发表新帖
发表新帖

How to Grant Read-Only Access to All TFS Team Projects to a Group of Users?

后端 未结
关注
2 576
广开言路
广开言路 2020-12-10 18:34

I see from the answer to How to add Windows group as \"Readers\" to all projects in TFS 2010 collection? that this must be done manually for all existing projects.

I

相关标签:
2条回答
  • 广开言路
    2020-12-10 19:12

    My approach is based on the fact that TFS permissions are inherited unless explicitly denied.

    To create an user group that will automatically access with read only permissions to all existent projects as well as the futures ones, follow those steps:

    1. Create a new security group at the project collection level. You can do it in Visual Studio using the "Team/Team Project Collection Settings/Group Membership" menu.

    2. Add the new group as a member of the "Project Collection Administrators" group. This will grant access to all projects in the collection, including the futures ones.

    3. Limit the permissions of the new group to remove the administrator permissions inherited. To force the read only access, Deny all permisisons except "Create a workspace", "View build resources" and "View collection-level information".

    The users of this group will have read access to source code, work items, and build definitions of all projects in the collection.

    0 讨论(0)
  • 一向
    2020-12-10 19:15

    Here is a powershell script to iterate over each team project in your collection, get the Readers group and add a SID. 

    # load the required dll
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Client")

function get-tfs
{
    param(
    [string] $serverName = $(throw 'serverName is required')
    )

    $propertiesToAdd = (
        ('VCS', 'Microsoft.TeamFoundation.VersionControl.Client', 'Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer'),
        ('WIT', 'Microsoft.TeamFoundation.WorkItemTracking.Client', 'Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore'),
        ('CSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.ICommonStructureService'),
        ('GSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.IGroupSecurityService')
    )

    [psobject] $tfs = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer($serverName)
    foreach ($entry in $propertiesToAdd) {
        $scriptBlock = '
            [System.Reflection.Assembly]::LoadWithPartialName("{0}") > $null
            $this.GetService([{1}])
        ' -f $entry[1],$entry[2]
        $tfs | add-member scriptproperty $entry[0] $ExecutionContext.InvokeCommand.NewScriptBlock($scriptBlock)
    }
    return $tfs
}
#set the TFS server url
[psobject] $tfs = get-tfs -serverName http://YourTfsServer:8080/tfs/YourColleciton


$items = $tfs.vcs.GetAllTeamProjects( 'True' )
    $items | foreach-object -process { 
    $proj = $_
    $readers = $tfs.GSS.ListApplicationGroups($proj.Name) | ?{$_.DisplayName -eq 'Readers' }

    $tfs.GSS.AddMemberToApplicationGroup($readers.Sid, 'TheSidToTheGroupYouWantToAdd')
}
    0 讨论(0)
 看不清?
提交回复
热议问题