I have installed TFS 2012 Express where I have a workspace with multiple solutions inside.
What I want to do is to create users to TFS for different solutions.
Lets say my solutions are
1-Provider
2-Mixer
3-Web
4-Control
I want to create a user who is only allowed to work on "Mixer" solution , and make changes to it. But dont want him to see other solutions("Provider" , " Web" , "Control") .
How can I do this ?
In Source Control Explorer, right click, Advanced, Security.
Deny the Read permission to the folder that contains the solution for all the users except those you want to see it.
You can also get to the security options via the Web Access under "Code" and right clicking.
Related
We have a project that has been running for a while and has some external clients. I'd like to configure TfS so that while the development team can see all the Work Items, the external clients / stakeholders can only see the work items which relate to their area and not any of the general development tasks or those relating to other stakeholders.
I tried to follow the Microsoft guidance for setting up multiple teams and areas (so will use their examples).
Areas are configured as follows
Fabrikam Fiber
-> Email
-> Web
Teams are configured as follows
Fabrikam Fiber (this team 'owns' the Fabrikam Fiber area and includes sub areas)
-> Email (this team 'owns' the Email area only)
-> Web (this team 'owns' the Web area only)
Teams have the following members
Fabrikam Fiber (whole development team)
-> Email (Adam only)
-> Web (Bill only)
So logging in as the following I would expect to see:
Development team. Can access whole project, both team projects and work items in any area
Adam. Can only access the Email team project and see work items in the Email area
Bill. Can only access the Web team project and see work items in the Web area
But what actually happens is that both Adam and Bill can see everything that the development team can (projects / work items).
What have I done wrong and how can I make this work as I would expect? I'm sure I tried this in the past and it worked fine but that project now also has the same issue. We're using TFS2017 On Premises.
Thanks!
Update 30/04/2018
Thanks for the responses!
Step 1 of Cece's answer didn't apply to me as it's a single code base but Step 2 does mean that I can prevent the user from seeing work items in the other area - hurrah!
However I'm still stuck on how to prevent the user from seeing that the other areas exists at all (so in my example I wouldn't want Email to see Web listed on the homepage - as these are client names). I had a better look at the Contributor group etc following Daniel's comment and having read the links Cece provided. Logically I would expect that I should remove the Email team from the Contributor's group as that is Project level (and then they would only have their area permissions) but then all I get is a message saying 'This project only contains a default team.' There is also a tantalising Permission called 'View project-level information' but this doesn't seem to be editable.
I seem to have hit a brick wall again so any further advice would be greatly appreciated!
You need to set both TFVC permission and area path permission:
Set permission for projects. Go the version control tab, select the project that you want to set permission, add the user, and grant Deny permission for Read.
Set permission for area path. Go to Work tab, select Security for the area path that you want to set permission, add the user, and grant Deny permission for View work items in this node.
I have an old setup with a tfs2010 and sql2008 and the current Collection is holding 3 team Projects. Now i want to create a new team project but for some reason i cant. it seems that it has something to do with the SQL Reporting that dosent excists. i get an error TF218027.
Ive been going through the setup and im wondering a bit
What exactly does the TFS use the reportServer for (MSDN dosent seem to want to tell me)
is there any way to create a Team project without the reporting
Will it damage my excisting data if i create and connect to a new sql reportServer
Hope someone will take the time to give an answer
thanks.
I have already tried the different approtaches discussed on different threads and im primarily looking for information on the 3 questions written above
Try the steps below:
In browser go to: http://application-tier/Reports/Pages/Folder.aspx
Press Folder settings button in the toolbar
Press New Role Assignment button in the toolbar
Specify user name in Group or user name field, check Content Manager role and press OK.
So for the people that actually read the question the answer is.
Keeps track of agile work progress
yes and its actually easy. go to the reporting service and stop it and then tell TFS not to report under reporting
Since it was never running the answer here is No
I've got an issue where users that are disabled in Active Directory are still appearing in a Team Project Collection in Team Foundation Server 2013. This is a problem because any projects that are within the collection have these users inherited and are visible when assigning work items, etc.
These users in the screenshot below are all disabled and none of which are a part of any group or groups on TFS.
Specifically these users:
Kumar
Carl
Mishra
Bertram
Shah
Rajendran
Arora
It would also be nice to hide these users:
Network Service
Sharepoint account
Local Server Account (******-DEV1$)
I have tried the following:
Removing [Built-In]\Administrators group as per instructions here: https://stackoverflow.com/a/15640409/559988
Clearing the TFS data cache and restarting IIS as per instructions here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/31487b77-8a1a-4b1f-8cdb-8f3528a3a389/tfs-2013-user-management
Verified the users are disabled in Active Directory
Verified the disabled users are not apart of any groups in Active Directory
Verified Active Directory sync is working (added a new user and it appeared just fine).
Has anyone else had this issue with disabled users appearing in TFS 2013 or know how to resolve it?
Thank you
This phenomenon is correct. The disabled user in Active Directory will still appear in TFS. Since these users are imported from AD, and belong windows group, so you can't delete these from security page. TFS server will automatically sync from the AD.
You may need to manually delete the users instead of disable the users in Active Directory .
Update
You can't hide the user in security. If you are get annoyed with these users when assigning work items. You can filter the user which you want to display in work item drop list. Please see my answer in this question: TFS-2015 limiting user list for detailed step.
After trying everything in Patrick's post above I am unable to resolve this issue.
This issue also remains unresolved in a similar post here: How do I remove a user from tfs?
