tf permission is a command line statement that modifies the access control list of all the users and at a same time displays authorization setting for all items located inside Source Control. Permission allows you to manage only user authorizations but not user authentication.
There are security restrictions for running this command line. We must have “Manipulte security settings” permission set to “Allow” on the folder we are trying to modify and we need to be a part of the “Team Foundation Administrators” group.
|perm||Name of a permission or role to modify.|
|Username||Provides a value to the /user option. A username value can be expressed in one of two ways, depending on the network settings: DOMAIN\username or username.|
|Groupname||The user-provided value for the /group option.|
|Servername||The user-provided value for the /server option. Example: teamfoundation2.|
|Itemspec||Identifies the file or folder for which to modify permissions. For more information about how Team Foundation parses itemspecs to determine which items are within scope, see Command-Line Syntax.|
|/allow||Specifies a list of Team Foundation source control permissions to add to the allow ACL.|
|/deny||Specifies a list of denied Team Foundation source control access permissions to add to the user access control list.|
|/remove||Specifies a list of Team Foundation source control permissions to remove from both the allow and the deny ACLs.|
|/inherit||If you select yes, all permissions associated with a parent ACL are inherited by an item. Cannot be combined with the /remove option.|
|/user||Specifies the name of a user to modify permissions for.|
|/group||Name of the group for which to modify permissions.|
|/server||Identifies the Team Foundation Server. This option is required if the command is invoked from a directory that is not mapped to a workspace.|
|/recursive||Applies the specified command to all items in the directory and any subdirectories.
/recursive option works only while viewing the permissions for items in a source tree. It does not work while setting permissions, for example with /allow, /deny and /remove options.
|/global||Used to view or assign any Team Foundation server permission.
To assign permissions, use the /allow, /deny, or /remove options.
The argument itmespec is not required. If it is listed, it is ignored.
When used to view the Team Foundation server permissions, the five permissions listed are:
Displays ACLs for file.cs.
c:\projects>tf permission file.cs
Displays ACLs for "developers" for the teamserver
c:\projects>tf permission /group:developers /server:teamserver
Allows "manager" group to change local copies of all items in the $/folder folder.
c:\projects>tf permission /allow:PendChanges /group:manager $/folder
Removes all permissions from the $/folder folder for "developers" group.
c:\projects>tf permission /remove:* /group:developers $/folder
Eanbles the group "developers" to change local copies of all items in $/folder.
c:\projects>tf permission /allow:PendChanges /group:developers$/folder
Enables user john to make pending changes to his local copy of $/project/file.cs.
c:\projects>tf permission /allow:PendChanges /user:john $/project/file.cs.
Denies john to make pending changes to his local copy of $/project/file.cs.
c:\projects>tf permission /deny:PendChanges /user:john $/project/file.cs