Question: How do I grant permissions on a file within a folder that has inherited permissions?

- J.D. Meier, Jason Taylor, Alex Mackman, Prashant Bansode


You set permissions by right-clicking the folder or file in Source Control Explorer, clicking Properties, and then on the Security tab, selecting the user or group for which you want to change permissions, and editing the permissions listed under Permissions. You can also set these permissions on the command line by using the Permission command of the TF command-line utility.

Team Foundation Source Control allows you to grant access-control permissions to Windows Groups, Windows Users, and Team Foundation Groups. Permissions can be inherited from the containing folder, or you can declare permissions explicitly.

Permission settings are in the form of either Allow or Deny. Deny always overrides Grant, even if Deny is inherited and Grant is explicitly defined. The inherited permissions are combined with the explicit permissions to determine a user’s or group’s effective permissions on an item. Because Deny always overrides Allow, you can keep inherit turned on and deny check-in, for example.

Be careful when turning inheritance off; for example, you should first set the explicit permissions required and make sure to assign your own account-specific permissions before turning inheritance off. If you turn inheritance off without setting the desired permissions, you can lock yourself out of a file or folder and require a TFS administrator who is also an administrator on the application tier computer to fix the permissions. Application tier local administrators can never completely lock themselves out by design.

Additional Resources

Last edited Jul 18, 2007 at 9:44 PM by jtaylorsi, version 7


No comments yet.