Deny read and browse source code on TFS 2012

Question

I am trying to set permissions on TFS 2012 so as to deny read and browse of source code for some users/teams. Until now I have succeeded on denying read but I cannot deny a user from browsing it. That means, the user can easily see the full tree of files and folders. I would like the user not to be able even to browse it!

Answer 1

Found the solution!

I finally managed to totally hide source code from specific group of users (although I allow them to see work items) by setting "Edit collection-level information=>Not Set" on "Project Collection Valid Users" in "DefaultCollection Groups". Of course I had to manually deny every permission on the root ($) of source but I suppose this could work for any path you like. After that I created areas and allowed on this group specific areas and everything goes perfect!

Alex, thanks for your support on that!

Answer 2

I would try removing access to project level information on the Project Settings, if that doesn't do it you may have to remove access to the project as a whole.

One thing I would caution though is using Deny, especially on groups of users. Removing allow is better than specifically denying when having groups of users.

For instance: User A maybe a member of Administrators, but also a member of contributors. As a member of Administrators he should be able to do the action of the security setting in question, but we don't want contributors to do it. If we remove allow from contributors, than the allow in Administrators would still work. However, if we deny the contributors the deny overrides the allow in User A's Administrator group and User A cannot do the action of the security setting in question.