Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Permission Command

Modifies the user access control list (ACL) and displays authorization settings for an item under version control.

Required Permissions

To use the permission command, you must have the Manipulate security settings permission set to Allow for the folders being modified, be a member of the Team Foundation Administrators security group, or be a system administrator on the local computer (Windows Administrator security group). For more information, see Team Foundation Server Permissions.

tf permission [/allow:(* |perm1[,perm2,...]] 
[/deny:(* |perm1[,perm2,...])] [/remove:(* |perm1[,perm2,...])] 
[/inherit:yes|no] [/user:username1[,username2,...]] 
[/group:groupname1[,groupname2,...]] [/collection:TeamProjectCollectionUrl] 
[/recursive] itemspec [/global][/login:username,[password]]

Argument

Description

perm

Name of a permission or role to modify. For more information about the permission names, see Team Foundation Server Permissions.

Username

Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.

Groupname

The user-provided value for the /group option.

TeamProjectCollectionUrl

The URL of the team project collection that contains the item for which you want to modify permissions (for example, http://myserver:8080/tfs/DefaultCollection).

Itemspec

Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Command-Line Syntax (Version Control).

NoteNote
You can specify more than one Itemspec argument.

Username

Provides a value to the /login option. You can specify a username value as either DOMAIN\UserName or UserName.

Option

Description

/allow

Specifies a list of Team Foundation version control permissions to add to the allow ACL.

/deny

Specifies a list of denied Team Foundation version control access permissions to add to the user access control list.

/remove

Specifies a list of Team Foundation version control permissions to remove from both the allow and the deny ACLs.

/inherit

If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.

/user

Specifies the name of a user to modify permissions for.

/group

Name of the group for which to modify permissions.

/collection

Specifies the team project collection.

/recursive

Applies the specified command to all items in the directory and any subdirectories.

/recursive option works only when viewing the permissions for items in a source tree. It does not work when setting permissions, for example with /allow, /deny and /remove options.

/global

Used to view or assign any Team Foundation server permission.

To assign permissions, use the /allow, /deny, or /remove options.

The argument itmespec is not required. If it is listed, it is ignored.

When used to view the Team Foundation server permissions, the five permissions listed are as follows:

  • tf: AdminShelvesets

  • tf: AdminWorkspaces

  • tf: CreateWorkspace

  • tf: AdminConfiguration

  • tf: AdminConnections

For more information about permissions, see Team Foundation Server Permissions.

/login

Specifies the user name and password to authenticate the user with Visual Studio Team Foundation Server.

You can use the permission command (or alternatively its shortcut, perm) to manage authorization settings for Team Foundation version control server objects. However, this command does not let you manage authentication settings such as creating or modifying Team Foundation security groups.

For more information about how to find the tf command-line utility, see Tf Command-Line Utility Commands.

The following example displays the Team Foundation access control lists (ACLs) for 314.cs.

c:\projects>tf permission 314.cs

The following example displays the ACL information that relates to the group "developers" for the collection that is located at http://myserver:8080/tfs/DefaultCollection/.

c:\projects>tf permission /group:[teamproject]\developers /collection: http://myserver:8080/tfs/DefaultCollection/

The following example enables members of the "leads" group to change their local copies of all items in the $/baseobjects Team Foundation version control server folder.

c:\projects>tf permission /allow:PendChange /group:[teamproject]\leads $/baseobjects

The following example removes all permission-related settings from the $/baseobjects folder for members of the "developers" group.

c:\projects>tf permission /remove:* /group:developers $/baseobjects

The following example enables the group "testers" to change their local copies of all items in $/testproject.

c:\projects>tf permission /allow:PendChange /group:testers$/testproject

The following example enables user somealias to make pending changes to his local copy of $/testtproject/314.cs in his workspace.

c:\projects>tf permission /allow:PendChange /user:somealias $/testproject/314.cs.

The following example denies user somealias the ability to make pending changes to his local copy of $/testproject/1256.cs.

c:\projects>tf permission /deny:PendChange /user:somealias $/testproject/1256.cs
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.