TFS permission management technical documents

The main functions completed in this phase are mainly at the project level. The main functions are as follows:

Function Name	Function
Addgroup	Add a group to an existing group
Adduser	Add a user to an existing group
Deletegroup	Delete a group from an existing group
Deleteuser	Delete a user from an existing group
Addpowerforgroup	Grant the specified permission to the specified group
Movepowergroup	Deletes a specified permission from a specified group.
Getmemberofgroup	Obtain the members in the specified group.
Getauthoritygroup	Obtain permission groups for all projects under the project
Creategroup	Create a project-level group
Cleargroup	Delete a project-level group
Getgroupdescription	Obtain the project team description

(Note: The above functions are named for convenience, not in tfssecurity)

 

When splicing the following command, note that the group name, domain username, project name, and other characters may appear in Chinese. In this case, double quotation marks are required. For example, to add the user John (John) in the SPM domain to the bulider (builder) group under aaa in the test project set, the command is as follows:

Tfssecurity/g + "[AAA] \ bulider (builder)" "N: SPM \ John (John)" allow/Collection: http: // spmserver: 8080/TFS/test

The preceding function depends on tfssecurity.exe. This tool is in the c: \ Program Files (x86) \ Microsoft Visual Studio 10.0 \ common7 \ ide directory, and the string-type sequence stream is returned by calling the command.

The commands for implementing the above functions are listed:

1. addgroup and deletegroup (add or delete a group to or from an existing group)

[Command] tfssecurity/g + [projectname] \ groupidentity N: [projectname] \ memberidentity allow/Collection: collectionuri

Tfssecurity/g-[projectname] \ groupidentity N: [projectname] \ memberidentity allow/Collection: collectionuri

[Parameter description]

Parameter Name	Description
Projectname	The project name of the groupidentity and memberidentity teams.
Groupidentity	Groups to which other groups will be added
Memberidentity	Groups to be added to other groups
Collectionuri	Uri of the project set of the groupidentity Group

 

[Description]

2. adduser and deleteuser (add or delete users to or from an existing group)

[Command]

Tfssecurity/g + [projectname] \ groupidentity N: domainname \ memberidentity allow/Collection: collectionuri

Tfssecurity/g-[projectname] \ groupidentity N: domainname \ memberidentity allow/Collection: collectionuri

 

[Parameter description]

Parameter Name	Description
Projectname	The project name of the groupidentity group team.
Groupidentity	Groups to which other members will join
Domainname	Name of the domain where the member is located
Memberidentity	Members to be added to other groups
Collectionuri	Uri of the project set of the groupidentity Group

 

3. addpowerforgroup and movepowerforgroup (add or delete a specified permission for a specified group)

[Command] tfssecurity/A + project frameworkglobalsecurity permissionsname N: [projectname] \ groupname allow/Collection: collectionuri

Tfssecurity/a-Project frameworkglobalsecurity permissionsname N: [projectname] \ groupname allow/Collection: collectionuri

[Parameter description]

Parameter Name	Description
Permissionsname	Name of the specified permission
Projectname	Name of the Team Project of the specified group
Groupname	Name of the specified group
Collectionuri	Uri of the team project set of the specified group

 

4. creategroup (create a project-level group)

[Command]

Tfssecurity/GCG groupname groupdescription/Collection: collectionuri

[Parameter description]

Parameter Name	Description
Groupname	Name of the group to be created
Groupdescription	Description of the group to be created
Collectionuri	Uri of the team project set of the group to be created

[Description]

If the Group Name and description contain multiple words or Chinese characters, double quotation marks must be added.

 

5. cleargroup (delete a project-level group)

[Command]

Tfssecurity/GD [projectname] \ groupname/Collection: collectionuri

[Parameter description]

 

Parameter Name	Description
Projectname	Project of the group to be deleted
Groupname	Group name to be deleted
Collectionuri	Address of the team project set of the group to be deleted

 

6. getauthoritygroup (obtain the permission group for all projects in the project set)

[Command]

Tfssecurity/Im all:/Collection: collectionuri

[Parameter description]

 

Parameter Name	Description
Collectionuri	Uri of the team project set of the group to be queried

[Description]

This command returns a response stream. Therefore, we need to extract the permission group information from the response stream.

 

7. getmemberofgroup (obtain all members of the corresponding group)

[Command]

Tfssecurity/IM groupname/Collection: collectionurl

[Parameter description]

Parameter Name	Description
Groupname	Group Name
Collectionuri	Address of the team project set in the group

[Description]

This command returns a response stream. Therefore, we need to extract the information of all the members in the group from the response stream.

 

8. getgroupdescription (obtain the project team description)

[Command] tfssecurity/I groupname/Collection: collectionurl

[Parameter description]

Parameter Name	Description
Groupname	Group Name
Collectionuri	Address of the team project set in the group

[Description]

When you call this command, a batch stream is returned, which contains a description of the group name. You need to extract the information using the string processing method.