Reputation: 347
TF50309: The following account does not have sufficient permissions to complete the operation
I am created build and deploying those using TFS 2015. Everything was proper but from last two weeks the Build is being created successfully but the Release part is throwing error
TF50309: The following account does not have sufficient permissions to complete the operation:[*****]\Project Collection Service Accounts. The following permission is needed to perform this operation:View Project-level Information
So I verified the team project-> security settings. View Project-level Information is set to Allowed for all the groups except Project valid user. All the other groups are member of Project valid user so I do not think it should be a issue.
Can somebody help me out and give a proper solution
Upvotes: 8
Views: 22718
Answers (5)
Reputation: 1772
VS 2017 Bug?
In our scenario we had this error in VS2017 when trying to connect to Team Explorer, but it works fine in VS2022. So after exploring a lot, I finally found the problem in our case: we have two different projects, ProjectA, and ProjectB in the collection, and each project has an ACL group with the same name "My Group" (with different IDs). One of them lacks "View Project-level Information".
Because I need to access ProjectA, and the error "TF50309: The following account does not have sufficient permissions to complete the operation (...) The following permission is needed to perform this operation: View Project-level Information" is happening in ProjectA, I reviewed all permissions related to ProjectA.
Then I realized the ProjectB also has the same issue. So I added "View Project-level Information" to Project's B "My Group", and suddenly it started to work in both ProjectA and ProjectB. The access error has gone in VS2017. ✅
Double Check: I removed from ProjectB again, and also ProjectA stop working too. 💥
So IMHO I think the VS2017 is doing a bad permissions join. This was seen in VS2017 versions 15.9.61 and 15.9.68 (latest one).
But as I mention, it doesn't impact Visual Studio 2022.
I think it is not related to the Azure DevOps Server 2019 Server (on Premise)
Upvotes: 0
Reputation: 589
If you imported the definition in from another TFS/DevOps, it is possible that there is a unique identifier in the template export that needs to be changed or cleared out.
Upvotes: 0
Reputation: 77
For me the issue was in visual studio so after opening visual studio installer and selecting repair option the issue disappeared.
Upvotes: 2
Reputation: 347
Add "Project Collection Service Accounts" as member of "Release Administrators" group.
Upvotes: 13
Reputation: 31091
When you add accounts of users directly to a TFS group or through a Windows group, they are automatically added to one of the valid user groups.
TFS uses a least-permissive model for security permissions. What that means is that if a user belongs to two groups and the same permission is assigned Allow for one group and Deny for another group, Deny takes precedence over Allow.
So, if View Project-level Information is set to Allow in one group, but set Deny in Project valid user group, Deny takes precedence over Allow. You need to check the group permission that the account belongs to, and make sure every group has the proper permission.
Upvotes: 0
Related Questions
- TF401289: The current user does not have permissions to create tags
- Which permission allows a user to create Task Groups in TFS 2017 Build?
- I cannot add a new member to any TFS 2018 security group on collection or project level
- Remove "Edit team project level permission ACLs" from TFS project admins so that they are not allowed to add users
- TFS Security - Browsr Server
- Admin user not able to manage permission for Team Project in TFS 2015
- TFS 2015 Release Definition "TF30040: The database is not correctly configured. Contact your Team Foundation Server administrator."
- Access Denied when attempting to create an alert in TFS 2015
- TFS 2015 - Build vNext: "Access Denied: Project Build Service does not have write permissions for orchestration plan"