tf permission Commands in Team Foundation Server

tf permission is a command line statement that modifies the access control list of all the users and at a same time displays authorization setting for all items located inside Source Control. Permission allows you to manage only user authorizations but not user authentication.

There are security restrictions for running this command line. We must have “Manipulte security settings” permission set to “Allow” on the folder we are trying to modify and we need to be a part of the “Team Foundation Administrators” group.


perm Name of a permission or role to modify.
Username Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.
Groupname The user-provided value for the /group option.
Servername The user-provided value for the /server option. Example: teamfoundation2.
Itemspec Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Command-Line Syntax.
/allow Specifies a list of Team Foundation source control permissions to add to the allow ACL.
/deny Specifies a list of denied Team Foundation source control access permissions to add to the user access control list.
/remove Specifies a list of Team Foundation source control permissions to remove from both the allow and the deny ACLs.
/inherit If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.
/user Specifies the name of a user to modify permissions for.
/group Name of the group for which to modify permissions.
/server Identifies the Team Foundation Server. This option is required if the command is invoked from a directory that is not mapped to a workspace.
/recursive Applies the specified command to all items in the directory and any subdirectories.
/recursive option works only while viewing the permissions for items in a source tree. It does not work while setting permissions, for example with /allow, /deny and /remove options.
/global Used to view or assign any Team Foundation server permission.
To assign permissions, use the /allow, /deny, or /remove options.
The argument itmespec is not required. If it is listed, it is ignored.
When used to view the Team Foundation server permissions, the five permissions listed are:
  • tf: AdminShelvesets
  • tf: AdminWorkspaces
  • tf: CreateWorkspace
  • tf: AdminConfiguration
  • tf: AdminConnections
For more information about permissions, see Team Foundation Server Permissions.

Displays ACLs for file.cs.
c:\projects>tf permission file.cs

Displays ACLs for "developers" for the teamserver
c:\projects>tf permission /group:developers /server:teamserver

Allows "manager" group to change local copies of all items in the $/folder folder.
c:\projects>tf permission /allow:PendChanges /group:manager $/folder

Removes all permissions from the $/folder folder for "developers" group.
c:\projects>tf permission /remove:* /group:developers $/folder

Eanbles the group "developers" to change local copies of all items in $/folder.
c:\projects>tf permission /allow:PendChanges /group:developers$/folder

Enables user john to make pending changes to his local copy of $/project/file.cs.
c:\projects>tf permission /allow:PendChanges /user:john $/project/file.cs.

Denies john to make pending changes to his local copy of $/project/file.cs.
c:\projects>tf permission /deny:PendChanges /user:john $/project/file.cs

Featured pages

SharePoint Integration

Windows SharePoint Services is an integral part of Team Foundation Server. As a result, there is v…

Creating Team Project

Team Foundation Server allows creation of the portal project via TFS Portal Creation Wizard. This …

SQL Server Agent Jobs

Team Foundation Server installs several SQL Server Agent Jobs that allow it to perform certain tas…

tf Command

tf Command line utility provide many useful operations that we can perform with Team Foundation Se…

Shelving and Unshelving

Shelving is very powerful feature of the Source Control in VSTS that allows storing pending change…

MS Project Fields Mapping

TFS works with MS Project via mapping file with specific fields mapped from one application to ano…

Using MS Project with Team Foundation Server

MS Projects allows accessing Team Foundation Server and working with the TFS Work Items. This is a…

Managing Documents in TFS

Team Foundation Server provides us with the capability to manage various documents, also called ar…