Reputation: 29710
View/Edit Work Items and Deny Access to Source Code in TFS 2010
How can I set up TFS 2010 permissions in such a way that only developers can access Source Control, but other groups can view or edit Work Items, all within the same Team Project?
I need to have my business analysts and QA testers be able to update user story states, assignees, etc. within an Iteration, but deny them access to the source code for security reasons.
Upvotes: 7
Views: 6299
Answers (3)
Reputation: 7083
Found the solution!
I finally managed to totally hide source code from specific group of users (although I allow them to see work items) by setting "Edit collection-level information=>Not Set" on "Project Collection Valid Users" in "DefaultCollection Groups". Of course I had to manually deny every permission on the root ($) of source code but I suppose this could work for any path you like. After that I created areas and allowed on this group specific areas and everything goes perfect!
For some reason "Edit collection-level information" was set to allow and strangely, this prevented from hiding the source code!!!
Upvotes: 3
Reputation: 1418
The previous answer is partially correct. This is how you set permissions within your source control tree. That answer also assumes that every single file and folder in your source control tree has the "Inherit Security Settings" box checked. Permissions within TFS 2010 source control can be much more granular than that.
Permissions for work items are handled at a work item "Area" level. Since Areas are per-team-project work item permissions are also per-team-project.
In Team Explorer right click on your Team Project -> Team Project Settings -> Areas and Iterations. This is where you can setup new Area \ Iterations. There is also a "Security" button at the bottom of the window that will pop the security settings for the selected area node. You can set these permissions very granularly as well... Area nodes always inherit security from their parent node, but can have individual permissions set as well.
Upvotes: 5
Reputation: 52788
- Open Visual Studio.
- Open Source Control Explorer.
- Navigate to your Projects Root Branch (same name as the Project).
- Right Click and Select Properties...
- Click the Security Tab.
In there you can control all the permissions you like. Denying Read permissions will stop the User/Group/TFS Group from been able to see you Source (IIRC, I'm a Collection Admin and it's hard to test).
Upvotes: 1
Related Questions
- TFS allow some users just to view the work items and queries
- Specific work item permissions
- TFS 2010 - How to make all work items inaccessible for a specific TFS project
- Restrict TFS 2010 access by work item type
- Is it possible to let a TFS group view work items, but not let them see any of the checked-in code?
- Deny read and browse source code on TFS 2012
- Restrict access to just some source code in Team Foundation Server 2010
- Work Item view rights
- TFS 2010 - anyway to restrict editing of work items
- Work item access for non visual-studio users