Reputation: 163
TFS permissions, default deny, specific allow
Recently we switched from source control from TFS to Git in TFS. We want to protect our master branch from accidentally checks in. So I want to deny all "regular" developers from contributing to this branch and a separate group of people who can contribute. This can be done by tfs groups, but the problem is that deny wins over allows. So I cant set default deny. So when a new person arrives and I forget him to put in the "regular" developers group he will be able to checkin. Is there another way to do this?
Upvotes: 0
Views: 130
Answers (2)
Reputation: 59016
"Not Set" permission means "implicitly deny" -- it will be denied by default, unless explicitly allowed.
Set your groups up without explicit deny permissions and then anyone can be a member of any set of groups, but only those who are members of groups with Allow permissions will be able to contribute.
Upvotes: 1
Reputation: 30382
Just as you said "deny wins over allows". So, you can not add the same users to multiple groups. You need to add them to separated groups, that means one user only in one group.
For example user1, user2 in regular group; user3,user4 in a separate group, then user3, user4 can contribute.
Another workaround is setting the Branch Policies for master branch to force code review. Thus the changes only can be checked in when the Admin or other specific user approved the changes.
Upvotes: 0
Related Questions
- How to manage Folder specific Permission in TFS?
- Allowing anyone clone a Git repository in TFS 2018
- TFS grant permissions to only one Branch
- TFS Contribute permission for Git branch
- How to deny contributions using TFSSecurity with Git
- TFS-Git Branch Policies
- TFSSecurity to change git branch permissions
- TFS 2012 API - Set Version Control Permissions?
- Set different permissions on different branches of TFS 2013 project
- Team Foundation Server TFS 2013 GIT branch permissions