<< I won another stupid prize! | Home | Greater Charleston .NET User Group November Meeting (GC.NUG) >>

Security Permissions in Visual Studio Team Foundation Server - Why Microsoft?

Had a small issue at the shop today with permissions in TFS – one of the things I still occasionally get spun up about is the different ways it handles security between TFS itself, the SharePoint portal and Reporting Services, I mean why can’t it all go based on Active Directory if it’s deployed in a domain environment or Local Groups if deployed in a Workgroup environment? Or am I just being picky?

 

I know I’ve heard before that when Microsoft was rolling this out there was sufficient enough feedback from the community that they didn’t want TFS “tied” to AD. Do people really have that much of a problem with AD??? I happen to like AD myself so maybe I’m biased. For those who *don’t* like AD…what don’t you like about it? And do you really like having three separate security realms to manage permissions in for something like TFS?

 

One thing nice that has come out of this was the recommendation to use the TFS Admin tool which at least puts a GUI wrapper around all three pieces of TFS security…and while it was a little buggy at first, it seems with version 1.1 they’ve gotten things smoothed out.

 

So tell me Microsoft or anyone who knows….why *did* you decide against tying TFS security to AD?

 

OK now that I got that out…I *did* end up solving my dilemma with TFS permissions thanks to the TFS Admin tool. Whew!

Print | posted on Wednesday, November 01, 2006 6:35 PM

Comments on this post

# VSTS Links - 11/03/2006

Requesting Gravatar...
Rob Caron on New Team Foundation Server Administrator's Guide.

Clark Sell on TFS Event Filtering....
Left by Team System News on Nov 03, 2006 8:19 AM

# re: Security Permissions in Visual Studio Team Foundation Server - Why Microsoft?

Requesting Gravatar...
Hi Lou,

Our shop has AD for exchange etc. but the devs' workstations are in workgroup mode for historical reasons outside our control. The security configuration during the beta period made it impossible for us to subscribe to events. So, I suppose the answer to your questions is: when you're Microsoft yous have to support all the edge cases.

Cheers,

++Alan
Left by Alan Stevens on Nov 03, 2006 9:19 AM

# re: Security Permissions in Visual Studio Team Foundation Server - Why Microsoft?

Requesting Gravatar...
Also Lou, TFS support AD without a problem, just create AD groups and assign to the various subssytem like WSS and RS if you'd like. Security in V1 is one of my pet peeves, I think it should have been better integrated. Anyhow, Alan's comment is bang on, historically a lot of Dev shops get their development done of edge environments (hey VSS used file share remember) and that scenario is important and should be supported.
Left by ET on Nov 03, 2006 9:59 AM

# re: Security Permissions in Visual Studio Team Foundation Server - Why Microsoft?

Requesting Gravatar...
Thanks TSN, Alan and ET for your responses...I think in the end if I can convince the powers that be to use AD groups things might be more manageable. Like I mentioned before...at least the TFS Admin tool lets me manage all three settings at once which is better than going individually to each system :)

And now that I've vented I feel better too!
Left by Lou on Nov 03, 2006 8:58 PM

Your comment:

 (will show your gravatar)
 
Please add 2 and 4 and type the answer here: