Managing Users and Groups
Team Foundation security is based on users and groups. You can manage users and groups to implement a security model for your organization. This security model enables users to access the data they require without losing any functionality while protecting confidential information.
For each role in your business, you must determine what group membership is required in order for those users to accomplish their tasks. Team Foundation Server, Windows SharePoint Services, and SQL Server Reporting Services all maintain their own information about groups, users, and permissions. You must carefully plan how you want to manage users and permissions. This planning applies not only across individual Team Foundation Server projects, but also across Team Foundation Server itself, Windows SharePoint Services, SQL Server Reporting Services, and the Windows operating system.
When you create a project in Team Foundation Server, each project has three default groups to which you can assign users and groups of users: Project Administrators, Contributors, and Readers. In addition, the Team Foundation Administrators group appears as a group in every project. You can either choose to add users and groups to these default groups, or you can create your own custom groups and assign those groups the permissions appropriate to the business role each group represents.