I have attempted to setup a security group only granting access to the test plan section so that I can assign business users to this group to execute test cases within TFS. However, when I set DENY on all other permissions users assigned to this new group cannot see the test plans.
The purpose of this is to seperate these TFS users from my developers. Basically, I do not want them to have the ability to add/edit/delete code, delete user stories, bugs, or tasks.
I have tried various configurations for the new group I created 'Testing Group' and the following is the current configuration:
Bypass rules on work item updates Deny;
Change process of team project. Deny;
Create tag definition Deny;
Create test runs Allow;
Delete and restore work items Deny;
Delete shared Analytics views Deny;
Delete team project Deny;
Delete test runs Deny;
Edit project-level information Deny;
Edit shared Analytics views Allow;
Manage project properties Deny;
Manage test configurations Allow;
Manage test environments Allow;
Permanently delete work items Deny;
Rename team project Deny;
Suppress notifications for work item updates Not set;
Update project visibility Not set;
View analytics Allow;
View project-level information Allow;
View test runs Allow;
Users are unable to view the test plan to access the test cases and run unless I configure the 'testing group' as I have for my DEV team. However, that gives permission to the testers that I do not want them to have.
Related
Once test case or test plan is assigned to tester then test case should not edited until it is tested and approved. How can we restrict test cases from being edited once test case assigned to tester?
You can restrict test cases from being edited by managing the access-level permissions like below:
Please note that area path permissions let you grant or restrict access to edit or modify test plans or test suites assigned to those areas. You can restrict access to users or groups.
In order to set those permissions,
Go to Azure DevOps -> Your Project -> Project Settings -> Project Configuration -> Areas
Choose the ... context menu and select Security like below:
Now, choose the users or group you want to manage access and set the permissions for Edit work items in this node Manage test plans and Manage test suites to Deny.
For more information in detail, please refer below links.
References:
Sample custom rule scenarios - Azure DevOps | Microsoft Docs
Set permissions for work tracking - Azure DevOps | Microsoft Docs
Set permissions and access for manual testing - Azure DevOps | Microsoft Docs
When I create tasks for my stories using the templates section in project, the newly created tasks do not show up in my task template list. Is there somewhere in Azure Dev Ops I need to use to grant access to my teams?
Prerequisites:
To add, capture, edit, or delete work item templates through the web portal, you must be a member of the team under which you add
them.
To apply a work item template, you must be a Contributor of the project and a member of the team under which the work item template
is defined.
Also, when you check the template list, make sure you select the correct team:
I want to change process from agile to scrum in azure DevOps but the change process button is missing. While i changed the "Change process of team project" setting in project settings.
Did you check your permissions required to perform the change process operation?
Pre-requisites
To create, delete or edit a process, you must be a member of the Project Collection Administrators group, or have the corresponding permissions Create process, Delete process, Edit process, or Delete a field from organization set to Allow. See Set permissions and access for work tracking, Customize an inherited process.
Users granted Basic or Stakeholder access can be granted permissions to create, edit, and delete processes, and administer process permissions.
Learn details at https://learn.microsoft.com/en-us/azure/devops/organizations/settings/work/change-process-basic-to-agile?view=azure-devops#prerequisites
Change process button from agile to scrum is missing in azure devops
According to the image you provided, it seems you are using the Azure devops Server instead of the Azure devops service, which does not support this feature to change the process from agile to scrum.
To change the process from agile to scrum on Azure devops Server, you could check following ticket for some more details:
Is it possible to migrate from Agile to Scrum based project
If you are using Azure devops service, you need to check if you meet the Prerequisites, then select the project, you will see options:
Hope this helps.
In our current development environment we have the developer accounts configured as deployment managers. We're running CRM as a separate CRM account.
When I create a new organization, using the MS Dynamics CRM Deployment Manager, running under my own account, the validation step gives me the following error:
The current user does not have required permissions (read/write)
for the following Active Directory group:
CN=/*rest of AD info*/
I don't get any errors when I either import an organization rather than create one, or run the tool as the CRM user.
Why can't CRM deployment managers create new organizations, yet have no problem importing one in our setup?
I'm using Gitlab 5.0 to manage my git repositories and I've never used github before Gitlab.
When I create a group, I see a new directory with this group name in /home/git/repositories.
But with team, no such thing is done.
Also, with group, I can create a project for the group and the assignments (for users of this group) is done automatically.
I can't see any other differences between group and team and I would like to understand that.
Thank you in advance and sorry for the bad English (I'm french),
GitLab 6.0 (August 2013, 22d)
See commit 3bc4845:
Feature: Replace teams with group membership
We introduce group membership in 6.0 as a replacement for teams.
The old combination of groups and teams was confusing for a lot of people.
And when the members of a team where changed, this wasn't reflected in the project permissions.
In GitLab 6.0 you will be able to add members to a group with a permission level for each member.
These group members will have access to the projects in that group.
Any changes to group members will immediately be reflected in the project permissions.
You can even have multiple owners for a group, greatly simplifying administration.
Why do references to Teams still exist in GitLab 7 then? e.g. "Filter by Team"
"Team" seems now (GitLab 6.x->7.x 2015) seems limited to a project (see for example features/project/team_management.feature, and app/models/project_team.rb or spec/models/project_team_spec.rb).
A project can be part of a group: see "Gitlab API for all projects under group".
"Group" references users, and can group multiple projects, (See features/groups.feature, app/models/group.rb, app/models/members/group_member.rb)
As a user, you are a first a member of a group, and have roles ('Reporter', 'Developer', ...) associated to a project (which makes you a member of that project, part of the "team" for that project).
No role, means "not a member of the team for a project".
See db/migrate/20140914145549_migrate_to_new_members_model.rb.
Answer for GitLab 5.x (before August 2013, 22d)
Group is for grouping projects, similar to a folder (git repositories)
Team is for grouping resources (people)
Those notions have been refined in GitLab 4.2.
That allows you to manage authorization in a more convenient way, given permissions to a group of projects in one operation, and/or given permission to a group of people, referenced by their team.
GitLab 5.x no longer used Gitolite, but before 5.0, teams and groups are coming from Gitolite, and its gitolite.conf configuration file.
This is where team and groups were declared and associated in order to grant permission access.
Even without gitolite, the idea persists: managing the authorization through association between teams (of people) and groups (of projects).