TFS Security - Browsr Server - tfs-2015

I have set up TFS Security using Active Directory groups and in source control explorer through Visual Studio, users only see Team Projects that they have access to. However if they go to Team Explorer and click on the drop down menu they see almost all the team projects. If they go to web Tfs as well, the behaviour is exactly the same.
How do i restrict them to only see projects in dropdown that they have access to?
Project Collection Valid Users Group - Permissions
Project Collection Test Service Accounts - Permissions
Project Collection Service Accounts - Permissions
Project Collection Proxy Service Accounts - Permissions
Project Collection Build Service Accounts - Permissions
Project Collection Build Administrators - Permissions
--At Project Level--
All Project Valid Users group at Project Level are members of Project Collection Valid Users group
User Access From Collection Level:

You need to add the user/groups to the specific team project but not in Collection level. Thus , the restricted user/groups can only see the specific team projects which they have permissions under the collection.
In Team Explorer you can select the projects which you want to connect/display.
Update:
Add the group under specific team project (Set permissions in
Project level)
Add the same group under the specific collection
Under the collection security set "View Collection Level
Information" to "Deny" for the group (Set permissions in Collection
level)
Then the users in the group will can only access TFS with project permissions.

Related

SSAS deployment error : user does not have permission to create a new object

I recently when I want to deploy my SSAS project to server, faced this error:
Either the domain\user user does not have permission to create a new object in database, or the object does not exist.
I searched on the internet and do some solutions but none worked. I do these steps and it solve the issue.
1)Login to SSAS instance on the server.
2)In Role node you should see (at least) one role:
3)In the SSDT in role node in solution explorer define a new role with exactly same role name in SSAS server instance and check all check boxes:
4)In Membership tab add active directory users:
Now you can deploy your project without above error!

Master Data Services 2016 cross domain users management issue

I have a scenario where MDS admin users and MDS application pool exist in domain A , normal MDS users exist in domain B.
While this scenario worked with MDS 2012 after upgrade to MDS 2016 I am not able to navigate to functional area in MDS user security management with A\admin user- it yields "Access is Denied". Other areas in user security management work. The only information I could find in MDS log is: The user name or password is incorrect.
I thought it might be related to fact that cross forest domain roaming is disabled and those B domain users cannot have fully imported profiles on MDS machine. I have enabled it, forced GPO refresh - doesn't work
I tried with MDS database and application created by user from domain B - doesn't work
Any ideas how to investigate or fix it?
It looks like workaround is to create local user group for MDS users and then add this group to MDS.
This way you can change all permissions for a group. Each domain user will get created with all settings inherited from group.

SonarQube: Can't Create Technical User

SonarQube v5.2
I am trying to create a technical user (one that is authenticated locally and not against our LDAP). I have added a user name to the conf/sonar.properties file and restarted SonarQube. But, when I log in (as an administrator), the new user doesn't show up in the Administration | Security | Users list. We have two previously defined technical users (including admin) which do show up.
The admin guide doesn't say much http://docs.sonarqube.org/display/SONARQUBE52/Authentication.
Is there another step needed to create a technical user?
You need to manually create the user in SonarQube, it won't be automatically at startup.
Note that the SonarQube version you're using is no more supported, you should migrate to the latest LTS version 5.6.X => local users (previously known as technical users) are better managed :
- No more need to update sonar.properties
- You just have to create a user from the web server, this user will automatically be considered as a local user.
I've updated http://docs.sonarqube.org/display/SONAR/Authentication in order to remove the "Technical" word.

How to add an AD group to use queues in Release Management in VSTS?

In Visual Studio Team Services I tried to define permissions to allow a certain group permissions to manage release definitions.
I therefore added the Active Directory group to the Release Administrators group in the team project. If a user from the specific group logs into Visual Studio Team Services and tries to create a release definition (or does some other managing operation) he receives the following error:
Access denied. UserX needs Use permissions for queue Default to perform this action. For more information, contact the Team Foundation Server administrator
It seems like the user generally has permissions to create a release definition, but lacks permission on the release queue. How can I give a certain Active Directory group Use permissions to an agent queue?
If I add the Active Directory group also to the Project Collection Build Administrators group on the Default Collection level, managing release definitions work. But this will also give them permissions to build definitions, which they don't require.
You should add the AD group to Agent Queue Users group or Agent Queue Administrator group as per your requirement. To do that, go to the Agent Queues tab in the settings at Collection/Account level

Login failure: unknown user name or bad password

We are running Visual Studio 2012 and Team Foundation Server 2012. In the Team Explorer window, I am able to successfully connect to our TFS environment. However, when I select the Security link under Team Project or Team Project Collection, I receive a message "Team Foundation Server: Login Failure: unknown user name or bad password".
I have not found a log file or anything in any event viewer file that helps debug this problem.
Is there a log file I can search for that contains some 'hints' as to want the connection problem is?
where are your credentials stored on your locale machine that are used to connection team foundation?
We realized that the root cause for this issue is that Visual Studio is trying to open a browser using the same credentials used to connect to TFS. If those credentials are not allowed to run processes on your machine (I suspect in your case it’s domain users on a different domain which is not trusted by the client domain) then opening the browser will fail. That explains why you can hit those URLs using a browser instance that is opened using your own credentials.This will be fixed in a future release of visual studio.
In TFS 2012, the management interface for permissions and project settings has largely shifted to Team Web Access.
Clicking any of the following settings from Team Explorer 2012 will produce the "Logon failure: unknown user name or bad password" error:
•Team Project Collection > Security
•Team Project Collection > Group Membership
•Team Project > Security
•Team Project > Group Membership
•Team Project > Work Item Areas
•Team Project > Work Item Iterations
•Team Project > Project Alerts
I have the same problem. To correct it (temporaly), you must run VS 2012 with this command:
C:\Windows\System32\runas.exe /netonly /user:{domain\loginname} "C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe"
Change {domain\loginname} by the domain and login name of your tfs domain account. A console will ask for your password and all works!
I also experienced the same issue with TFS. I found a solution for that. You have to remap your workspaces in your PC or Remote server. If you have any uncommitted changes in your projects, you have to keep backup, otherwise you will lost your changes.
Steps -
Go to Workspaces in Visual Studio
File-> Source Control -> Advanced -> Workspaces
Remove the current workspaces.
Remap the projects again.
I was experiencing the same issue with TFS Express 2012. I don't know if my situation applies to you but here are the facts:
My TFS instance was running on a remote server.
Neither that server or my local machine were on a domain.
I was using the same user account name on both machines but with
different passwords.
Setting the passwords to be same fixed the problem.
The functions that weren't working were the ones that launch the project website, which I could navigate to directly anyway.
Managed to fix the issue myself by mapping a drive to the area where TFS appears to have A cache located - but then I have 2 separate workspaces going across 2 separate domains