If I load up TFS Web Access and go to Security > Users, I only see the 3 people I've added to my team. However, when I try to assign a task to someone in Web Access or in Visual Studio, it lists a bunch of users from the domain (not all users, looks like all IT people). Where does this come from? How can I change it... without exporting, editing and importing files via command line?
update: I found this line in the MSDN documentation:
Team Foundation \Team Foundation Valid Users
Members of this group
have access to Team Foundation Server. This group automatically
contains all users and groups that have been added anywhere within
Team Foundation Server. You cannot modify the membership of this
group.
I really don't understand... this is our own team's server, a separate install from the main dev team. I have no idea how these other 30 or 40 users got in this group. Major bonus <3 for any help on this. MikeR's answer will allow me to set administrators as the only assigness which will technically fix the issue, but I'd rather be able to use the groups as they were intended if possible.
The problem was that [TEAM FOUNDATION]\Valid Users included [TEAM FOUNDATION]\Team Foundation Administrators which included [BUILT IN]\Administrators
In the TFS Server Administration Console I selected Application Tier and clicked Group Membership. I then double-clicked on [TEAM FOUNDATION]\Team Foundation Administrators and removed [BUILT IN]\Administrators.
Now I only see my team and not all the SQL admins and engineers that were local admins on the server. All without any command line or addons.
This list of possible assings is defined in the WorkItemTypeDefinition. Usually you would export and import this. If you have the TFS PowerTools (http://visualstudiogallery.msdn.microsoft.com/b1ef7eb2-e084-4cb8-9bc7-06c3bad9148f) installed, you can directly work with the WITD in Visual Studio.
To do this, open "Tools->Process Editor->Work Item Types->Open WIT from Server". Choose the TeamProjectCollection you want to connect to and than choose the TeamProject and WorkItemType you are having trouble with.
Check the rules for "AssignedTo" field. Default could be the "ValidUser" rule, which includes every permitted user in TFS. Remove that rule and add a new one "AllowedValues" rule with values like "[project]\Project Administrators", than only "Project Administrators" can be assigned to this Work Item.
If there is already a group defined and not all "ValidUser", remove users from the group set is set there.
Related
I have a problem with adding of new accounts into Team Foundation Server 2010. I can add a new domain account into group Contributors of my team project without problems but after that I can't see it in the list of available accounts, for example, in the drop down list 'Assigned To' at a work item page.
The added user can see the project, do check-in and check-out but he can't get access to the project work items. He has got an error
TF201072: A user or group could not be found. Verify that the users and groups used in your work item type definition have been added to Team Foundation Server.
Can anybody help me?
First, make sure that you have the latest version of TFS. There have been many bugs fixed over the years and years since 2010 and you would be best servers to upgrade.
You should check the status of the TFS jobs, with the tfs Admin Pack:
http://blogs.msdn.com/b/granth/archive/2010/07/12/administrative-report-pack-for-team-foundation-server-2010.aspx
Is that user licenced?
we've got a tfs_member AD group which we've added in here:
http://yourtfs:8080/tfs/_admin/_licenses
to sort that out. The user has to be in that AD group and be in the project's contributors to show up .
For some reason our developers can only add projects that they've created to Team Explorer, even though they've all been given rights to the other projects. I created a top level group and added all of their AD users to it, and I assigned that group rights to access all of our projects.
They can see the projects in Source Control Explorer, and are able to do their work, but if they try to add a project to Team Explorer, the Connect to Team Project dialog box only shows their own projects.
Is there some other set of permissions?
If you want to make everyone can see and operate each others project, you need to put your team group into Project Collection Administrators in Collection level
If you don't want everyone have admin right,
you need to tell everyone to put the team group into Readers group in the team project they created.
Actually, I don't think there is a way to create a group in Collection level to access all team projects.
In fact, I think the best solution for you situation should be everyone use the same Team project and put everyone in the Reader group in that team project.
So everyone can create their own project under that team project instead of creating their own team project.
If you still want to let everyone create their own team project,
I suggest you use Team Foundation Server Administration Tool to manage group membership.
Permission right usually given on team project level basic. By "top level group" if you mean by giving permission at collection level. then i will suggest you try adding member at 'team project level' under any required group with necessary permission. if you cant add the member ask the admin of the team project to add separately.
you can directly access the security page through web access by.
[TFS web access url]/[Collection]/[team project]/_admin/_security
Under the "TeamExplorer - Connect" there is an option to "Select Team Projects..." When you click on this a box should pop-up titled "Connect to Team Foundation Server" that has a select dropbox, a "Team Project Collections" panel and a "Team Projects" panel. The latter has a list of projects in the collection and each has a checkbox next to them.
Make sure the projects you are interested in are in the list, and have the box checked. You can use the "Select All" checkbox to turn them all on at once.
HTH
I have two different project in my TFS. They are in the same collection. Can I setup Team Foundation Server for users only see and work on one project which I assign to them? I want them to work only one project without being able to see the other one.
Team Foundation Server Permissions - MSDN
Project-Level Permissions
Project-level permissions are specific to a single project's users and
groups. You can set these permissions in Team Foundation Server by
right-clicking the project in Team Explorer and clicking Security.
Additionally, you can set these permissions by using the TFSSecurity
command-line utility.
Suppose I have a team foundation server http://tfs:8080 and a collection named Collection1 and a project named Project1. How would I go about giving user User1 all privileges on the project? (Either by adding him to the Team Project Administrators group OR by granting individual privileges as you would in the GUI)
This is what i would recommend, download the TFS ADMIN tool http://tfsadmin.codeplex.com/, this is a community tool that for TFS Administrators, The TFS Administration Tool allows Team Foundation Server administrators to manage user permissions on all three platforms utilized by Team Foundation Server: Team Foundation Server, SharePoint, and SQL Server Reporting Services. The tool also allows administrators to easily copy user permissions among team projects and to easily identify any missing permissions on any of the three platforms.
However, you don't need the admin tool to assign permissions. You can right click on the team project and click on group membership, double click on the group that you would like to add the user to and add their windows login to the group. You can read more about this here, http://msdn.microsoft.com/en-us/library/ms252477.aspx
HTH
Cheers, Tarun
I have installed Visual Studio Team Foundation Server 2010 on Windows 7 Professional edition.
How can I manage (add) new users which can use the TFS 2010?
I had the same challenge. It isn't obvious how this can be done without Visual Studio but here we go... On your TFS 2010 server:
Go to Team Foundation Server
Administration Console
Navigate to your Team Project Collection
Select Group Membership from the General tab
Open Project Collection Valid Users. It should include your Team Projects's groups as
members.
Select suitable Team Project group and add your user into that group.
Since you don't have a server version of windows, you can't have a domain, so you can't add domain users to your project.
You should either install a server (which most people might recommend) or you can save your time and effort and just simply create local users on your TFS server (which can have any version of windows). This method will work just the same as installing a windows server. To do that just go to this location:
"Computer Management" -> "Local Users and Groups" -> Users
Add any users you want and in order to prevent windows from showing them in the welcome screen, double click on each one of them and remove their member of data (which is set to Users by default)
Then follow Kyberias' instructions.
Connect to a team project in VS2010.
In the Team Explorer menu expand your team project.
Right click Team Members and select Add Team Member.
From here you can add members and assign them permissions based on what they should be allowed to do on the project.
I hope this is what you are looking for.
The problem here is that there are no TFS users per se. TFS authenticates users against windows which runs it. Once you have some windows users, then you must configure permissions as mentioned by Kyberias.