test feature
set.
Advanced access level include all Basic features. And TFS doesn't provide a more granular permissions settings. So we cannot restrict the users who in Advanced access level to only view and run Test Cases + create a BUG. That is contradictory. We can only set the user permissions based on the existing options.
Please see About access levels; Change access levels and Permissions and groups in VSTS and TFS for more information.
I've been reading some feature request-style threads in Atlassian's own JIRA install on how to disable (not remove) users in JIRA, and their suggested solution involves a series of UI actions. For the number of users that our organization supports, this needs to be automated with the rest of our employee account provisioning logic.
I've been looking in the JIRA database and found the membershipbase table, but simply removing records from here WHERE USER_NAME="$username" doesn't seem to have a completely successful outcome. When I go to the User Browser in the Administration section and look up that user, groups still appear for the user.
Does anyone have any experience with this that could point me in the right direction on any other tables I need to modify?
Thanks in advance,
-aj
Maybe you should take a look at Atlassian's Crowd. Even if you don't use SSO, it may help you to integrate with your existing infrastructure for handling authentication and authorization (i.e. groups) centrally. It also provides an administrative frontend that is designed for the corresponding tasks.
You could have a look at the EditUserGroups.setGroupsToLeave() method. As far as I remember, users need to be in the jira-users group to log in. So, if you remove this group from the user, it may be effectively what you need (not delete but deactive user acount).
If this does not help, I'd look into the source code of JIRA (which is available for all types of licenses afaik) to see which tables are modified by the above method.