Modifies the user access control list (ACL) and displays authorization settings for an item under version control.
To use the permission command, you must have the Manipulate security settings permission set to Allow for the folders being modified, be a member of the Team Foundation Administrators security group, or be a system administrator on the local computer (Windows Administrator security group). For more information, see Team Foundation Server Permissions.
tf permission [/allow:(* |perm1[,perm2,…]] [/deny:(* |perm1[,perm2,…])] [/remove:(* |perm1[,perm2,…])] [/inherit:yes|no] [/user:username1[,username2,…]] [/group:groupname1[,groupname2,…]] [/server:servername] [/recursive] itemspec [/global]
Name of a permission or role to modify. For more information about the permission names, see Team Foundation Server Permissions.
Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.
The user-provided value for the /group option.
The user-provided value for the /server option. Example: teamfoundation2.
Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Command-Line Syntax (Team System).
Specifies a list of Team Foundation version control permissions to add to the allow ACL.
Specifies a list of denied Team Foundation version control access permissions to add to the user access control list.
Specifies a list of Team Foundation version control permissions to remove from both the allow and the deny ACLs.
If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.
Specifies the name of a user to modify permissions for.
Name of the group for which to modify permissions.
Identifies the Team Foundation Server. This option is required if the command is invoked from a directory that is not mapped to a workspace.
Applies the specified command to all items in the directory and any subdirectories.
/recursive option works only when viewing the permissions for items in a source tree. It does not work when setting permissions, for example with /allow, /deny and /remove options.
Used to view or assign any Team Foundation server permission.
To assign permissions, use the /allow, /deny, or /remove options.
The argument itmespec is not required. If it is listed, it is ignored.
When used to view the Team Foundation server permissions, the five permissions listed are as follows:
For more information about permissions, see Team Foundation Server Permissions.
You can use the permission command (or alternatively its shortcut, perm) to specify which user or group of users can be granted permission.
You can use the permission command to manage authorization settings for Team Foundation version control server objects. However, this command does not let you manage authentication settings such as creating or modifying Team Foundation security groups.
For more information about how to find the tf command-line utility, see Tf Command-Line Utility Commands.
The following example displays the Team Foundation access control lists (ACLs) for 314.cs.
c:\projects>tf permission 314.cs
The following example displays the ACL information that relates to the group "developers" for the teamserver2 Team Foundation Server.
c:\projects>tf permission /group:[teamproject]\developers /server:teamserver2
The following example enables members of the "leads" group to change their local copies of all items in the $/baseobjects Team Foundation version control server folder.
c:\projects>tf permission /allow:PendChange /group:[teamproject]\leads $/baseobjects
The following example removes all permission-related settings from the $/baseobjects folder for members of the "developers" group.
c:\projects>tf permission /remove:* /group:developers $/baseobjects
The following example enables the group "testers" to change their local copies of all items in $/testproject.
c:\projects>tf permission /allow:PendChange /group:testers$/testproject
The following example enables user somealias to make pending changes to his local copy of $/testtproject/314.cs in his workspace.
c:\projects>tf permission /allow:PendChange /user:somealias $/testproject/314.cs.
The following example denies user somealias the ability to make pending changes to his local copy of $/testproject/1256.cs.
c:\projects>tf permission /deny:PendChange /user:somealias $/testproject/1256.cs