Configuring Users, Groups, and Permissions

Team Foundation security is based on users and groups. You can use the default groups in Visual Studio Team Foundation Server to manage users and groups as part of implementing a security model for your organization. Default groups exist at the server level, at the collection level, and at the project level. You can also create custom groups at any of these levels with specific permissions to better fit your security model. Using a group-based security model enables users to access the data that they require without requiring the granting of specific permissions to each user account. This strategy helps protect confidential information while reducing the administrative overhead of managing user access to the deployment.

For each role in your business, you must determine what group memberships users require to accomplish their tasks. Team Foundation Server, SharePoint Products, and SQL Server Reporting Services all maintain their own information about groups, users, and permissions. You must carefully plan how you want to manage users and permissions. This planning applies not only across individual projects in Team Foundation Server but also across Team Foundation Server itself, the Windows operating system, and if configured for your deployment, SharePoint Products and SQL Server Reporting Services. Within Team Foundation Server, you can allow or deny permissions at many levels, such as for work items, access to version control, access to a project or project collection, and access to Team Foundation Server itself.

In specific cases, you might want to add a user directly to a team project or team project collection, instead of adding the user to a group at the project level or collection level. In that case, you must grant permissions directly to the user account for that user.

Common Tasks



Add users or groups of users: You can quickly add users to team projects, team project collections, or Team Foundation Server itself by adding them to the appropriate default groups for their roles.

Add Users to Team Projects

Set Administrator Permissions for Team Project Collections

Set Administrator Permissions for Team Foundation Server

Change or modify default groups: You can change the membership of default groups. You can also modify the default permissions that are granted to some of these groups to better meet your security needs.

Default Groups

Modify Permissions for a Default Group

Team Foundation Server Permissions

Team Foundation Server Default Groups, Permissions, and Roles

Create custom groups: You can create groups for team projects, team project collections, and for Team Foundation Server with specific permissions to better meet the security requirements of your organization.

Create a Collection-Level Group

Create a Team Project Group

Server-Level Groups

Collection-Level Groups

Project-Level Groups

Add users directly to team projects or team project collections: You can add a user account directly to a project or collection instead of adding them to a group within that project or collection.

Add a User Directly to a Team Project or Team Project Collection

Managing Users in Team Foundation Server

Understand and manage permissions: You can review all individually configurable permissions within Team Foundation Server, learn what permissions are assigned by default, and view the permissions for specific groups or users.

Team Foundation Server Permissions

Team Foundation Server Default Groups, Permissions, and Roles

View Permissions

Change Permissions for a Group or User

Understand and manage dependencies in related components: If you have configured your deployment of Team Foundation Server with reporting or with a SharePoint Web application, you might need to add users and groups to SQL Server Reporting Services and SharePoint Products.

Interactions Between SharePoint Products and Team Foundation Server

Roles in SharePoint Products

Understanding SQL Server and SQL Server Reporting Services

SQL Server Reporting Services Roles

Understand service accounts and groups: In addition to managing permissions for your users, you must also manage the permissions that are required by the service accounts upon which Team Foundation Server depends.

Service Accounts and Dependencies in Team Foundation Server

Change the Service Account or Password for Team Foundation Server

Change the Service Account or Password for SQL Server Reporting Services

Administering Team Foundation Server