Visual Studio Team System : Team System Security
For a detailed poster on this subject, please see
http://www.drp.co.za/Media/Posters/PostersPDF/tabid/62/Default.aspx
(0202 Microsoft Team System Security Mapping Poster)
Managing Team Foundation Server Security Through Windows Groups
A concern a lot of us have with Team System security is that it is spread across three layers : SQL Reporting Services, Windows Sharepoint services and Team Foundation Server. General practice indicates that you should create three separate lists of Users/Roles to manage access to Team System - a tedious process.
You can simplify your administration by rather creating a single list of users and groups in Windows. The Windows groups can then be added as members of SQL RS, WSS and TFS roles.
The table below indicates the mappings you can generate between Team System roles, and Windows Groups, at the Server and Project levels :
SERVER SECURITY
Windows Security Group | Team Foundation Server Security Group | Windows SharePoint Services Role | SQL Reporting Services Role |
Builtin\Administrators | [Server]\Team Foundation Administrators | Administrator (top-level site) | Content Manager (system-level role) |
TEAM PROJECT SECURITY
Windows Security Group | Team Foundation Server Security Group | Windows SharePoint Services Role | SQL Reporting Services Role |
MyTeamProjectAdmins | [MyTeamProject]\Administrators | Content Managers | Administrator |
MyTeamProjectContributors | [MyTeamProject]\Contributors | Publishers | Contributors |
MyTeamProjectReaders | [MyTeamProject]\Readers | Readers | Readers |
As you can see, we can create three generic roles across WSS, SQL RS and TFS. These are :
As you can see, we can create three generic roles across WSS, SQL RS and TFS. These are :
Administrator,
Contributor and
Reader.
These are represented in Windows groups, and operate at the Server and Team Project scopes.
Using this method, you can manage a single list of users, using Windows security. You need never add users to TFS, SQL RS and WSS - just map the groups to TFS, SQL RS and WSS roles once, during Team System Setup, and later for each individual Team Project, as it is created.