I suggest you ...

create a central place to manage rights for TFS, Sharepoint and Reporting Services

Currently, I can only manage TFS rights from Visual Studio/Team Explorer. It would be very nice to have a central place, to not only manage TFS rights, but Sharepoint and Reporting Services as well.

783 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Visual Studio ALM TeamVisual Studio ALM Team shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    13 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • chaschas commented  ·   ·  Flag as inappropriate

        Note you don't want to do this:
        For others reading this that aren't aware, you can do this now with the Team Foundation Server Administration Tool (http://tfsadmin.codeplex.com/). However, I'd like to see an integrated solution as well.
        The tool is buggy and has bad security problems. Plus it's never updated or fixed when bugs arise.

      • Sarah AdlerSarah Adler commented  ·   ·  Flag as inappropriate

        TFS security is overly complex and most of our team projects / team project collections don't have SharePoint and Reporting setup correctly because getting users rights in 3/4 places is too hard to do for our IT group. We already use AD groups for managing security but TFS security is just too hard for our overworked IT admins. Please make this better so we have more teams having reporting dashboards, charts, and documents.

      • ToineToine commented  ·   ·  Flag as inappropriate

        Yes please. Shouldn't be that hard. Like SSRS for SharePoint, let SharePoint handle the Reporting for TFS..
        I don't agree with Neno for just using AD, because then you would have to create multiple groups in AD for every project (ProjectX_readers, ProjectX_writers, ProjectX_admins, etc.) and still have to assign those groups to every component (TFS, SP, SSRS)
        So then I would not only have hundreds of TFS groups, but also hundreds of AD groups..
        Would be nice if you could skip the TFS groups, and just use AD groups. But (like with SharePoint) this isn't the road Microsoft is traveling I'm afraid. (how I long for NDS)

      • Paul HesterPaul Hester commented  ·   ·  Flag as inappropriate

        Would be great if Office 365 (SharePoint Online, Lync Online, etc) and TFSPreview whould integrate and share users, and both provide for administration those users. If this is already there, would someone please enlighten me. Maybe I'm missing something.

      • clivelyclively commented  ·   ·  Flag as inappropriate

        I agree. Given the distributed nature of developers and the fact that they may NOT be regular domain users I'd suggest divorcing the user requirements from windows completely.

        All of this should be managed through a web interface.

        As it stands now, I can give remote access to my respositories, but I have yet to figure out how exactly they get access to the Reports and Document libraries. PITA.

      • LexLex commented  ·   ·  Flag as inappropriate

        This is really important. 2010 went some way towards this but with the push to Windows Server Core being the preferred server environment this really is the only way forward. Also this support should make Fully Qualified Domain Name installs more of a first class citizen especially as TFS/SharePoint/Reporting Services need to be be exposed publically. Currently it's possible but a very painful & brittle experience.

      • Visual Studio ALM TeamVisual Studio ALM Team commented  ·   ·  Flag as inappropriate

        We do want to do something here as this is a very common customer request. Until then, Neno is correct that the best practice we recommend is to create some groups in AD that can be granted permissions in TFS, Sharepoint, and SQL Reporting Services.

      • NenoNeno commented  ·   ·  Flag as inappropriate

        That place exists already, it’s called Active Directory.
        So all you need is once set up groups and reference them in all three security subsystems (TFS, SQL Server Reporting Services, SharePoint) and you’re done.
        You have to do this once per team project (however a team project should be large container and new team projects should be created sparingly)

      • BryanBryan commented  ·   ·  Flag as inappropriate

        I would add that this should be a web based interface and ideally be pluggable in some way to allow for other Project permission areas to be added - for example adding an extension so that it could manage drop location permissions etc...

      Feedback and Knowledge Base