How to create a read-only user in TFS source control

本文介绍如何为客户提供仅具有读取权限的TFS账户,并解决因内置TFS用户组权限设置不当导致的安全问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

In a project we need to give a client an account to audit the source code. Taking into security concerns, this account should only have read-only permission on this specific project. I learned something in doing this.

Steps:
1. Create an AD group for this kind of users
2. Create a AD user for the client and assign this user under the group created in step 1
3. In the TFS project, assign that AD group as a member of the Readers group of  this project – (In Team Explore – right click on the project ->Team Project Settings->Group Membership)

Then that's all? In my case, no! When I tested to login with that AD user and opened TFS - I could see all the TFS projects!

After some investigation, I found

1. In our TFS the built-in server-level TFS user group Team Foundation Valid Users has *full* permissions which was different from the default settings

2. Some description for this TFS user group:

SERVER/Team Foundation Valid Users   Members of this group have access to Team Foundation Server. This group automatically contains all users and groups that have been added anywhere within Team Foundation Server. You cannot modify the membership of this group through the user interface. http://blogs.msdn.com/vstsue/articles/502046.aspx

Some must have played on our TFS and give the wrong permissions to the Team Foundation Valid Users group. After restored it as default, the problem solved.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值