Managing Permissions

When you add a user or group to Visual Studio Team System Team Foundation Server, that user or group is not automatically added to two components on which Team Foundation Server depends: Windows SharePoint Services and SQL Server Reporting Services. You must add users and groups to those programs and grant the appropriate permissions before permissions for those users or groups will function correctly across all Team Foundation Server operations.

Because of this complexity, it is difficult to manage individual users and their associated permissions in deployments of Team Foundation Server. It is much simpler to use Active Directory to organize users into role-based groups and then add each group to Team Foundation Server, Windows SharePoint Services, and Reporting Services with the appropriate permissions. In this way, you are managing only a few groups across these three programs, instead of many individual users. You can add users to Active Directory groups as needed without having to change that group membership or permissions within those three programs.

As an administrator, you control what users are allowed to do by specifying group membership and permissions. To simplify this task, Team Foundation provides default groups and permissions settings. You can also customize these default settings or create your own. The topics in this section provide you with the details about permissions.

In This Section

• Team Foundation Server Permissions
  Describes the various permissions that you can set for users and groups in Team Foundation Server.

• Team Foundation Server Default Groups, Permissions, and Roles
  Describes the groups and permissions that are created by default when you install Team Foundation Server or create a team project.

• How to: Set Team Foundation Server Administrator Permissions
  Describes the permissions that a Team Foundation Server administrator needs and how to set them for Team Foundation Server, Windows SharePoint Services, and Reporting Services.

• How to: Set Team Foundation Server Project Lead Permissions
  Describes the permissions that a Team Foundation Server project lead needs and how to set them for Team Foundation Server, Windows SharePoint Services, and Reporting Services.

• How to: Set Team Foundation Server Contributor Permissions
  Describes the permissions that a Team Foundation Server project contributor needs and how to set them for Team Foundation Server, Windows SharePoint Services, and Reporting Services.

• How to: Set Team Foundation Server Reader Permissions
  Describes the permissions that a Team Foundation Server project reader needs and how to set them for Team Foundation Server, Windows SharePoint Services, and Reporting Services.

• How to: Grant Access to the Databases of the Data Warehouse for Team System
  Describes how to grant users the permissions that they need to create reports.

• How to: View Permissions
  Describes the procedures for viewing the permissions for users and groups at a server or project level.

Related Sections

Managing Users and Groups

Team Foundation Server Security for Users and Groups

Managing Team Foundation Server Services and Service Accounts

How to: Control Access to Team Foundation Version Control

See Also

Concepts

Team Foundation Server Security Concepts

Team Foundation Server Security Architecture

Other Resources

Securing Team Foundation Server