Geeks With Blogs
I [heart] code! .NET musings from the chick side

After creating your team project you need to set up the roles and users for your team members. There are three main places that you need to do this: The Visual Studio project, the project portal, and the report site.

The easiest way to manage your TFS security is to create  AD groups and populate them with the appropriate users. 

If you choose to use AD groups to manage your group memberships, you will end up with four types of groups: AD (Windows) groups,  Team Project Groups, Team Foundation Server Groups, and SharePoint Groups.

The default Team Foundation Server installation contains the following groups:

<ServerName>\Team Foundation Administrators - admin users

<ServerName>\Service Accounts - member of Team Foundation Adminstrators

<ServerName>\Team Foundation Valid Users - all users and groups that have been setup anywhere within TFS. Not modifiable.

A Team Foundation Server Group can contain AD Groups as users, as well as other Team Foundation Server Groups. Team Project Groups are automatically added to the [SERVER]\Team Foundation Valid Users Group upon creation.

A Team Project Group can contain both AD Groups and Team Foundation Server Groups as users, as well as other Team Project Groups.

When you created your Team Project, the following Team Project groups were created:

[<ProjectName>]\Build Services


[<ProjectName>]\Project Administrators


(These groups were automatically added to the [SERVER]\Team Foundation Valid Users group.)

To add a new Team Project Group, go toTeam | Team Project Settings | Group Memerbership and click "New" and add your new group. It will now appear in the group list as [<ProjectName>]\<GroupName>.

To add users to a Team Project Group, go to Team | Team Project Settings | Group Memerbership, highlight the group you want to work with and "Properties". Select the type of group you want to add: Team Foundation Server Group, or Windows User of Group, and click the "Add" button and add your user or group.

Once you have your Team Project Groups set up, you need to set up your project portal security. Open your project portal by clicking on (Team | Show Project Portal). On the home page for you project, click on the "Site Actions" button in the top right corner and select "Site Settings". Select People and groups" from the "Users and Permissions" column.

From the "New" menu, select "New Group". Specify the Group name, permission level, and any of the other options, then click "Create". This will bring you to the home page of your new group.

Add the members of your group. Here you may add individual users or an AD group as a user to your Project group. Click the "New" menu and select "Add Users".  Here you can add users to a SharePoint group that you have already set up (in the above step) or assign permissions explicitly to this user. To add an AD group as a user to your project, type the AD name or browse you directory service by clicking the little book that appears under the Users/Groups field. After you have entered a valid name, Click OK.

The final groups to set up are the Report Site Groups. Open your project's Report Site (Team | Show Report Site). Open the Site's Home page by clicking the "Home" link at the top of the page. Click the "Properties" tab, then "New Role Assignment".

To add a new role: Click the "New Role" Button, enter your role name and select the tasks for that role.

To add users or groups to an existing role: in the "Group or user name" field type the AD group or user preceded by a slash (\). Select at least one role and click "OK".

To fine-tune the rights of your Groups and Users, Go to: Team | Team Project Settings | Security. Here you can select a Team Group and grant or deny permissions. Here is where you may also change the default permissions of the default Team Project Groups.

Now, any member of the team can connect to the project through their Team Foundation Server connection in Visual Studio.

Posted on Tuesday, May 20, 2008 8:34 PM | Back to top

Comments on this post: Setting Up your TFS Project Part 1: Users and Security

# re: Setting Up your TFS Project Part 1: Users and Security
Requesting Gravatar...
Good article on managing security. I am looking for an even easier way to manage security.

So here's a dumb question. I want to make a TFS server level group called Reader and another called Contributor. I want those to default into the project level groups (Reader and Contributor) whenever a new team project is created. I have been looking all around on how I would go about this, but I haven't yet found a good solution. Any ideas if this is even possible?
Left by Fervent Coder on May 29, 2008 10:42 PM

# re: Setting Up your TFS Project Part 1: Users and Security
Requesting Gravatar...
You can create groups that you can add to your template so that every new project will include these groups, but I have not found a way to automatically populate the users of a group upon project creation. The easiest way to accomplish this would be to create a Reader AD group and a Contributor AD in windows that contain the users, and after each project creation add those AD groups to their corresponding group in the new team project.
Left by Kirstin Juhl on Jun 05, 2008 9:56 AM

# re: Setting Up your TFS Project Part 1: Users and Security
Requesting Gravatar...
That's what I was afraid of. :D
Left by Fervent Coder on Jun 08, 2008 4:39 PM

# re: Setting Up your TFS Project Part 1: Users and Security
Requesting Gravatar...
The article is part one, there are no links anywhere or any reference to part 2?

Left by Bilal on Aug 19, 2009 10:05 AM

Your comment:
 (will show your gravatar)

Copyright © Kirstin Juhl | Powered by: