Permission Command

  • Article

Modifies the user access control list (ACL) and displays authorization settings for an item under source control.

tf permission [/allow:(* |perm1[,perm2,…]] 
[/deny:(* |perm1[,perm2,…])] [/remove:(* |perm1[,perm2,…])] 
[/inherit:yes|no] [/user:username1[,username2,…]] 
[/group:groupname1[,groupname2,…]] [/server:servername] 
[/recursive] itemspec [/global]

Parameters

Argument Description

perm

Name of a permission or role to modify.

Username

Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.

Groupname

The user-provided value for the /group option.

Servername

The user-provided value for the /server option. Example: teamfoundation2.

Itemspec

Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Command-Line Syntax.
Option Description

/allow

Specifies a list of Team Foundation source control permissions to add to the allow ACL.

/deny

Specifies a list of denied Team Foundation source control access permissions to add to the user access control list.

/remove

Specifies a list of Team Foundation source control permissions to remove from both the allow and the deny ACLs.

/inherit

If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.

/user

Specifies the name of a user to modify permissions for.

/group

Name of the group for which to modify permissions.

/server

Identifies the Team Foundation Server. This option is required if the command is invoked from a directory that is not mapped to a workspace.

/recursive

Applies the specified command to all items in the directory and any subdirectories.

/recursive option works only while viewing the permissions for items in a source tree. It does not work while setting permissions, for example with /allow, /deny and /remove options.

/global

Used to view or assign any Team Foundation server permission.

To assign permissions, use the /allow, /deny, or /remove options.

The argument itmespec is not required. If it is listed, it is ignored.

When used to view the Team Foundation server permissions, the five permissions listed are:

  • tf: AdminShelvesets

  • tf: AdminWorkspaces

  • tf: CreateWorkspace

  • tf: AdminConfiguration

  • tf: AdminConnections

For more information about permissions, see Team Foundation Server Permissions.

Remarks

You can use the permission command to specify which user or group of users can be granted permission listed in Auditing and User Permissions.

You can use the permission command to manage authorization settings for Team Foundation source control server objects. However, this command does not let you manage authentication settings such as creating or modifying Team Foundation security groups. For more information, see Source Control Security Rights and Permissions.

Examples

The following example displays the Team Foundation access control lists (ACLs) for 314.cs.

c:\projects>tf permission 314.cs

The following example displays the ACL information relating to the group "developers" for the teamserver2 Team Foundation Server.

c:\projects>tf permission /group:developers /server:teamserver2

The following example enables members of the "leads" group to change their local copies of all items in the $/baseobjects Team Foundation source control server folder.

c:\projects>tf permission /allow:PendChanges /group:leads $/baseobjects

The following example removes all permission-related settings from the $/baseobjects folder for members of the "developers" group.

c:\projects>tf permission /remove:* /group:developers $/baseobjects

The following example enables the group "cia" to change their local copies of all items in $/secretproject.

c:\projects>tf permission /allow:PendChanges /group:CIA$/secretproject

The following example enables user jamesb to make pending changes to his local copy of $/secretproject/314.cs in his workspace.

c:\projects>tf permission /allow:PendChanges /user:jamesb $/secretproject/314.cs.

The following example denies user jamesb the ability to make pending changes to his local copy of $/secretproject/1256.cs.

c:\projects>tf permission /deny:PendChanges /user:jamesb $/secretproject/1256.cs

Security

To use the permission command, you must have the Manipulate security settings permission set to Allow for the folders being modified, be a member of the Team Foundation Administrators security group, or be a system administrator on the local computer (Windows Administrator security group). For more information, see Team Foundation Server Permissions.

See Also

Tasks

Walkthrough: Working with Team Foundation Source Control from Command Line

Reference

Command-Line Syntax

Concepts

Source Control Security Rights and Permissions

Other Resources

Tf Command-Line Utility Commands