Reputation: 225
Can't get team security to work in VSO
I created a new VSO account and created a new project in it. In this project I added Iterations, Areas and Teams. So I have one big project with multiple teams in it.
I gave the teams specific access to one Area, so they only see the work items in this area.
When I add a member to a specific Team, this member can access all the different teams, and so can access work items that shouldn't be accessed. I found this website (http://blogs.msdn.com/b/danhellem/archive/2014/06/11/how-to-implement-multiple-team-strategy-in-team-foundation-server-2013.aspx) that explains exactly the security system I want to implement, but when I follow his steps, I still have the same problem.
My current setup is as follows:
- Team A - No permissions set
- Team A - Has 1 member, a new VSO Group "Team A Contributors"
- Team A - Is member of the VSO Group "Project Valid Users"
- VSO Group "Project Valid Users" - No Permissions Set
- VSO Group "Team A Contributors" - Only got the permission "View Project-Level Information"
- User A - Member Of 'Team Foundation Invited Users' and 'Team A Contributors"
- User A - Permissions, only inherit allow "View Project-Level Information"
When this user goes to visualstudioonline.com, and selects 'Browse' at 'projects & teams', this user sees the Collection, Project, and All Teams (A/F). This user can goto all these levels, and sees the information in it.
How can I fix this, so this user only sees his own team and the information in it?
See screenshow below, even though a team has no members you still can navigate to it (and see it):
Upvotes: 1
Views: 445
Answers (2)
Reputation: 5010
There is not one available setting to restrict users to access (browse) other teams in the team project. You need to grand permissions (Work Items, Queries, Source Control, and Build), respectively.
Please have a check on this MSDN article for the detailed information on how to manage team access: https://msdn.microsoft.com/Library/vs/alm/work/scale/manage-team-assets
Upvotes: 0
Reputation: 2035
I'm not sure I like the idea of restricting users from viewing Work Items in other areas/teams as they could miss out on the context of some items. I'd prefer to at least set them to read-only.
The key here is to set the permissions on the area path https://msdn.microsoft.com/Library/vs/alm/Work/customize/modify-areas-iterations See the section: Set permissions on editing paths or accessing work items assigned to an area
You'll need to make sure that you set the permissions on the team group to Deny "Edit Work Items in this node" or "View work items in this node" depending on the behaviour you want.
A Deny permission will override an Allow permission.
Upvotes: 2
Related Questions
- TF.exe and TfSecurity.exe authentication on AzureDevOps
- TfsTeamProjectCollection does not ask for credential
- Connecting to Azure DevOps (TFS) Server with VssConnection and username/password
- Visual Studio Team Services API
- Team Foundation Server and Visual Studio Team Services
- Authentication to Visual Studio Team Services (was TFS Online) fails from WinForms code in VS2010
- How to get fix "You are not authorized to access" accessing VS Team Services
- Visual Studio Team Services - secure access to office environment only
- TFS code access with Visual Studio Team Services
- TFS restrict access