The only way I was able to partially-resolve this was by upgrading from TFS 2013 to TFS 2015. The users still appear in the Project Collection users group, but no longer appear in the Team Project as options for work items, etc.
It's unclear why this is the way it is.
I am new to coding and everytime I ask a question I feel like stupid because I mostly am unfamiliar with most known things in this "industry" so I will sum up the whole situation fastly.
I learned how to code html css and js, I learned how to use VS 2012 asp.net mvc 4 and finally I made a webside for a student club I am into. Hosting is provided by our school and they only gave me ftp user name and password, I dont know which hosting firm is it or what is going on and so on, I got Filezilla to delete and unpublish the old webside, and I didnt know a proper way to publish asp.net websides through filezilla so I used VS 2012 publish tool.
I choosed FTP as publish method because I had ftp user name... I choosed relase as configuration and thats it ( I didnt open options here ) finally I could push on publish...
I faced 2 main problems so I couldnt publish
Problems I faced were;
1) While I was trying to publish I got an error like
" Validation (HTML5): Element 'a' must not be nested within element 'a button' "
I was trying to make a nav with sub items on it, It worked while I was trying it on local host I saw similar problems spoken out here on VS 2010 I tried to make exstensions to VS didnt work out
Anyway I deleted that part from the project and I tried publishing again.
2)It worked out perfect it seemed like no problem occoured. But when I try to open the webside it was saying I had no permisson to view.
I hope I didnt write any off topic staff here just try to tell you my problems so maybe someone can get help like I did from prior topics.
" Validation (HTML5): Element 'a' must not be nested within element 'a
button' "
You cannot have one anchor tag inside another anchor tag. If you have it that will cause you the problem.
Check out this thread to find out valid elements which can be nested inside an Anchor tag.
I had no permisson to view.
You need to give proper read/write permissions for the ApplicationPool Identity on the folder structure you have for your website. Or else IIS Apppool will not be able to get the files and execute them.
Give permissions to AppPool Identity for a particular folder/file. That resource will guide you one how to give you permissions to Application Pool Identity.
Alternatively you can give permissions from FileZilla itself. Simply right click the application root folder and select permissions. Then you can specify permissions from client side itself. But in most of the production cases, we have to add app pool user to the folder/file permissions list manually. But definitely give a try with FileZilla.
We are programmatically generating deployment emails, based on the history of changesets and associated workitems since the last deployed build. They look a bit like the build summary info inside Visual Studio (but with many builds combined).
There appear to be useful URLs in the data (like vstfs:///VersionControl/Changeset/205151), but being new to the TFS SDK I do not if/how this maps to a viewable item (e.g. http://tfsserver:port/somepath/...). The build summary links inside Visual Studio are clickable, but are they VS-only links?
If possible we want to include links in the email that open the related item (in a browser?), so I guess I need to know if TFS paths are web-browsable and if so, how?
Suggestions welcomed. Thanks.
This is the uRl i have been using to access work items,
=> http://ServerName:PortNumber/tfs/web/wi.aspx?id=xxidxx
Edit
The format i have specified does work with TFS 2010. It basically generates the path to the work item in Web view. Clicking on this opens the work item in the web view.
As an alternate, you could get a navigatable URL programmatically as well.
var tfs = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("TFSURL"));
var versionControl = tfs.GetService<ICommonStructureService>();
var projects = versionControl.ListAllProjects();
var myService = tfs.GetService<TswaClientHyperlinkService>();
var myUrl = myService.GetChangesetDetailsUrl(21);
So, the service "TswaClientHyperlinkService" is microsofts TFS hyperlink service. This will generate the url formats for Absolute path, relative path, Path and Query, blah blah.
HTH,
Cheers, Tarun
PS - I hate to be wrong!!! hahaha...
EDIT
And since in your case you have the URI available and you already are using the TFS API, these two lines of code would do the trick.
var testManagementService = tfs.GetService<ILinking>();
var testControllers = testManagementService.GetArtifactUrl(#"vstfs:///VersionControl/Changeset/205151");
This will generate, https://ServerName:PortNumber/defaultcollection/VersionControl/Changeset.aspx?artifactMoniker=205151
HTH,
Cheers, Tarun
The following seems to be the standard url for accessing work items
http://TFS_Name:port_number/WorkItemTracking/Workitem.aspx?artifactMoniker=work_Item_Id
The vstfs links are called "artifact IDs" and are internal data to TFS that is expected to only be consumed by a TFS client. A TFS client will parse that data and determine how to display that data. For a changeset link like you provide, the rich clients will open up a dialog with the changeset details. A web client would translate that link into a URI. And the various TFS libraries are able to provide you more data on this artifact using that ID.
If you wanted to create your own link to TFS Web Access, the strictly proper way to do this is to query some information on the server. Once you have a TswaClientHyperlinkService, you can query for the Web Access URIs for various services, such as view a changeset or view a work item. Some examples are shown on Martin Woodward's blog.
In TFS2012, an additional pcguid URL parameter needs to be present. Here's the new format, extending the good solution given by #TarunArora:
http://ServerName:PortNumber/tfs/web/wi.aspx?pcguid=xxguidxx&id=xxidxx
This blog post describes how to find the pcguid via Visual Studio.
However, if like me you're attempting to use TFS without Visual Studio installed (don't ask!), here's an alternative using the browser-based TFS interface:
Go to "Open Issues"
Click on the button that looks like an envelope ("Send query as an email") in the top right of the work item pane.
Right-click on one of the links in the email and copy the link location
Cancel out of the email without sending it.
Paste link location into a text editor and extract the pcguid value.