Team Foundation Server Permissions Oddity

I came across an interesting bug this morning in Team Foundation Server 2013 Update1 were a team member was in the Readers, Contributors, and Project Administrators groups for a project. You would expect him to have a union of the permissions granted by those roles as long as none of the roles explicitly denied a permission. That is the behavior described in the MSDN documentation. That was not the case because he couldn’t checkout a file or doing anything else beyond reader level access. Once we realized he was in all three groups and guessed that might be the issue we removed him from the readers and contributors groups and he was then able to checkout files. I have included two images below of the Reader and Contributors version control permissions as proof that none of the permissions were explicitly denied.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

	Kopernikas Green on Heating, Ventilation and Air C…
	John on Heating, Ventilation and Air C…
	Marin Atanasov on How to Add a Private Extension…
	Umang Bhatt on How to Import an Enterprise Ce…
	Dhruv on How to Import an Enterprise Ce…

Share this:

Like this:

Related

Leave a Reply Cancel reply