You can add, change, or remove permissions for users and groups in Visual Studio Team Foundation Server (TFS). Permissions in TFS can be explicitly set, and they can also be inherited depending on a user's membership in specific groups at each of the four levels of permissions: the team level, the project level, the collection level, and the server level. You can view the explicit and implicit permissions for any user or group in TFS, and you can change permissions for users and groups at everything except the team level. Team-level permissions are determined by membership within the team, and cannot be manually set or changed.
When you add a user or group to TFS, you might also need to add that user or group to two other components on which your deployment might depend: SharePoint Products and SQL Server Reporting Services. If your deployment is configured with these resources, you must add users and groups to those programs and grant the appropriate permissions for those users or groups before all operations will function correctly in TFS.
Because of this complexity, it can be difficult to manage individual users and their associated permissions in deployments of TFS. It is much simpler to use Active Directory to organize users into role-based groups and then add each group to TFS, SharePoint Products, and Reporting Services with the appropriate permissions. By taking this approach, you can manage only a few groups across these three programs, instead of many individual users. You can add users to Active Directory groups as needed without having to change that group membership or permissions within those three programs. You can find an example of this here: Configure Team Foundation Server to Support Your Development Teams.
As an administrator, you control what tasks users can perform by specifying group membership and permissions. To simplify this task, Team Foundation provides default groups and permissions settings. You can use the default groups and settings as they are, customize them, or create your own groups. The topics in this section provide details about permissions.
In Visual Studio Team Foundation Server 2012, you can use the new features in Team Web Access to view and manage the permissions for users and groups at the project and collection level. This includes the ability to quickly view both inherited and explicitly set permissions, as well as view a user's membership in groups:
You must also configure access to Team Web Access features in the administration context of Team Web Access:
You must use the administration console for Team Foundation to view and manage server-level permissions for users, groups, and service accounts.
In This Section
- Team Foundation Server Permissions
Describes the permissions model for TFS as well as all of the individual permissions that you can set for users and groups.
- Team Foundation Server Default Groups, Permissions, and Roles
Describes the groups and permissions that are created by default when you install TFS or create a team project, including the permissions that are assigned to those groups by default.
- Change Permissions for a Group or User
Describes how to change the permissions for a group in TFS or an individual user account that has been added directly to TFS.
- View Permissions
Describes how to view permissions for users and groups at a server or project level.
- Add Users to Team Projects
Describes how to add users to default groups in TFS, SharePoint Products, and Reporting Services in order to grant those users the permissions that they need to act as readers, contributors, or administrators within that project.
- Set Administrator Permissions for Team Project Collections
Describes how to add users to default groups in TFS, SharePoint Products, and Reporting Services in order to grant those users the permissions that they need to administer a team project collection.
- Set Administrator Permissions for Team Foundation Server
Describes how to add users to default groups in TFS, SharePoint Products, and Reporting Services in order to grant those users the permissions that they need to administer TFS.
- Change access levels
Describes how to set the default level of features available in Team Web Access, how to add and remove groups to levels of features, and how to audit usage.
Related Sections
