I am attempting to add a "Requested By" field to a custom Work Item Template in TFS 2010. When I create the field in the work item, I wish to have the values restricted to a particular AD group. I'm looking for functionality similar to the "Assigned To" field in the standard templates. However, if I add this AD group to one of the TFS groups, they all get added as valid users in TFS and that is not the behavior I'm looking for. I simply wish to restrict the values for a field to an specific AD group. I've tried adding the AD group to the "Group" property of the VALIDUSER field definition rule, but I get the following error:
---------------------------
Error
---------------------------
Error importing work item type definition:
TF26204: The account you entered is not recognized. Contact your Team Foundation Server administrator to add your account.
---------------------------
OK
---------------------------
Thanks in advance!
[Update]
On further investigation, I have found that it works with certain AD groups, but not with others. For instance, it works with our "Developers Group" but not with "Domain Users". It's actually a fairly small subset of groups that I've tested that work. Again, Any help would be appreciated!
The simplest way I've found is to use the ALLOWEDVALUES field definition rule. Add to the list of allowed values the name of a TFS Group. I have still not been able to get the AD group to work directly. But my big problem was that when I was trying to use a project group, I was putting the project name in the "[Project]\Group Name".
As stated here
some people may think that “[project]” is a place holder for the
project's name, but it is meant as a literal.
You should be able to add an AD group, by simply writing it as domain\group.
Note, however, that the group needs to have some access privileges to the team project (e.g. A member of Contributers).
Have you tried to create a TFS Group, add the AD group in the TFS Group, then add the TFS Group in the "Group" property of the VALIDUSER field definition ?
If I remember correctly you can't put AD group in the "Group" property of a TFS Field, but only TFS Groups...
Related
Is there a way in TFS that user have permission to add Issue in a project and should not have permission to add/edit other work Items like User Story etc ??
is there any extension or utility to do this on TFS ??
You cannot restrict the editing of specific work item types. Permissions are controlled at the area path level. A user with permissions to create work items under an area path can create any type of work item under that area path.
No, there is no such build-in configuration. It's also not able to use any extension or utility to do this on TFS.
Permissions for work items are based on the areas/iterations where they occur, and are set through the dialogue that defines areas and iterations.
In other words, you are not able to set any permission either to a specific work item or work item type.
You could submit a user voice here, our PM will kindly review your suggestion.
There is only one out-of-box way to do this: Create child nodes, modify work items under an area path. You may try the following:
Create new team and area path for Issues Team Add a team, move from one default team to several teams.
Edit Security for the Root Area Path and restrict edit work items for the Issues Team.
Edit Security for the Issues Team Area Path and allow to edit work items for the Issues Team.
In this case, your Issues Team can create and edit any work items under Issues Team Area Path, but can not edit any other work items.
How to rename groups in Jira? I am finding difficult to rename groups in jira. I already tried renaming groups in Jira. But it is not updating in created by and assigned dropdowns.
You have to rename groups via SQL since there is no option from the web admin interface to do so. See this solution provided by the Atlassian community:
https://community.atlassian.com/t5/Questions/Need-to-rename-group/qaq-p/378695
WARNING: make a backup of your database before any direct sql statement is executed! Changing the database directly is at your own risk. Also, renaming the group DOES NOT transfer membership, so the renamed group will be empty. If your group already has members, the simplest solution would be to:
delete the group
create a new one
reassign users to the new group
Hope this helps!
We had a person leave our company and their windows domain account for Active Directory was deleted. They have since come back but have been given a different windows domain account user name. Now when we attempt to assign them tasks it's always associated with the old account. I assume this is because the name is still the same and TFS is doing some kind of duplication check. I've tried removing cache and have verified that the Team Foundation Server Periodic Identity Synchronization job is running properly. I can also see the old active directory account show up when attempting to Add a windows user or group via the dialog along with the new Active Directory user.
What's strange is this user is not showing up as a member of any groups in TFS for any of the Team Project Collections. So why are they still showing up in the [Team Project Collection]\Project Collection Valid Users group?
Seems the main issue is deleted users still in "Assigned To" List. First try to throw down the issue.
If you are using VALIDUSER rule, it contains all valid users in TFS. You may check collection level Project Collection Valid Users group, you may need to check every group to delete the user. And use TFSSecurity /imx command to display information about that group, thn delete the user from right group.
After delete the old user, you need to try to let TFS sync with Active Directory, for detail steps, you can refer to:
Force TFS to sync with Active Directory
Active Directory Groups not Syncing with Team Foundation Server 2010
I created a tfs group that would work on a specific project located in a collection. Now we're using work items to track bugs etc, but that group doesn't have access to those work items via the Team Web Access portal. I don't want this group to have access to all the projects in the collection, just the one they are working on. But i need them to be able to access work items that come up.
Currently when they access the Team Web Access portal, they get message indicating there are no accessible team projects in this team project collection.
if they can access their code in the collection already, how come they can't see the work items, and how can i change that, but still limit what they see?
Ok, found what i was looking for after some time. for the benefit of the community here is where that hidden security setting is done.
For the new group, i needed to go under Team/Team Project Settings/Area and Iterations!!!!
Yes, this silly place to but a SECURITY button. If you go in there, click the security button on the bottom of the dialog, you will then see ALL the WORK ITEM related permissions.
EDIT work items in this node;
Manage Test plans;
View this node;
View work items in this node.
I needed to check all of these to ALLOW.
Again, seems like a stupid place to put these settings, than with all the other security settings via TEAM Project Settings. I hope they had a good reason for that.
They will need the View collection-level details permission added to their group (at the collection level). By default, the Project Collection Valid Users group has these permissions, so you can just add your group as a member of the valid users group.
How can i set default queries for all users in Team Foundation Server when i am using Team web access?
How to: Save a Team Query (Team System Web Access)
If you have the required permissions, you can save a query to share with other users to a folder location that other users can access. They have them available by default. Queries saved in a location where the team can use them are called Team Queries.
To save a query as a team query, you must be a member of the Project Administrators group.
Create or modify a work item query.
Click Save As.
In the Save as Query dialog box, in the Name box, type a name for the query.
Click the Team query option.
In the Team project list, select the team project.
In the Description field, type a description.
Click OK when you are finished.