create a central place to manage rights for TFS, Sharepoint and Reporting Services
Currently, I can only manage TFS rights from Visual Studio/Team Explorer. It would be very nice to have a central place, to not only manage TFS rights, but Sharepoint and Reporting Services as well.
Thanks for all the feedback. We know this is a pain point for customers, and we are looking at ways to improve the management.
Sarah Adler commented
TFS security is overly complex and most of our team projects / team project collections don't have SharePoint and Reporting setup correctly because getting users rights in 3/4 places is too hard to do for our IT group. We already use AD groups for managing security but TFS security is just too hard for our overworked IT admins. Please make this better so we have more teams having reporting dashboards, charts, and documents.
Yes please. Shouldn't be that hard. Like SSRS for SharePoint, let SharePoint handle the Reporting for TFS..
I don't agree with Neno for just using AD, because then you would have to create multiple groups in AD for every project (ProjectX_readers, ProjectX_writers, ProjectX_admins, etc.) and still have to assign those groups to every component (TFS, SP, SSRS)
So then I would not only have hundreds of TFS groups, but also hundreds of AD groups..
Would be nice if you could skip the TFS groups, and just use AD groups. But (like with SharePoint) this isn't the road Microsoft is traveling I'm afraid. (how I long for NDS)
David Olson commented
I'm with Paul, integrating SharePoint, TFS Online, etc. would be ideal.
Completely agree on the importance of the request!
Paul Hester commented
Would be great if Office 365 (SharePoint Online, Lync Online, etc) and TFSPreview whould integrate and share users, and both provide for administration those users. If this is already there, would someone please enlighten me. Maybe I'm missing something.
I agree. Given the distributed nature of developers and the fact that they may NOT be regular domain users I'd suggest divorcing the user requirements from windows completely.
All of this should be managed through a web interface.
As it stands now, I can give remote access to my respositories, but I have yet to figure out how exactly they get access to the Reports and Document libraries. PITA.
This is really important. 2010 went some way towards this but with the push to Windows Server Core being the preferred server environment this really is the only way forward. Also this support should make Fully Qualified Domain Name installs more of a first class citizen especially as TFS/SharePoint/Reporting Services need to be be exposed publically. Currently it's possible but a very painful & brittle experience.
Visual Studio ALM Team commented
We do want to do something here as this is a very common customer request. Until then, Neno is correct that the best practice we recommend is to create some groups in AD that can be granted permissions in TFS, Sharepoint, and SQL Reporting Services.
Don't forget Lab Mgmt rights!!!
That place exists already, it’s called Active Directory.
So all you need is once set up groups and reference them in all three security subsystems (TFS, SQL Server Reporting Services, SharePoint) and you’re done.
You have to do this once per team project (however a team project should be large container and new team projects should be created sparingly)
Jeff Bramwell commented
For others reading this that aren't aware, you can do this now with the Team Foundation Server Administration Tool (http://tfsadmin.codeplex.com/). However, I'd like to see an integrated solution as well.
I would add that this should be a web based interface and ideally be pluggable in some way to allow for other Project permission areas to be added - for example adding an extension so that it could manage drop location permissions etc...