Export (0) Print
Expand All

TFSSecurity Identity and Output Specifiers

The input and output for the TFSSecurity command-line utility follows a standard format. The valid identity and output specifiers are described in the following tables.

Identity Specifiers

An identity can be referenced by one of the following notations.

Identity specifier Description Example

sid: sid.

References the identity with the specified SID.

sid:S-1-5-21-2127521184-1604012920-1887927527-588340

n:[domain\]name

References the identity with the specified name. For Windows, name is the logon name. If domain is omitted and global catalog (GC) is available, the lookup operation will be performed by GC. If domain is omitted and GC is not available, the default domain context is used. For application groups, name is the group display name and domain is the containing project's URI or GUID. If domain is omitted the global scope is assumed.

To reference the identity of the user "John Peoples" in the domain "Datum1" at the fictitious company "A. Datum Corporation:"

n:DATUM1\jpeoples

If there is only one domain, or you are logged into the Datum1 domain, the following would work as well:

n:jpeoples

To reference application groups:

n:"Full-time Employees"

n:00a10d23-7d45-4439-981b-d3b3e0b0b1ee\Vendors

n:dn

References the identity with the specified distinguished name. The distinguished name can be prefixed by LDAP://.

dn:CN=John Peoples,CN=Users,DC=Datum1,DC=com

dn:LDAP://CN=Developers,OU=Groups,DC=Datum1,DC=com

dm:[scope]

References the administrative application group for the scope. The optional parameter scope is a project URI or GUID. If scope is omitted, the global scope is assumed, but the colon is still required.

dm:Team Foundation Administrators

srv:

References the service application group.

 NA

string

References an unqualified string. If string starts with S-1-, it is identified as a SID. If string starts with CN= or LDAP:// it is identified as a distinguished name. Otherwise, string is identified as a name.

"Team testers"

Type Markers

Identity Type Markers

The following identity type markers are used in output messages.

Identity type marker Description

U

Windows user.

G

Windows group.

A

Team Foundation Server application group.

a [ A ]

Administrative application group.

s [ A ]

Service application group.

X

Invalid identity.

?

Unknown identity.

Access Control Entry Markers

The following access control entry markers are used in output messages.

Access control entry marker Description

+

ALLOW access control entry.

-

DENY access control entry.

* [ ]

Inherited access control entry.

See Also

Community Additions

ADD
Show:
© 2014 Microsoft