locked
TFS 2010 - Setting up team queries security programmatically RRS feed

  • Question

  • Does anybody here knows how to programmatically add or remove Team Queries security in VSTF 2010? I’ve been looking on MSDN and I couldn’t find anything. Anyway, a little code snippet, or a link would help

    Monday, November 1, 2010 11:24 PM

Answers

All replies

  • Hi,

    Thanks for your post.

    For your issue, as far as I know to add or remove team queries security programmatically is very complex. One method I can think out is to call the TFSSecurity.exe in your program. To call TFSSecurity.exe in your program, your code should be similar to the followings.

     var process = new System.Diagnostics.ProcessStartInfo
        {
          FileName = @"c:\\tfssecurity.exe",
          Arguments = "/a+ Namespace Token Action Identity (ALLOW | DENY) [/collection:CollectionURL] [/server:ServerURL]"
        };
        var start = System.Diagnostics.Process.Start(process);
        start.WaitForExit();
    
    

    Note: The variable FileName should point to the path of the TFSSecurity.exe. The TFSSecurity.exe can be found in [Program Files]\Microsoft Team Foundation Server 2010\Tools

    The variable Arguments is the parameter you send to the TFSSecurity.exe.

    For more information about the TFSSecurity.exe, please see the following article.

    http://msdn.microsoft.com/en-us/library/ms252504.aspx

    Hopeful it helps you, let me know if you have any further concerns.

    Thanks,

    Vicky Song


    Please remember to mark the replies as answers if they help and unmark them if they provide no help

    Tuesday, November 2, 2010 7:47 AM
    Moderator
  • Hi Vicky,

    Thank you for replying. Do you know if there is a more elegant solution to this problem? I was looking for something like:

    IGroupSecurityService groupSecurity = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
    ICommonStructureService css = (ICommonStructureService)tfs.GetService(typeof(ICommonStructureService));
    IAuthorizationService auth = (IAuthorizationService)tfs.GetService(typeof(IAuthorizationService));
    AccessControlEntry[] aces = auth.ReadAccessControlList("$PROJECT:" + project.Uri);

    Which can help you to get\set project level permissions.
    -Speedbits
    Tuesday, November 2, 2010 2:39 PM
  • Hello Speedbits,

    I am sorry I can’t find any simpler solution for your issue. And based on my understanding, to call the TFSSecurity.exe tool in your code may be a little simpler than coding. If you want to set or remove team queries permissions programmatically, you may spend a lot of time on it.

    Thanks,

    Vicky Song

    Wednesday, November 3, 2010 9:35 AM
    Moderator
  • Hey Vicky,

    Lets say that I use your method. What would be the token action identity to set or remove team query permissions? I tried looking into http://msdn.microsoft.com/en-us/library/ms252587(v=VS.100).aspx and I could not find the tokens for Team Query Permissions.

     

    Everybody else,

    Do you know how to set\remove team query permissions programmatically? I know that it can be done, in an elegant way, for all the other security areas.

    -Speedbits

    Thursday, November 4, 2010 12:23 AM
  • Hello Speedbits,

    The detailed information about how to specify the values of the parameters in the /a+ command line is described in another thread you started.

    http://social.msdn.microsoft.com/Forums/en-US/tfsadmin/thread/f55d218f-03be-4825-ae1b-3988152a805d

    I hope this helps you solve your problem. Please let me know if you have any further concerns.

    Thanks,

    Vicky Song


    Please remember to mark the replies as answers if they help and unmark them if they provide no help

    Friday, November 5, 2010 7:49 AM
    Moderator
  • Hi Vicky,

     

    Thanks for all your help and please do not make this as answered because I'm still waiting for somebody to answer my original question:

     

    QUESTION: Do you know how to set\remove team query permissions programmatically? I know that it can be done, in an elegant way, for all the other security areas.

    -Speedbits

    Tuesday, November 9, 2010 6:06 AM
  • Hello Speedbits,

    Thanks for your feedback.

    Just as you said, to maintain team query permissions programmatically is not impossible instead it is very complex. I have reported it to my mentor and if the sample idea passed, he will work on it. Once he offers us the sample code, I will inform you immediatly.

    Ok, I will unmark my replies.

    Have a nice day.

    Vicky Song

    Tuesday, November 9, 2010 6:15 AM
    Moderator
  • That's great! Thx for your help!
    Tuesday, November 9, 2010 6:20 AM
  • Hi~~

    I have not try to this. But there's some way to set with programmatically like below.

    but it maybe so hard to fully implement.

    Check QueryHierarchy & AccessControlList with MSDN.

    http://msdn.microsoft.com/en-us/library/microsoft.teamfoundation.framework.client.accesscontrollist_methods.aspx

     

    workitemStore.Projects["AnyTest"].QueryHierarchy["My Bug"].AccessControlList.SetPermissions(null, 0, 0, false);

    Wednesday, November 17, 2010 6:10 AM
  • I would also strongly suggest that this question has not been resolved. In Speedbits post he mentioned a snippet of code taken from the Tfs2008 API:

    IGroupSecurityService groupSecurity = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
    ICommonStructureService css = (ICommonStructureService)tfs.GetService(typeof(ICommonStructureService));
    IAuthorizationService auth = (IAuthorizationService)tfs.GetService(typeof(IAuthorizationService));
    AccessControlEntry[] aces = auth.ReadAccessControlList("$PROJECT:" + project.Uri);

    Unfortunately, it seems that this functionality has been removed from th TFS 2010 API, and there seems to be no replacement way of doing this programmatically. We have a number of customisations which we made to our TFS 2008 implementation which now are broken in TFS 2010. Is there any prospect of this being resolved in future?

    Thursday, February 16, 2012 12:13 PM
  • this is not the answer and it makes me said that nobody can specify how to specify an objectID for builds using IAuthorizationService.ReadAccessControlList(objectID);

    For instance, we get ACLs for the project level by using IAuthorizationService.ReadAccessControlList("$Project:" + project.Uri);  So what does it take to query ACLs for builds and all build definitions??

    Wednesday, June 19, 2013 2:18 PM
  •  Once he offers us the sample code, I will inform you immediatly.

    do we have anything yet?
    • Edited by jaredtait Wednesday, June 19, 2013 2:20 PM entering response
    Wednesday, June 19, 2013 2:19 PM