Changing Groups and Permissions with TFSSecurity
You can use the TFSSecurity command-line utility to create, modify, and delete groups and users in Visual Studio Team Foundation Server, in addition to modifying permissions for groups and users. For information about how to perform these tasks in the user interface, see Configuring Users, Groups, and Permissions.
By default, you can find this utility in Drive:\Program Files\Microsoft Team Foundation Server 2010\Tools on the application-tier server or servers for Team Foundation.
 Note |
|---|
Even if you are logged on with administrative credentials, you must open an elevated Command Prompt to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt, click Start, right-click Command Prompt, and click Run as Administrator. For more information, see this page on the Microsoft Web site: User Account Control. |
You can use the options in the following table for all commands in this utility.
Option | Description |
|---|---|
/? | Displays the command syntax and options for TFSSecurity. |
Displays identity information without any membership information.
/im identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with direct membership information.
/imx identity (/collection:CollectionURI | /server:ServerURI)
Displays identity information with expanded membership information.
/g [scope] (/collection:CollectionURI | /server:ServerURI)
Lists the groups within a project scope. The project scope is a project uniform resource identifier (URI). If the scope is omitted, the groups displayed are those that belong to the scope specified by /collection or /server, depending on which was used.
/gcg groupName [groupDescription] (/collection:CollectionURI | /server:ServerURI)
Creates a collection-level or instance-level group.
/gc scope groupName [groupDescription] /collection:CollectionURI
Creates a project-level group within a project scope. The project scope is a project uniform resource identifier (URI).
/gun groupidentity groupname (/collection:CollectionURI | /server:ServerURI)
Renames a collection-level or instance-level group.
/gud groupidentity groupdescription (/collection:CollectionURI | /server:ServerURI)
Changes the description for a collection-level or instance-level group.
/gd groupIdentity (/collection:CollectionURI | /server:ServerURI)
Deletes a group from the collection-level or instance-level.
/g+ groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Adds a user or a group to an existing group.
/g- groupIdentity memberIdentity (/collection:CollectionURI | /server:ServerURI)
Removes a user or group from an existing group.
/m groupIdentity [memberIdentity] (/collection:CollectionURI | /server:ServerURI)
Checks explicit and implicit group membership information for a specified group or user.
/a [namespace] (/collection:CollectionURI | /server:ServerURI)
Displays information about what options are valid for the command at the collection-level or the instance-level, as determined by the /collection or /server parameter. If namespace is not specified, lists the available namespaces at the specified level. If a namespace is specified, lists the available actions for that namespace at the specified level.
/a+ namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Adds permissions for a user or group to a instance-level, collection-level, or project-level group.
/a- namespace token action identity (ALLOW | DENY) (/collection:CollectionURI | /server:ServerURI)
Removes permissions for a user or group from a instance-level, collection-level, or project-level group.
/acl namespace token (/collection:CollectionURI | /server:ServerURI)
Displays the access control list for a particular object.
- 5/30/2011
- Rasmus Sigsgaard
- 5/30/2011
- Rasmus Sigsgaard
