/acl command: Display the access control list

Visual Studio Team Foundation Server 2013

previous page next page
  Send Feedback

Use /acl to display the access control list that applies to a particular object.

Required Permissions

To use the /acl command, you must have the View collection-level information or the View instance-level information permission set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Permission reference for Team Foundation Server.

TFSSecurity /acl Namespace Token [/collection:CollectionURL] [/server:ServerURL]

Parameters

Argument

Description

Namespace

The namespace that contains the group for which you want to view permissions for a user or group.

Token

The name or GUID of the object on which you want to view permissions.

NoteNote

Tokens vary depending on the namespace that you specify. Some namespaces do not have tokens that apply for this command.

/collection:CollectionURL

Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName

/server:ServerURL

Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName

Remarks

Run this command on an application-tier server for Team Foundation.

Access control entries are security mechanisms that determine which operations a user, group, service, or computer is authorized to perform on a computer or server.

Examples

The following example displays what users and groups have access to the FrameworkGlobalSecurity token in the Server namespace within the ADatumCorporation deployment.

NoteNote

The examples are for illustration only and are fictitious. No real association is intended or inferred.

 Copy imageCopy Code
> tfssecurity /acl Server FrameworkGlobalSecurity /server:ServerURL

Sample output:

 Copy imageCopy Code
TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation.  All rights reserved.
The target Team Foundation Server is http://ADatumCorporation:8080/.
Retrieving the access control list for object "Server"...

Effective ACL on object "FrameworkGlobalSecurity":
  [+] GenericRead                        [INSTANCE]\Team Foundation Valid Users
  [+] GenericRead                        [INSTANCE]\SharePoint Web Application Services
  [+] Impersonate                        [INSTANCE]\SharePoint Web Application Services
  [+] GenericRead                        [INSTANCE]\Team Foundation Service Accounts
  [+] GenericWrite                       [INSTANCE]\Team Foundation Service Accounts
  [+] Impersonate                        [INSTANCE]\Team Foundation Service Accounts
  [+] TriggerEvent                       [INSTANCE]\Team Foundation Service Accounts
  [+] GenericRead                        [INSTANCE]\Team Foundation Administrators
  [+] GenericWrite                       [INSTANCE]\Team Foundation Administrators
  [+] TriggerEvent                       [INSTANCE]\Team Foundation Administrators
  [+] GenericRead                        DATUM1\jpeoples

Done.

See Also

Other Resources

Change groups and permissions with TFSSecurity
How to: Create a Global Group
Team Project Groups
Default Groups
previous page start next page