Del via


Permission command (Team Foundation Version Control)

TFS 2017 | TFS 2015 | TFS 2013

Visual Studio 2019 | Visual Studio 2017 | Visual Studio 2015 | Visual Studio 2013

The permission command modifies the user access control list (ACL) and displays authorization settings for an item under version control.

Prerequisites

To use the permission command, you must have the Manipulate security settings permission set to Allow for the folders being modified, be a member of the Team Foundation Administrators security group, or be a system administrator on the local computer (Windows Administrator security group). For more information, see Default TFVC permissions.

Syntax

tf permission [/allow:(* |perm1[,perm2,...]] 
[/deny:(* |perm1[,perm2,...])] [/remove:(* |perm1[,perm2,...])] 
[/inherit:yes|no] [/user:username1[,username2,...]] 
[/group:groupname1[,groupname2,...]] [/collection:TeamProjectCollectionUrl] 
[/recursive] itemspec [/global][/login:username,[password]]

Parameters

Argument

Argument

Description

perm

Name of a permission or role to modify. For more information about the permission names, see Team Foundation Server Permissions.

Username

Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.

Groupname

The user-provided value for the /group option.

TeamProjectCollectionUrl

The URL of the project collection that contains the item for which you want to modify permissions (for example, http://myserver:8080/tfs/DefaultCollection).

Itemspec

Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Use Team Foundation version control commands.

Note

You can specify more than one Itemspec argument.

Username

Provides a value to the /login option. You can specify a username value as either DOMAIN<em>UserName or UserName.

Option

Option

Description

/allow

Specifies a list of Team Foundation version control permissions to add to the allow ACL.

/deny

Specifies a list of denied Team Foundation version control access permissions to add to the user access control list.

/remove

Specifies a list of Team Foundation version control permissions to remove from both the allow and the deny ACLs.

/inherit

If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.

/user

Specifies the name of a user to modify permissions for.

/group

Name of the group for which to modify permissions.

/collection

Specifies the project collection.

/recursive

Applies the specified command to all items in the directory and any subdirectories.

/recursive option works only when viewing the permissions for items in a source tree. It does not work when setting permissions, for example with /allow, /deny and /remove options.

/global

Used to view or assign a TFVC collection-level permission.

To assign permissions, use the /allow, /deny, or /remove options.

The argument itemspec is not required. If it is listed, it is ignored.

When used to view a TFVC collection-level, the five permissions listed are as follows:

  • tf: AdminShelvesets

  • tf: AdminWorkspaces

  • tf: CreateWorkspace

  • tf: AdminConfiguration

  • tf: AdminConnections

For more information about permissions, see Permissions and groups, Collection-level permissions.

/login

Specifies the user name and password to authenticate the user with Azure DevOps.

Remarks

You can use the permission command (or alternatively its shortcut, perm) to manage authorization settings for Team Foundation version control server objects. However, this command does not let you manage authentication settings such as creating or modifying Team Foundation security groups.

For more information on how to find the tf command-line utility, see Use Team Foundation version control commands.

Examples

The following example displays the Team Foundation access control lists (ACLs) for 314.cs.

c:\projects>tf permission 314.cs

The following example displays the ACL information that relates to the group "developers" for the collection that is located at http://myserver:8080/tfs/DefaultCollection/.

c:\projects>tf permission /group:[teamproject]\developers /collection: http://myserver:8080/tfs/DefaultCollection/

The following example enables members of the "leads" group to change their local copies of all items in the $/baseobjects Team Foundation version control server folder.

c:\projects>tf permission /allow:PendChange /group:[teamproject]\leads $/baseobjects

The following example removes all permission-related settings from the $/baseobjects folder for members of the "developers" group.

c:\projects>tf permission /remove:* /group:developers $/baseobjects

The following example enables the group "testers" to change their local copies of all items in $/testproject.

c:\projects>tf permission /allow:PendChange /group:testers$/testproject

The following example enables user somealias to make pending changes to his local copy of $/testtproject/314.cs in his workspace.

c:\projects>tf permission /allow:PendChange /user:somealias $/testproject/314.cs.

The following example denies user somealias the ability to make pending changes to his local copy of $/testproject/1256.cs.

c:\projects>tf permission /deny:PendChange /user:somealias $/testproject/1256.cs