TFSSecurity Command-Line Utility Commands
Use TFSSecurity to create, modify, and delete Team Foundation Server groups and users as well as permissions for users and groups.
The TFSSecurity command-line utility is located in <drive>:\Program Files\Microsoft Visual Studio 2005 Team Foundation Server\Tools on the Team Foundation Server application tier.
The following options are supported for all the TFSSecurity commands.
| option | Description |
|---|---|
| /? | Displays the command syntax and options for TFSSecurity. |
In This Section
List of commands with short description (from TFSSecurity /?)
/i identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information without any membership information.
/im identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with direct membership information.
/imx identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with expanded membership information.
/g [scope] (/collection:CollectionURI | /server:ServerURI)
Lists the groups within a project scope. The project scope is a project uniform resource identifier (URI). If the scope is omitted, the groups displayed are those that belong to the scope specified by /collection or /server, depending on which was used.
/gcg groupName [groupDescription] (/collection:CollectionURI | /server:ServerURI)
Creates a collection-level or instance-level group.
/gc scope groupName [groupDescription] /collection:CollectionURI
Creates a project-level group within a project scope. The project scope is a project uniform resource identifier (URI).
/gun groupidentity groupname (/collection:CollectionURI | /server:ServerURI)
Renames a collection-level or instance-level group.
/gud groupidentity groupdescription (/collection:CollectionURI | /server:ServerURI)
Changes the description for a collection-level or instance-level group.
/gd groupIdentity (/collection:CollectionURI | /server:ServerURI)
Deletes a group from the collection-level or instance-level.
/g+ groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Adds a user or a group to an existing group.
/g- groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Removes a user or group from an existing group.
/m groupIdentity [memberIdentity] (/collection:CollectionURI | /server:ServerURI)
Checks explicit and implicit group membership information for a specified group or user.
/a [namespace] (/collection:CollectionURI | /server:ServerURI)
Displays information about what options are valid for the command at the collection-level or the instance-level, as determined by the /collection or /server parameter. If namespace is not specified, lists the available namespaces at the specified level. If a namespace is specified, lists the available actions for that namespace at the specified level.
/a+ namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Adds permissions for a user or group to a instance-level, collection-level, or project-level group.
/a- namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Removes permissions for a user or group from a instance-level, collection-level, or project-level group.
/acl namespace token (/collection:CollectionURI | /server:ServerURI)
Displays the access control list for a particular object. Displays identity information without any membership information.
Displays identity information without any membership information.
/im identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with direct membership information.
/imx identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with expanded membership information.
/g [scope] (/collection:CollectionURI | /server:ServerURI)
Lists the groups within a project scope. The project scope is a project uniform resource identifier (URI). If the scope is omitted, the groups displayed are those that belong to the scope specified by /collection or /server, depending on which was used.
/gcg groupName [groupDescription] (/collection:CollectionURI | /server:ServerURI)
Creates a collection-level or instance-level group.
/gc scope groupName [groupDescription] /collection:CollectionURI
Creates a project-level group within a project scope. The project scope is a project uniform resource identifier (URI).
/gun groupidentity groupname (/collection:CollectionURI | /server:ServerURI)
Renames a collection-level or instance-level group.
/gud groupidentity groupdescription (/collection:CollectionURI | /server:ServerURI)
Changes the description for a collection-level or instance-level group.
/gd groupIdentity (/collection:CollectionURI | /server:ServerURI)
Deletes a group from the collection-level or instance-level.
/g+ groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Adds a user or a group to an existing group.
/g- groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Removes a user or group from an existing group.
/m groupIdentity [memberIdentity] (/collection:CollectionURI | /server:ServerURI)
Checks explicit and implicit group membership information for a specified group or user.
/a [namespace] (/collection:CollectionURI | /server:ServerURI)
Displays information about what options are valid for the command at the collection-level or the instance-level, as determined by the /collection or /server parameter. If namespace is not specified, lists the available namespaces at the specified level. If a namespace is specified, lists the available actions for that namespace at the specified level.
/a+ namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Adds permissions for a user or group to a instance-level, collection-level, or project-level group.
/a- namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Removes permissions for a user or group from a instance-level, collection-level, or project-level group.
/acl namespace token (/collection:CollectionURI | /server:ServerURI)
Displays the access control list for a particular object. Displays identity information without any membership information.
- 5/30/2011
- Rasmus Sigsgaard
