I recently finished my Team Foundation build and am quite pleased with it. With Team Foundation Server being new to me, I ran into a few issues with permissions.
The Team Foundation server I built will be managing my team’s code as well as two other teams once everyone has moved over.
That being said, I need to give out permissions for the managers of each group so they can create team projects for their teams.
Permissions for this are somewhat complicated in that they have to be given in *for the user(s) to be able to create Team Projects and all of the other services associated with one.
We’ll start off with the TFS permissions.
By default, the service account has permissions to perform these actions so you should be logged in as that account.
Head to your Team Explorer in Visual Studio and connect to your Team Foundation Server. Right-click your server name, go to Team Foundation Server Settings, and select Group Membership. From within here you should see a group titled Team Foundation Administrators. Double-click this group and add your user/group to it and you’re done with the TFS part.
'NOTE '''To keep the Administrators group from becoming cluttered with usernames and group names, I created a TFS group for Administrators ( for instance) and simply added that group to Team Foundation Administrators.
Next up we’ll tackle SQL Reporting Services permissions.
For this one you want to go to your SQL Reporting Services page (mine was http://servername/Reports ).
Once there, click the Properties tab. Click New Role Assignment on the page that loads. From here, enter the active directory username or group name you want to have permissions to create team projects in TFS and assign them * the Content Manager role. Once you’re done, click OK and you’re done with the permissions for SQL Reporting Services.
Finally, Windows SharePoint Services permissions.
Head to your central administration site (Start -> Administrative Tools -> SharePoint 3.0 Central Administration). Once there, click the Operations tab at the top left. On that page, select Update farm administrators’s group (it’s under the Security Configuration group). From here, click New to add a new user (the button also has a drop down function so if you get that, click Add User). On the AddUser: Central Administration page, type in the username or groupname and add them to the Farm Administrators [Full Control] group.
There you have it. You should now be good to add as many Team Projects as you desire.
I would recommend that the majority of this be done through active directory groups. It makes usermanagement much easier. If someone quits or it let go, all you have to do is remove their account from the group in active directory and it takes care of everything in Sharepoint, TFS, and SQL Reporting services instead of having to manually go in and remove the person from every location.
On a side note, I’m going to get some lunch…