Use /a+ to add an access control entry.
Required Permissions
To use the /a+ command, you must be a member of the Team Foundation Administrators security group. For more information, see Team Foundation Server Permissions.
Even if you are logged on with administrative credentials, you must open an elevated Command Prompt to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt, click Start, right-click Command Prompt, and click Run as Administrator. For more information, see the Microsoft Web site.
TFSSecurity /a+ objectID actionID identity (ALLOW | DENY) /server:servername
Argument
Description
objectID
URI of the access control object.
actionID
Name of the permission that access is granted or denied for. For a list of valid IDs, see Team Foundation Server Permissions and Team Foundation Server Default Groups, Permissions, and Roles.
identity
Specifies the identity of the user or the group. For more information on the identity specifiers, see TFSSecurity Identity and Output Specifiers.
ALLOW
The group or user is granted access to the operation specified by the actionID.
DENY
The group or user is denied access to the operation specified by the actionID.
/server:servername
Required. Specifies the name of the application tier server.
Run this command on the local application tier computer.
Access control entries are security mechanisms that determine which operations a user, group, service, or computer is authorized to perform on a computer or server.