TFS 2010 - Setting up team queries security programmatically

Question

Does anybody here knows how to programmatically add or remove Team Queries security in VSTF 2010? I’ve been looking on MSDN and I couldn’t find anything. Anyway, a little code snippet, or a link would help

Answer 1

Hi,

Thanks for your post.

For your issue, as far as I know to add or remove team queries security programmatically is very complex. One method I can think out is to call the TFSSecurity.exe in your program. To call TFSSecurity.exe in your program, your code should be similar to the followings.

 var process = new System.Diagnostics.ProcessStartInfo
    {
      FileName = @"c:\\tfssecurity.exe",
      Arguments = "/a+ Namespace Token Action Identity (ALLOW | DENY) [/collection:CollectionURL] [/server:ServerURL]"
    };
    var start = System.Diagnostics.Process.Start(process);
    start.WaitForExit();

Note: The variable FileName should point to the path of the TFSSecurity.exe. The TFSSecurity.exe can be found in [Program Files]\Microsoft Team Foundation Server 2010\Tools

The variable Arguments is the parameter you send to the TFSSecurity.exe.

For more information about the TFSSecurity.exe, please see the following article.

http://msdn.microsoft.com/en-us/library/ms252504.aspx

Hopeful it helps you, let me know if you have any further concerns.

Thanks,

Vicky Song

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help

Answer 2

Hi Vicky,

Thank you for replying. Do you know if there is a more elegant solution to this problem? I was looking for something like:

IGroupSecurityService groupSecurity = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
ICommonStructureService css = (ICommonStructureService)tfs.GetService(typeof(ICommonStructureService));
IAuthorizationService auth = (IAuthorizationService)tfs.GetService(typeof(IAuthorizationService));
AccessControlEntry[] aces = auth.ReadAccessControlList("$PROJECT:" + project.Uri);

Which can help you to get\set project level permissions.
-Speedbits

Answer 3

Hello Speedbits,

I am sorry I can’t find any simpler solution for your issue. And based on my understanding, to call the TFSSecurity.exe tool in your code may be a little simpler than coding. If you want to set or remove team queries permissions programmatically, you may spend a lot of time on it.

Thanks,

Vicky Song

Answer 4

Hey Vicky,

Lets say that I use your method. What would be the token action identity to set or remove team query permissions? I tried looking into http://msdn.microsoft.com/en-us/library/ms252587(v=VS.100).aspx and I could not find the tokens for Team Query Permissions.

 

Everybody else,

Do you know how to set\remove team query permissions programmatically? I know that it can be done, in an elegant way, for all the other security areas.

-Speedbits

Answer 5

Hello Speedbits,

The detailed information about how to specify the values of the parameters in the /a+ command line is described in another thread you started.

http://social.msdn.microsoft.com/Forums/en-US/tfsadmin/thread/f55d218f-03be-4825-ae1b-3988152a805d

I hope this helps you solve your problem. Please let me know if you have any further concerns.

Thanks,

Vicky Song

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help

Answer 6

Hi Vicky,

 

Thanks for all your help and please do not make this as answered because I'm still waiting for somebody to answer my original question:

 

QUESTION: Do you know how to set\remove team query permissions programmatically? I know that it can be done, in an elegant way, for all the other security areas.

-Speedbits

Answer 7

Hello Speedbits,

Thanks for your feedback.

Just as you said, to maintain team query permissions programmatically is not impossible instead it is very complex. I have reported it to my mentor and if the sample idea passed, he will work on it. Once he offers us the sample code, I will inform you immediatly.

Ok, I will unmark my replies.

Have a nice day.

Vicky Song

Answer 8

That's great! Thx for your help!

Answer 9

Hi~~

I have not try to this. But there's some way to set with programmatically like below.

but it maybe so hard to fully implement.

Check QueryHierarchy & AccessControlList with MSDN.

http://msdn.microsoft.com/en-us/library/microsoft.teamfoundation.framework.client.accesscontrollist_methods.aspx

 

workitemStore.Projects["AnyTest"].QueryHierarchy["My Bug"].AccessControlList.SetPermissions(null, 0, 0, false);

Answer 10

I would also strongly suggest that this question has not been resolved. In Speedbits post he mentioned a snippet of code taken from the Tfs2008 API:

IGroupSecurityService groupSecurity = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
ICommonStructureService css = (ICommonStructureService)tfs.GetService(typeof(ICommonStructureService));
IAuthorizationService auth = (IAuthorizationService)tfs.GetService(typeof(IAuthorizationService));
AccessControlEntry[] aces = auth.ReadAccessControlList("$PROJECT:" + project.Uri);

Unfortunately, it seems that this functionality has been removed from th TFS 2010 API, and there seems to be no replacement way of doing this programmatically. We have a number of customisations which we made to our TFS 2008 implementation which now are broken in TFS 2010. Is there any prospect of this being resolved in future?