TFS Security and Documents Folder - security

I'm getting an issue with TFS where the documents folder is marked with a red cross. As far as I can tell, this seems to be a security issue, however, I am set-up as project admin on the relevant projects.
I’ve come to the conclusion that it’s a security issue from running the TFS Project Admin tool (available here). When I run this, it tells me that I don’t have sufficient access rights to open the project. I’ve checked, and I’m not included in any groups that are denied access.
Please can anyone shed any light as to why I may not have sufficient access to these projects?

I finally got to the bottom of this. The security for SharePoint is set-up independently, and it's this that controls the access to the Documents folder

Related

Unable to update Cards settings within Sprint Board in ADO

So I've got both Project Admin and Project Collection Admin rights within ADO, but I'm unable to change any of the Cards settings for my project's sprint board. In the imgur link, you can see the error I'm still getting, and the permissions that have been setup for both groups: https://imgur.com/a/kniFdZI
There's not been anything so far that seems like a dead obvious reason for why I wouldn't be able to amend these things, so basically wondering if anyone has seen this before, or if any helpful MS folk happen to know exactly what the fix would be.
It can be due to devops access level permissions.
Check your access level under the devops Organization Settings -> Users
Make sure you have "Basic" access instead of "Stakeholder".
See access levels : https://learn.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops

Customisation Project Browser Permission Issue

So I'm trying to do portal customisation. I've managed to sort out the known issue with ProjectBrowserMaint. But when loading the customisation page. It's missing the tree items on the left side. I reckon its another access issue.
So I've explicitly configured the Access Rights on all the screens under the Customisation Project Browser. But still no joy.
So what else am I missing ? My login has an Administrator and Customiser roles already. And I'm using 2020 R1 Build 20.108.0019.
TIA

Added team member cannot see project despite similar permissions

We have a project administrator for a collection of projects on TFS Online. We recently hired so he had to add the guy as a new member into the team.
However he cannot see one specific project we have, even with identical permissions as the other users. His account was created in the same way as the others.
Trying to help the guy out here I offered to try a few things and noticed, If I create a new project as a test. "Test1", and add him as a member, he can see this account fine when he logs in to TFS Online/Connects on Visual Studio.
Which leads me to believe that it's based on some visibility setting within TFS, even though the other members linked to the project can see it fine.
Any possible ideas for me to try?
You need to try and trace his effective permissions. It sounds like there is a denied somewhere.
If you open the admin for that team project and goto the security tab there is a box to add the users account. You should then see the effective permission on the right and he should have and Alowed in the "View project level information" permission.
If he does bot you can roll your mouse over it and click the "why" button and you will see where the overide is coming from.

Export TFS 2008 (Team Foundation Server) Groups and Permissions

Is there a way to export all of TFS 2008 Groups and Permissions for an Audit?
I looked at the TFS Permissions Manager mentioned in another answer and couldn't easily figure out how to use this for an audit of user permissions. That said I looked around and found a few other possible tools to help in this process:
Team Foundation Server Administration Tool - This can be used to produce a list of TFS groups, users & permissions on a per project basis. The utility uses a grid control to display the results and this can easily be copied and pasted into Excel, etc.
TFS Project Audit - This tool generates output in an indented text format. It too works on a per project basis however it lists the output grouped by TFS role.
I think both of the options I mention are more recently maintained than the TFS Permission Manager at the time of this writing. Also, keep in mind that for purposes of a security audit I believe that the local & domain administrators groups in Windows Server have the ability to override any of the TFS permissions (at least with TFS 2008).
I'm the guy who wrote TFS Project Audit and I'd like to clarify a few things about my tool. First, it works on a project basis for TFS 2008 or a collection basis for 2010. It can report on a specific collection or all collections on a TFS server. These are enhancements I made in the newest version, released only a few days ago. Also, the output can be restricted to a specific group, Project Administrators, for example, across a project, collection, or the entire server.
I am always soliciting but rarely receiving feedback on this pet project of mine, so please feel free to leave suggestions for future releases! I have plenty of ideas in mind but it would help to know where my time is best spent, because this projectis hardly all I do with my days.
To prove it is really me, I'll give Saul a shout at tfsprojects.codeplex.com. Thanks a lot Saul!
Have you looked at this?
http://blogs.microsoft.co.il/blogs/srlteam/archive/2006/11/27/TFS-Permission-Manager-1.0-is-Finally-out.aspx

validate security setup with Team Foundation Server

It seems that security setup is a bit of a nightmare with TFS --- particularily as it relates to TFS versus SharePoint versus Reporting Services.
Does anybody know of a tool that can validate the security setup --- because as it stands now, people can't create projects, because something is wonky with SharePoint --- yet all the farm administrators and site collection administrators seem to be set correctly.
One thing to try is to create a new Team Project logged in to the TFS server (AT) using the account that you used to install TFS (tfssetup).
If that still doesn't work then sounds like you might possibly have your Sharepoint Admin URL set incorrectly in TFS.
One thing you might want to try if the TFS Best Practices Analyzer which comes with the TFS 2008 Power Tools and will point out common configuration issues.
You might also want to try the tfsadminutil ConfigureConnections /View command to see if you can see anything there.
Good luck,
Martin.

Resources