无法在具有项目集合管理员角色的团队项目上管理 TFS 2018 中的安全性 [英] Cannot manage security in TFS 2018 on a Team Project with Project Collection Adminstrator Role
问题描述
我一直在使用 Active Directory 组转换对团队项目的访问权限.
I have been converting access to Team projects using Active Directory groups.
我是项目集合管理员,我们主持了大约 40 个团队项目.
I am a project collection admin and we host around 40 odd team projects.
在所有其他项目上,一切都很好,我已经能够将我需要的所有 AD 组添加到团队项目(贡献者、读者等)中存在的各种 TFS 组中.
On all the other proects everything is fine, I have been able to add all the AD groups I needed to the Various TFS groups that exist in a Team Project (Contributors, Readers etc).
当我来到问题项目时,我可以看到添加按钮,并且可以搜索并选择我想要的 AD 组,但是当我点击保存时,我看到一条带有文本的红色横幅消息:
When I come to the problem project I can see the add button, and I am able to search for and select the AD group I want, but when I click save, I see a red banner message with the text:
Unable to add members to this group.
Failed to resolve the specified groups to join.
You do not have sufficient permissions to add members to the following groups:
[Team Project]\Build Administrators
我查看了 oi,在问题发生时我能看到的只有报告 200 响应的活动.
I have looked at the oi and all I can see around the time of the issue are activities reporting a 200 response.
我正在查看 api 和数据库,看看我能做什么,但不知道从哪里开始.我以为我可能会看到一些有关安全的信息,但它要求提供一个我不知道如何获得的 guid.
I am looking at the api and the database to see what I can do but not sure where to start. I thought I might be able to see something about security but it is asking for a guid that I am not sure how to get hold of.
查看数据库时,我认为可能有安全表,但不知道从哪里开始.
Looking at the database I thought there might be a security table, but not sure where to start.
我会继续研究该做什么,所以我会保持更新
I'm going to keep looking at what to do, so I am going to keep this updated
更新 2019-03-27
我们有一个与 Microsoft 的支持电话,我仍然在管理团队时遇到问题,但我已经能够通过 API 更新团队,我什至找到了一个 有用的小 CLI 工具来帮助我完成我需要做的任务.
We have a support call open with Microsoft, I still have issues managing the teams, but I have been able to update the team via the Apis, I even found a useful little CLI tool to help with the tasks I needed to do.
推荐答案
得到了答案并且修复成功了.
Got the answer and the fix worked.
经过多次来回、发送文件和运行一些tfssecurity 查询后,他们能够确定问题所在.
After a lot of back and forth, sending files and running some tfssecurity queries, they were able to determine the problem.
我所做的是将包含我们的项目集合管理员帐户的域用户 AD 添加为项目阅读器,因为 tfs 的安全性基于最低级别原则,然后对我的项目集合管理员帐户应用拒绝权限,通过简单地从读者级别删除 AD 组(我能够做到),管理证券的能力又回来了.
What I had done was add the domain User AD containing our project collection admin account in as a project reader, as the security on tfs works on a least level principle it was then applying a deny permision on my Project collection admin account, by simply removing the AD group from the reader level, which I was able to do, the ablity to manage the securities came back.
我无法找到我所属的特定组然后设置拒绝,但不可否认,从读者级别删除 AD 组解决了问题.
I havent been able to find the specific group that I belonged to that then set the deny, but there is no denying that removing the AD group from the reader level fixed the issue.
这篇关于无法在具有项目集合管理员角色的团队项目上管理 TFS 2018 中的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
