Cannot manage security in TFS 2018 on a Team Project with Project Collection Adminstrator Role

|▌冷眼眸甩不掉的悲伤 提交于 2020-08-09 08:49:27

问题


I have been converting access to Team projects using Active Directory groups.

I am a project collection admin and we host around 40 odd team projects.

On all the other proects everything is fine, I have been able to add all the AD groups I needed to the Various TFS groups that exist in a Team Project (Contributors, Readers etc).

When I come to the problem project I can see the add button, and I am able to search for and select the AD group I want, but when I click save, I see a red banner message with the text:

Unable to add members to this group.
Failed to resolve the specified groups to join.
You do not have sufficient permissions to add members to the following groups: 
[Team Project]\Build Administrators

I have looked at the oi and all I can see around the time of the issue are activities reporting a 200 response.

I am looking at the api and the database to see what I can do but not sure where to start. I thought I might be able to see something about security but it is asking for a guid that I am not sure how to get hold of.

Looking at the database I thought there might be a security table, but not sure where to start.

I'm going to keep looking at what to do, so I am going to keep this updated

update 2019-03-27

We have a support call open with Microsoft, I still have issues managing the teams, but I have been able to update the team via the Apis, I even found a useful little CLI tool to help with the tasks I needed to do.


回答1:


Got the answer and the fix worked.

After a lot of back and forth, sending files and running some tfssecurity queries, they were able to determine the problem.

What I had done was add the domain User AD containing our project collection admin account in as a project reader, as the security on tfs works on a least level principle it was then applying a deny permision on my Project collection admin account, by simply removing the AD group from the reader level, which I was able to do, the ablity to manage the securities came back.

I havent been able to find the specific group that I belonged to that then set the deny, but there is no denying that removing the AD group from the reader level fixed the issue.




回答2:


In my case, I was trying to add someone to a group that I was in - which I don't need since I'm a Project Administrator. Once I took myself out of the group, I was able to add others again.



来源:https://stackoverflow.com/questions/54814466/cannot-manage-security-in-tfs-2018-on-a-team-project-with-project-collection-adm

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!