none
How to deny acces for some projects in TFS2012

    Question

  • Hello!
    I'm trying to deny access to project1 for some people and groups, but it doesn't work.. 
    I found this information http://msdn.microsoft.com/ru-ru/library/hh561425.aspx#RestrictAccess
    I've try some variants:

    1. Create group  TFS (not in project1), add people in that group,  View project-level information permission  Deny for that  group, add this group in project1's team.
    2. Create group TFS in project1, add people in that group, View project-level information permission  Deny for that  group.

    But if i log in with account of this people, i have access to project1...

    Maybe I'm doing something wrong?
    Could you help me and describe steps in detail?

    Thank you.

    Wednesday, January 16, 2013 9:23 AM

Answers

  • Hi!

    I found the problem..

     I've tested access when there was full access(login to tfs by user that has all rights). Then I denyed access and logined by the same user, so i had url  in main page to project1.

    But if I deny access and  user login first time to tfs (webaccess) after  that, he doesn't see the url...

    It's not good, that he can to write address of project1 in browser and see the project, but it looks like he has't access...

    My steps to deny access (users from first project don't have to see second project and vice versa):

    1. create groups TFS (in collection) for project1, project2

    2. create group TFS (in project1) and deny access to this group

    3. add group for Project2 in collection to Group from step2.

    Than I login with user from group for project2 and try to see the project1.

    And I can't :)

    But if I write in addressbar in browser correct url to Project1, I can see this project and work in it...

    Monday, January 21, 2013 6:40 PM

All replies

  • Hi,

    Can you check if these people are amongst the Team Members of "project1"? You should be able to see them either on the homepage of the project (https://yourtfsname.visualstudio.com/DefaultCollection/project1) or when you click the link "Manage all members...". If you want to deny access, they should not be part of the Team Members.

    Team Members Link

    Kind regards,

    Fokko


    ALM/TFS Consultant, Software Developer C#.NET, SQL Server specialist at Delta-N BV (http://www.delta-n.nl)

    Wednesday, January 16, 2013 2:19 PM
  • I don't use tfs in clouds, but I checked that they are not members of  project1.

    Friday, January 18, 2013 8:04 AM
  • Hi odanara,

    Thank you for your post.

    Please use TFSSecurity /imx to display group information of the specified group you add. The information can help us know what member it contains, and what group it contained to.

    If anything is unclear, please free feel to let me know.

    Regards,


    Lily Wu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Friday, January 18, 2013 9:12 AM
    Moderator
  • Hi odanara,

    How about the issue now?

    If anything is unclear, please free feel to let me know. And, I suggest you mark useful post as answer, it will be very beneficial for other community members having the similar questions.

    Regards,


    Lily Wu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, January 21, 2013 1:13 AM
    Moderator
  • Hi!

    I found the problem..

     I've tested access when there was full access(login to tfs by user that has all rights). Then I denyed access and logined by the same user, so i had url  in main page to project1.

    But if I deny access and  user login first time to tfs (webaccess) after  that, he doesn't see the url...

    It's not good, that he can to write address of project1 in browser and see the project, but it looks like he has't access...

    My steps to deny access (users from first project don't have to see second project and vice versa):

    1. create groups TFS (in collection) for project1, project2

    2. create group TFS (in project1) and deny access to this group

    3. add group for Project2 in collection to Group from step2.

    Than I login with user from group for project2 and try to see the project1.

    And I can't :)

    But if I write in addressbar in browser correct url to Project1, I can see this project and work in it...

    Monday, January 21, 2013 6:40 PM
  • Hi odanara.

    Thank you for sharing your solution & experience here. I plan to mark your post as answer. It will be very beneficial for other community members having the similar questions.

    If anything is unclear, please free feel to let me know.

    Regards,


    Lily Wu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, January 22, 2013 5:47 AM
    Moderator