locked
Security permissions and inheritance RRS feed

  • Question

  • The way security permissions work now it seems very easy to accidentally remove permissions for yourself.

     

    Here are several of the issues:

    1. Even project and TFS admins can remove or deny permissions for themselves in the IDE that prevents objects from even being visible

    2. If you unchceck inheritance it doesn't copy the permissions it blanks them all out, so if you click ok it then removes them likely removing your access permissions, even for project admins or server admins.

    3. No way for project admin to get access to the object once #2 was accidentally done from the IDE.

    4. There was no warning about removing permissions for yourself like NT security would typically give you.

     

    These really need to be corrected in the next release.

     

    Thanks

    Friday, June 22, 2007 4:43 PM

Answers

  • Hello WXS123:

     

         Thank you for your feedback for these issues.


            Improving the quality of the products and services is a never-ending process for Microsoft. Thanks again for choosing us.

     

     

          You can also post the suggestions to our Connect feedback portal.

          Our developer will evaluate them seriously and take them into consideration when designing future release of the product.

     

          http://connect.microsoft.com/VisualStudio/

     

         Good luck.

    Wednesday, June 27, 2007 2:35 AM
  • I think the solution here is to prompt you to copy the existing permissions (like NTFS does).  I'll make sure we have a suggestion filed.
    Wednesday, June 27, 2007 2:40 AM
    Moderator
  • Regarding issue #3, a user who is a Machine Administrator of the Application Tier can still see items they don't have permission to in Source Control Explorer and then reset the permission on those items.

     

    Hope this helps-

     

    Cheers,

    Adam

    Wednesday, June 27, 2007 3:36 PM

All replies

  • Hello WXS123:

     

         Thank you for your feedback for these issues.


            Improving the quality of the products and services is a never-ending process for Microsoft. Thanks again for choosing us.

     

     

          You can also post the suggestions to our Connect feedback portal.

          Our developer will evaluate them seriously and take them into consideration when designing future release of the product.

     

          http://connect.microsoft.com/VisualStudio/

     

         Good luck.

    Wednesday, June 27, 2007 2:35 AM
  • I think the solution here is to prompt you to copy the existing permissions (like NTFS does).  I'll make sure we have a suggestion filed.
    Wednesday, June 27, 2007 2:40 AM
    Moderator
  • Regarding issue #3, a user who is a Machine Administrator of the Application Tier can still see items they don't have permission to in Source Control Explorer and then reset the permission on those items.

     

    Hope this helps-

     

    Cheers,

    Adam

    Wednesday, June 27, 2007 3:36 PM
  •  Richard Berg MSFT wrote:
    I think the solution here is to prompt you to copy the existing permissions (like NTFS does).  I'll make sure we have a suggestion filed.

     

    Thanks!

    Monday, July 2, 2007 6:49 PM
  •  Adam Singer - MSFT wrote:

    Regarding issue #3, a user who is a Machine Administrator of the Application Tier can still see items they don't have permission to in Source Control Explorer and then reset the permission on those items.

     

    Hope this helps-

     

    Cheers,

    Adam

     

    Yes but this was a pain, TFS admnistration was designed to be heirarchical so most project admins do not have admin rights on the box, so they had to locate an operations person to give them access to the box to get in to modify it.

     

     

    Monday, July 2, 2007 6:50 PM
  •  Richard Berg MSFT wrote:
    I think the solution here is to prompt you to copy the existing permissions (like NTFS does).  I'll make sure we have a suggestion filed.

     

    Yes, but just to clarify - It's more than just prompt (Maybe) currently it leaves the groups there (it looks like it copied) but undoes all the permissions then you presume they were copied, and when you click ok they are removed.  So it really needs to actually copy the permissions after prompting so then the user can modify as they see fit..

    Tuesday, July 3, 2007 1:48 PM