After creating your team project you need to set up the roles and users for your team members. There are three main places that you need to do this: The Visual Studio project, the project portal, and the report site.
The easiest way to manage your TFS security is to create AD groups and populate them with the appropriate users.
If you choose to use AD groups to manage your group memberships, you will end up with four types of groups: AD (Windows) groups, Team Project Groups, Team Foundation Server Groups, and SharePoint Groups.
The default Team Foundation Server installation contains the following groups:
<ServerName>\Team Foundation Administrators - admin users
<ServerName>\Service Accounts - member of Team Foundation Adminstrators
<ServerName>\Team Foundation Valid Users - all users and groups that have been setup anywhere within TFS. Not modifiable.
A Team Foundation Server Group can contain AD Groups as users, as well as other Team Foundation Server Groups. Team Project Groups are automatically added to the [SERVER]\Team Foundation Valid Users Group upon creation.
A Team Project Group can contain both AD Groups and Team Foundation Server Groups as users, as well as other Team Project Groups.
When you created your Team Project, the following Team Project groups were created:
[<ProjectName>]\Build Services
[<ProjectName>]\Contributors
[<ProjectName>]\Project Administrators
[<ProjectName>]\Readers
(These groups were automatically added to the [SERVER]\Team Foundation Valid Users group.)
To add a new Team Project Group, go toTeam | Team Project Settings | Group Memerbership and click "New" and add your new group. It will now appear in the group list as [<ProjectName>]\<GroupName>.
To add users to a Team Project Group, go to Team | Team Project Settings | Group Memerbership, highlight the group you want to work with and "Properties". Select the type of group you want to add: Team Foundation Server Group, or Windows User of Group, and click the "Add" button and add your user or group.
Once you have your Team Project Groups set up, you need to set up your project portal security. Open your project portal by clicking on (Team | Show Project Portal). On the home page for you project, click on the "Site Actions" button in the top right corner and select "Site Settings". Select People and groups" from the "Users and Permissions" column.
From the "New" menu, select "New Group". Specify the Group name, permission level, and any of the other options, then click "Create". This will bring you to the home page of your new group.
Add the members of your group. Here you may add individual users or an AD group as a user to your Project group. Click the "New" menu and select "Add Users". Here you can add users to a SharePoint group that you have already set up (in the above step) or assign permissions explicitly to this user. To add an AD group as a user to your project, type the AD name or browse you directory service by clicking the little book that appears under the Users/Groups field. After you have entered a valid name, Click OK.
The final groups to set up are the Report Site Groups. Open your project's Report Site (Team | Show Report Site). Open the Site's Home page by clicking the "Home" link at the top of the page. Click the "Properties" tab, then "New Role Assignment".
To add a new role: Click the "New Role" Button, enter your role name and select the tasks for that role.
To add users or groups to an existing role: in the "Group or user name" field type the AD group or user preceded by a slash (\). Select at least one role and click "OK".
To fine-tune the rights of your Groups and Users, Go to: Team | Team Project Settings | Security. Here you can select a Team Group and grant or deny permissions. Here is where you may also change the default permissions of the default Team Project Groups.
Now, any member of the team can connect to the project through their Team Foundation Server connection in Visual Studio.