Team Explorer client not respecting permissions granted via team project group created after team project created.
Thursday, August 02, 2012 8:34 PM
We use Team Foundation Server 2010 running on Windows Server 2008 R2 and Visual Studio Team Explorer 2010 from clients using Windows XP workstations.
We are also noticing a behavior with permissions that we don’t expect and can't explain.
In our environment, we have four collections where we are testing against collection TLP-DU. In that collection, a team project has been created called Internal_Websites using a template that contains the standard Readers, Contributors, Builders and Project Administrators group.
Next a new team project security group is created called BBTest in team project Internal_Websites. To that, we add a domain userid (us\brbennett), then we give that new team project group (BBTest) full rights to version control at the root of $\Internal_Websites. Lastly, we force an execution of the identiy synchronization job.
It should also be noted that userid us\brbennett does not have any other access other than having been added to this new team project group.
From a remote Windows XP computer, we use userid us\brbennett and use Team Explorer to connect to the Team Foundation Server instance. In the connection box, we see only collection TLP-DU but when we highlight that collection, it does not show any team projects under it. We expect that it would offer team project Internal_Websites since userid us\brbennett has full rights to version control.
If we remove the BBTest team project group and instead add userid us\brbennett to the Readers group for team project Internal_Websites, then when userid us\brbennett connects to the server, we correctly see that team project Internal_Websites has been offered to select.
Our assumption is that when the project was built with the standard Readers, Contributors, Builders and Project Administration that some other processing occurred that involved those team project groups but none of the documentation that we can find tells us that we are doing anything wrong. We also use Sidekick Permissions browser to confirm that userid us\brbennett has the correct permissions and they show as correct. Lastly, the command line tf.exe client from the same remote workstation DOES work correctly in that it can access team project Internal_Websites.
Is this a bug with Team Explorer?
Thursday, August 02, 2012 10:56 PMI have figured out what my problem is. The new team project group was not granted the appropriate project-level rights. Once I gave the group the 'View project-level information' permission (Allow), everything works correctly.
- Marked As Answer by BrianBennett Thursday, August 02, 2012 10:56 PM
Friday, August 03, 2012 1:34 AMModerator
Thanks for sharing the solution here!
Cathy Kong [MSFT]
MSDN Community Support | Feedback to us