如何向一组用户授予对所有 TFS 团队项目的只读访问权限? [英] How to Grant Read-Only Access to All TFS Team Projects to a Group of Users?

查看：59 发布时间：2021/7/17 20:11:12 security tfs

本文介绍了如何向一组用户授予对所有 TFS 团队项目的只读访问权限?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我从如何将 Windows 组作为读者"添加到 TFS 2010 集合中的所有项目?这必须为所有现有项目手动完成.

是否有可用于执行此操作的命令行工具?我知道 TfsSecurity 程序，但我尝试为单个团队项目不起作用.

<小时>

我为单个团队项目所做的:

我创建了[DefaultCollection]\All Project Read-Only Users"作为集合级别组，其中包含一个作为成员的 Active Directory 组.
然后我尝试为该组添加对项目的读取访问权限:

<块引用>

tfssecurity/collection:http://tfs:8080/tfs/defaultcollection/a+ 项目 vstfs:///Classification/TeamProject/guid GENERIC_READ "[DefaultCollection]\All Project Read-Only Users" ALLOW

这确实为该组添加了一个 ACL 到团队项目，但该组没有出现在团队项目的安全对话框中.

我想要做的是为该组提供与团队项目的读者"组相同的访问权限.

解决方案

这是一个 powershell 脚本，用于遍历集合中的每个团队项目，获取 Readers 组并添加 SID.

#加载需要的dll[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Client")函数 get-tfs{参数([string] $serverName = $(throw 'serverName is required'))$propertiesToAdd = (('VCS', 'Microsoft.TeamFoundation.VersionControl.Client', 'Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer'),('WIT', 'Microsoft.TeamFoundation.WorkItemTracking.Client', 'Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore'),('CSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.ICommonStructureService'),('GSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.IGroupSecurityService'))[psobject] $tfs = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer($serverName)foreach($propertiesToAdd 中的 $entry){$scriptBlock = '[System.Reflection.Assembly]::LoadWithPartialName("{0}") >$null$this.GetService([{1}])' -f $entry[1],$entry[2]$tfs |添加成员脚本属性 $entry[0] $ExecutionContext.InvokeCommand.NewScriptBlock($scriptBlock)}返回 $tfs}#设置TFS服务器url[psobject] $tfs = get-tfs -serverName http://YourTfsServer:8080/tfs/YourColleciton$items = $tfs.vcs.GetAllTeamProjects('真')$items |foreach-object -process {$proj = $_$readers = $tfs.GSS.ListApplicationGroups($proj.Name) |?{$_.DisplayName -eq '读者' }$tfs.GSS.AddMemberToApplicationGroup($readers.Sid, 'TheSidToTheGroupYouWantToAdd')}

I see from the answer to How to add Windows group as "Readers" to all projects in TFS 2010 collection? that this must be done manually for all existing projects.

Is there a command-line tool that can be used to do this? I know about the TfsSecurity program, but my attempt to do this for a single team project didn't work.

What I did for a single Team Project:

I created "[DefaultCollection]\All Project Read-Only Users" as a collection-level group containing a single Active Directory group as a member.
I then attempted to add read access to the project for that group:

tfssecurity /collection:http://tfs:8080/tfs/defaultcollection /a+ Project vstfs:///Classification/TeamProject/guid GENERIC_READ "[DefaultCollection]\All Project Read-Only Users" ALLOW

This did add an ACL for that group to the Team Project, yet that group didn't appear in the Security dialog for the Team Project.

What I wanted to do is give that group the same access as the "Readers" group for the team projects.

解决方案

Here is a powershell script to iterate over each team project in your collection, get the Readers group and add a SID.

# load the required dll
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Client")

function get-tfs
{
    param(
    [string] $serverName = $(throw 'serverName is required')
    )

    $propertiesToAdd = (
        ('VCS', 'Microsoft.TeamFoundation.VersionControl.Client', 'Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer'),
        ('WIT', 'Microsoft.TeamFoundation.WorkItemTracking.Client', 'Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore'),
        ('CSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.ICommonStructureService'),
        ('GSS', 'Microsoft.TeamFoundation', 'Microsoft.TeamFoundation.Server.IGroupSecurityService')
    )

    [psobject] $tfs = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer($serverName)
    foreach ($entry in $propertiesToAdd) {
        $scriptBlock = '
            [System.Reflection.Assembly]::LoadWithPartialName("{0}") > $null
            $this.GetService([{1}])
        ' -f $entry[1],$entry[2]
        $tfs | add-member scriptproperty $entry[0] $ExecutionContext.InvokeCommand.NewScriptBlock($scriptBlock)
    }
    return $tfs
}
#set the TFS server url
[psobject] $tfs = get-tfs -serverName http://YourTfsServer:8080/tfs/YourColleciton


$items = $tfs.vcs.GetAllTeamProjects( 'True' )
    $items | foreach-object -process { 
    $proj = $_
    $readers = $tfs.GSS.ListApplicationGroups($proj.Name) | ?{$_.DisplayName -eq 'Readers' }

    $tfs.GSS.AddMemberToApplicationGroup($readers.Sid, 'TheSidToTheGroupYouWantToAdd')
}

这篇关于如何向一组用户授予对所有 TFS 团队项目的只读访问权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何向一组用户授予对所有 TFS 团队项目的只读访问权限? [英] How to Grant Read-Only Access to All TFS Team Projects to a Group of Users?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何向一组用户授予对所有 TFS 团队项目的只读访问权限? [英] How to Grant Read-Only Access to All TFS Team Projects to a Group of Users?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