TFS 2013 - Can I restrict a user to access only a sub-area in a project?

Question

I have a user requesting that an employee be allowed to access only a specific sub-area in a project.

No access to the source code, no access to tests, only access to a single "area".

I have tried granting the user access as a Reader, and then setting specific security permissions on the area node. The business complains that the user has access to everything.

Is this possible to accomplish with the TFS 2013 security model?

Answer 1

Not trivial, the solution goes along this line.

Remove from the individual any groups except "Valid Users". The user account must have "View project-level information". Give the individual "View work items in this node" by right-clicking on the Area node he/she must have access. You can add additional permission in this latter, if the person requires write access.

Answer 2

1. Define a new TFS group for these "special users".

1. Click on the Group Membership. This should open up the web page in IE.

2. Now click on the link "Create TFS Group" on the top left hand side.

1. Create a new TFS group for these special users. Lets call it "Special Users".

2. Remove the UserID of these special users from any other TFS groups that they are present.

   3. Go to the specific sub-area in the project which they need access to. 1. Right click the file -> Advanced -> Security

1. Now here you can define the rights for your new "Special users group". Give them just the read access and deny everything else.