Tuesday, April 10, 2012 3:48 AM
I start the TFS 2.1 Admin Tool (installed on our TFS 2010 Server)
Next, connect to the DefaultCollection on our TFS 2010 Server.
Next, select an existing TFS Project
Next, connect to the project.
Next, select "Add Users" and add a Domain Group
Next, assign only the SharePoint Contributor role and Reporting Services Browser role. Leave TFS unselected. (For our business analysts).
Next, press OK and the new group shows up in the main TFS Admin display.
Next, select Commit Changes
The newly added group totally disappears from the main TFS Admin display but the History tab showed it "Passed" all the assignments. I can even find the group in the associated SharePoint site! But it is missing from the TFS 2.1 Admin.
Finally, I noticed if I assign the same group all 3 roles (TFS, SharePoint, Reporting Services) then the group remains displayed in TFS Admin.
Can someone please explain what I am doing wrong or how to properly use the TFS Admin tool?
***Update. I created a group and assigned it all 3 roles. It showed up in the TFS Admin. Then I went directly to TFS and deleted all TFS roles the group was a member of. I refreshed the TFS Admin tool and the group disappeared. Then I manually added the group back to TFS, refreshed TFS Admin, and the group re-appeared on the TFS Admin main page. So..... it appears that the TFS Admin tool needs an assignment to be made in all three roles. But we don't want to do that. Our business analysts don't need access to TFS -- only to SharePoint and Reporting services. It looks like we need to visit every SharePoint site and add the Analysts group and these groups won't show up under the TFS Admin tool.
Wednesday, April 11, 2012 6:44 AMModerator
Thanks for your post.
I reproduced this scenario using my TFS Admin Tools 2.1, the result same with your description, you’re not doing wrong, I think that’s by designed in TFS Admin Tools 2.1.
For this issue, I suggest you create new Discussion in the TFS Admin Tools CodePlex site: http://tfsadmin.codeplex.com/discussions for the better response.
John Qiao [MSFT]
MSDN Community Support | Feedback to us
Wednesday, June 13, 2012 1:52 PM
Bad tool when you can set roles but they are not displayed. Easy to open a security vulnerability when you think someone doesn't have roles but they do.
Very dangerous bug.