4.1. Team Foundation Server Security Model Overview
Team Foundation Server uses the concept of permissions to allow certain people to do certain things, while restricting others from doing the same thing. For example, to create a new workspace, your user account, or a group that contains your user account, must have the Create a workspace permission. Team Foundation Server has permissions for most things, from being able to access a project, to being able to start a build. This enables you to fine-tune user's access to team projects and to Team Foundation Server. There are two explicit settings for each permission in Team Foundation Server: Allow and Deny. The Allow setting enables a particular permission. Unless permission is set to Allow, the user or group cannot use that particular permission.
The Deny setting disables a particular permission. The Deny setting always overrides the Allow setting. For example, if you are a member of two different groups, and one group has Allow set for a particular permission, and the other group has Deny set for the same permission, you will not be able to use that permission. Even though one of the groups you are a member of has that permission allowed, because of your membership in the other group, you are blocked.
By default, most permissions are set to neither Allow or Deny. Basically, they are left unset, which is technically a setting of its own. If permission is not explicitly set to Allow or Deny, then by default, the user is denied ...
Get Professional Team Foundation Server now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.