Team Foundation security is based on users and groups. You can use the default groups in Visual Studio Team Foundation Server (TFS) to manage users and groups as part of implementing a security model for your organization. Default groups exist at the server level, at the collection level, and at the project level. You can also create custom groups at any of these levels with specific permissions to better fit your security model. Using a group-based security model enables users to access the data that they require without requiring the granting of specific permissions to each user account. This strategy helps protect confidential information while reducing the administrative overhead of managing user access to the deployment.
For each role in your business, you must determine what group memberships users require to accomplish their tasks. TFS, SharePoint Products, and SQL Server Reporting Services all maintain their own information about groups, users, and permissions. You must carefully plan how you want to manage users and permissions. This planning applies not only across individual projects in TFS but also across TFS itself, the Windows operating system, and if configured for your deployment, SharePoint Products and SQL Server Reporting Services. Within TFS, you can allow or deny permissions at many levels, such as for work items, access to version control, access to a project or project collection, and access to TFS itself.
In specific cases, you might want to add a user directly to a team project or team project collection, instead of adding the user to a group at the project level or collection level. In that case, you must grant permissions directly to the user account for that user.
Common Tasks
Title | Description |
|---|---|
Add users or groups of users: You can quickly add users to team projects, team project collections, or TFS itself by adding them to the appropriate default groups for their roles. | Set Administrator Permissions for Team Project Collections Set Administrator Permissions for Team Foundation Server Configure Team Foundation Server to Support Your Development Teams |
Change or modify default groups: You can change the membership of default groups. You can also modify the default permissions that are granted to some of these groups to better meet your security needs. | Team Foundation Server Permissions Team Foundation Server Default Groups, Permissions, and Roles |
Understand and manage permissions: You can review all individually configurable permissions within Team Foundation Server, learn what permissions are assigned by default, and view the permissions for specific groups or users. | Team Foundation Server Permissions Team Foundation Server Default Groups, Permissions, and Roles |
Understand service accounts and groups: In addition to managing permissions for your users, you must also manage the permissions that are required by the service accounts upon which Team Foundation Server depends. | Service Accounts and Dependencies in Team Foundation Server Change the Service Account or Password for Team Foundation Server Change the Service Account or Password for SQL Server Reporting Services |
Related Sections
Administering Team Foundation Server
Get Up and Running With a Single-Server Installation [Tutorial]
Collaborate
Collaborate (dig deeper)
Planning and Tracking Projects
