As mentioned previously, Team Foundation Server manages most of its own security groups. (The exceptions being security for Windows SharePoint Services and SQL Server Reporting Services.) And just as with Team Build in the previous chapter, you have the option of managing security from the user interface or by using the command-line tools.
Managing groups can be broken down into three different tasks: creating new TFS groups, adding users to the new groups, and associating security permissions with the new groups. In this section, you learn how to accomplish all three of these tasks using both Team Explorer and the command-line tools. You also learn about setting security permissions for Version Control and Work Item Tracking Area level permissions.
The ability to add new groups and set security permissions from the command line allows you to create administrative scripts to help you quickly and easily manage security on your Team Foundation Server. You can also make use of customized process templates to set up the groups and permissions on your team project at the time it is created. This allows you to create multiple projects with the same permissions in a very efficient manner.
As mentioned earlier in this chapter, there are two levels of groups: global and project. You use nearly identical steps in creating a new group for either.
To create a new global group, open Team Explorer ...