Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Recently one of the customer wanted to know whether he can programmatically manage RM-related permissions. The msdn documentation for this is not yet finished, so Rohit Batra from the team put together a list of steps on how it can achieved and they are as follows.
- Step to add a new group at the collection level.
TFSSecurity.exe /gcg mygroupName /collection:https://<Server>/tfs/<MyCollectionName>
- View the list of all available RM security bits.
TFSSecurity.exe /a ReleaseManagement /collection:https://<Server>/tfs/<MyCollectionName>
- Grant ViewReleases permission to the above created group on a particular RD.
TFSSecurity.exe /a+ ReleaseManagement <ProjectId>/<ReleaseDefinitionId> ViewReleases n:[<MyCollectionName>]\mygroupName ALLOW /collection:https://<Server>/tfs/<MyCollectionName>
- Grant EditReleaseEnvironment permission to the above created group on a particular environment.
TFSSecurity.exe /a+ ReleaseManagement <ProjectId>/<ReleaseDefinitionId>/Environment/<EnvironmentId> EditReleaseEnvironment n:[<MyCollectionName>]\mygroupName ALLOW /collection:https://<Server>/tfs/<MyCollectionName>
Note :- To use the /a+ command, you must have the View collection-level information or the View instance-level information permission set to Allow, depending on whether you are using the /collection or /server parameter, respectively. If you are changing permissions for a team project, you must also have the Edit project-level information permission for the team project set to Allow.
You can read about TFS Security here
Enjoy !!