Mike writes:<\/p>\n
\n“We need to configure the server to grant all users the ability to create a Team Project and manage the users of that specific project. However, a user must not be allowed to delete\/modify\/access a project which he or she does not belong to. Also, since users will belong to the Sharepoint administration group and SQL Server content management groups, I am hoping these can also be configured in such a way as to deny access accordingly. If anyone knows the ideal permissions configuration for this scenario, please let me know as soon as possible.”<\/p>\n<\/blockquote>\n
Hello Mike,<\/p>\n
Team Foundation Server Groups, Permissions, and Roles are not small subjects for discussion.
<\/p>\nAuthorization for user actions, such as workspace administration and project creation, are determined by permissions. When you create a new project in Team Foundation Server, new project-level groups are created for that project, by default, and are assigned permissions to access resources appropriate to that group. Obviouly I cannot give you the end-all-be-all best practice for your needs. The article “Team Foundation Server Default Groups, Permissions, and Roles<\/a>” discusses Team Foundation security is based upon users and groups and how you can manage users and groups to implement a security model for your organization that enables users to access the data and functionality that they require while protecting confidential information. The article “Team Foundation Server Permissions<\/a>” discusses the types of permissions and their accepted settings.<\/p>\n
Good luck Mike, and thanks for the request.<\/p>\n
-Lisa<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Mike writes: “We need to configure the server to grant all users the ability to create a Team Project and manage the users of that specific project. However, a user must not be allowed to delete\/modify\/access a project which he or she does not belong to. Also, since users will belong to the Sharepoint administration […]<\/p>\n","protected":false},"author":125,"featured_media":45953,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"acf":[],"blog_post_summary":"
Mike writes: “We need to configure the server to grant all users the ability to create a Team Project and manage the users of that specific project. However, a user must not be allowed to delete\/modify\/access a project which he or she does not belong to. Also, since users will belong to the Sharepoint administration […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/7893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/125"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=7893"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/7893\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/45953"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=7893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=7893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=7893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}