More fine-grained permissions in TFS2010

Recently (in TFS2008) I was stuck with the fact that I could not split up the permission to create/modify builds and the permission to create/modify build agents. In certain enterprise environments it might be necessary to revoke the right from development teams to create/modify build agents. Build agents may be for instance controlled centrally by an operations team that manages all build servers. In TFS2008 both tasks belong to the “Administer a buid” permission.

The good news is that TFS2010 will offer a lot more fine-grained permission sets! You will now have the possibility to set permissions on the Team Project Collection, on the Team Project, on the Build Definition level and on the Version Control repository!

  • Team Project Collection
    • Administer shelved changes
    • Administer test controllers
    • Administer warehouse
    • Administer workspaces
    • Alter trace settings
    • Create a workspace
    • Create new projects
    • Delete a team project
    • Delete team project collection
    • Edit collection-level information
    • Make requests on behalf of others
    • Manage build resources
    • Manage process template
    • Manage work-item link types
    • Trigger events
    • Use build resources
    • View build resources
    • View collection-level information
    • View system synchronization information
  • Team Project
    • Administer test environments
    • Create test runs
    • Create team project
    • Delete test runs
    • Edit project-level information
    • View project-level information
    • View test runs
  • Build Definition
    • View Builds
    • Edit build quality
    • Retain indefinitely
    • Delete builds
    • Manage build qualities
    • Destroy builds
    • Update build information
    • Queue builds
    • Manage build queue
    • Stop builds
    • View build definition
    • Edit build definition
    • Delete build definition
    • Override check-in validation by build
  • Version Control
    • Read
    • Check Out
    • Check In
    • Label
    • Lock
    • Revise other users’ changes
    • Unlock other users’ changes
    • Undo other users’ changes
    • Administer labels
    • Manage permissions
    • Check-in other users’ changes
    • Merge
    • Manage branch

Great! There are a few permission that are new and that I certainly want to look into a bit deeper … but now let’s go back to my problem in TFS2008 and how to fix it in TFS2010. Right clicking the Team Project Collection brings me to the permissions on the Project Collection level.

The permission to Manage build resources allows people to create and modify build controllers and agents.

Right clicking Builds brings you to the permissions on the build definition level.

The permission to Edit build definition allows people to create and modify new build defnitions.

5 Responses to More fine-grained permissions in TFS2010

  1. Ilya says:

    Thanks a lot, found solution in this article which I searched for 2 hours

  2. robi singh says:

    Is there a way that I can get a report on the security settings for every project in a TPC.

    Thank YOu

  3. @robi: use the command-line for requesting security info through tfssecurity.exe

  4. S says:

    @pitergheysens: is there a way to use tfssecurity set permissions for a build definition?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: