How to: Set Team Foundation Server Administrator Permissions

  • Article

Before users can act in different Team Foundation roles, you must grant each user the appropriate permissions for Visual Studio Team System Team Foundation Server, SQL Server Reporting Services, and SharePoint Products and Technologies. This topic describes what permissions a Team Foundation Server administrator needs and how you can set those permissions appropriately.

Administrators maintain at least one server that is running Team Foundation Server, and they administer permissions and security for other roles. Members of the Team Foundation Administrators group have the highest set of permissions of any Team Foundation Server users. For most organizations using Team Foundation Server, this same individual is responsible for creating projects, managing projects, and customizing processes. A Team Foundation Server administrator must be a member of the following groups:

  • Team Foundation Administrators

  • The appropriate groups in SharePoint Central Administration

    These groups vary based on your version of SharePoint Products and Technologies.

  • SQL Server Reporting Services Content Manager

  • SQL Server Reporting Services System Administrator

Note

Even after you configure permissions for your users in Team Foundation Server, Reporting Services, and SharePoint Products and Technologies, they might not be able to view team project portals or reports correctly until they add the sites to their Trusted Sites in Internet Explorer. For more information, see the Microsoft Web site.

Required Permissions

To perform these procedures, you must belong to the following groups:

  • Team Foundation Administrators group or have the Edit Server-Level Information permission set to Allow

  • Administrators group on the application-tier server or the SharePoint Administration group

  • Reporting Services System Administrators group

For more information about permissions, see Team Foundation Server Permissions.

In addition to these permissions, you might need to address the following requirements on a computer that is running Windows Server 2008 or Windows Vista:

  • To follow a command-line procedure, you might need to open an elevated Command Prompt by clicking Start, right-clicking Command Prompt, and clicking Run as Administrator.

  • To follow a procedure that requires Internet Explorer, you might need to start it as an administrator by clicking Start, clicking All Programs, right-clicking Internet Explorer, and then clicking Run as administrator.

  • To edit web.config files, you might need to start the text editor as an administrator by clicking Start, clicking All Programs, right-clicking the editor, and then clicking Run as administrator.

  • To access Report Manager, reports, or Web sites for SQL Server Reporting Services, you might need to add these sites to the list of trusted sites in Internet Explorer or start Internet Explorer as an administrator.

For more information, see the Microsoft Web site.

To add a user to the Team Foundation Administrators security group

  1. In Visual Studio, open Team Explorer, and connect to the server that is running Team Foundation Server and for which you are setting permissions. For more information, see How to: Connect to Team Foundation Server.

  2. Right-click the server, point to Team Foundation Server Settings, and then click Group Membership.

  3. Select Server\Team Foundation Administrators, and then click Properties.

  4. In Add member, select Windows User or Group, and then click Add.

  5. Add the Windows logon name for the person to whom you want to grant permissions, and then click OK twice.

To add a user or group to the Farm Administrators group and the Site Collection Administrators group and to grant the user Full Control for the default Web site in Windows SharePoint Services 3.0

  1. On the application-tier server, open a Command Prompt and change directories to the Tools directory for Team Foundation.

    By default, this directory is %ProgramFiles%\Microsoft Visual Studio 2008 Team Foundation Server\Tools.

  2. At the command prompt, type the following command to view the configuration information for Team Foundation Server:

    TfsAdminUtil ConfigureConnections view

  3. Copy or write down the value for SharepointUri.

  4. On the server that is running Windows SharePoint Services 3.0, click Start, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.

  5. In Central Administration, click Operations.

  6. Under Security Configuration, click Update Farm Administrators Group.

  7. In People and Groups: Farm Administrators, click New.

  8. In Add Users, type the account name for the user or group to whom you want to grant farm administrator permissions. In Give Permission, make sure that the Farm Administrators check box is selected, and then click OK.

  9. In Internet Explorer, paste or type the value of SharepointUri.

    The team site opens.

  10. Click Site Actions, and then click Site Settings.

  11. In Users and Permissions, click Site collection administrators.

  12. Type the account name for the user or group to whom you want to grant administrator permissions for the site collection, and then click OK.

  13. Return to the Site Settings page, and click Advanced permissions.

  14. In Permissions: Team Site, click New, and then click Add Users.

  15. In Add Users, type the account name for the user or group to whom you want to grant Full Control permissions.

  16. In Give Permission, click Give users permission directly, make sure that the Full Control check box is selected, and then click OK.

    Note

    You might need to restart SharePoint Products and Technologies or Internet Information Services (IIS) before these changes will take effect.

To designate a group as the SharePoint Administration group in Windows SharePoint Services 2.0

  1. On the server that is running Windows SharePoint Services 2.0, click Start, point to Administrative Tools, and then click SharePoint Central Administration.

  2. In Central Administration, click Set SharePoint Administration Group.

  3. In Set SharePoint Administration Group, type the group account name and the domain, if appropriate.

    Note

    You can only designate one domain group or user to the SharePoint Administration group. You cannot add a local group. However, members of the local Administrators group on the Team Foundation application-tier server can also perform administration tasks for SharePoint Products and Technologies.

  4. Click OK.

To add a member to the Reporting Services Content Manager and System Administrator roles

  1. Start Internet Explorer.

    Note

    Even if you are logged on with administrative credentials, you must start Internet Explorer as an administrator to perform this function on a computer that is running Windows Server 2008 or Windows Vista. To start Internet Explorer as an administrator, click Start, click All Programs, right-click Internet Explorer, and then click Run as administrator. For more information, see the Microsoft Web site.

  2. Type the following in the Address bar, where ReportingServices is the name of the server that hosts Reporting Services: http:// ReportingServices**/Reports/Pages/Folder.aspx**

    You can find the name of the report server by opening Team Explorer, expanding the Reports node, and viewing the properties of a report.

    Important noteImportant Note:

    If you are using a named instance, you must include its name in the path to the reports. You use the following syntax, where ReportingServices is the name of the server that hosts Reporting Services, and InstanceName is the name of the SQL Server instance: http://ReportingServices/Reports_InstanceName/Pages/Folder.aspx

  3. Click the Properties tab, and then click New Role Assignment.

  4. In Group or User Name, type the account name of the user or group whom you want to make a member of the Content Manager role.

  5. In Role, click Content Manager, and then click OK.

  6. Click Site Settings, and then click Configure site wide security.

  7. Click New Role Assignment.

  8. In Group or User Name, add the Windows logon name for the person whom you want to make a member of the System Administrator role.

  9. In Role, click System Administrator, and then click OK.

See Also

Tasks

How to: Set Team Foundation Server Project Lead Permissions

How to: Set Team Foundation Server Contributor Permissions

How to: Set Team Foundation Server Reader Permissions

Concepts

Team Foundation Server Permissions

Team Foundation Server Default Groups, Permissions, and Roles

Other Resources

Managing Users and Groups

Securing Team Foundation Server