Extracting effective permissions from TFS whitepaper and sample


We are pleased to announce that the release of the Extracting effective permissions from TFS research findings, packaged in a whitepaper and samples, based on a prototype, not a production solution.

where is the stuff?

image5

where is security auditing research feedback?

We have completed, but not yet made plans to release the security auditing research feedback. If you need the security auditing whitepaper or sample code, please contact me on my blog.

special thanks

A THANK YOU to the team of ALM Rangers who volunteered their personal time and contributed their real-world experience to deliver this solution. A special THANK YOU to our product owner Mario Rodriguez, for yet another great adventure, his guidance and support!

I asked the team why they joined this project and here is their story:

Baruch Frei Closing the Security Extraction and especially Security Auditing gap in TFS is one of the most important and highly request features.
Hosam Kamel

You can add, change, or remove permissions for users and groups in Visual Studio Team Foundation Server (TFS), security and permissions are core components in TFS but can you track security changes? Can you extract and report the effective permissions for certain user? The answer is NO!
Seems we have some blockers! It’s in our core DNA as ALM Rangers to provide out-of-band tooling and practical guidance to remove adoption blockers in real world environments, security and auditing has been a blocker for many years in TFS but we managed to simplify it in this project.

Jon Guerin For me, Security is top of mind across the community and with our customers, so being able to address the need and work with a team very passionate in this topic is important to me.
John Bergman Security and Auditing have been a request of several of my clients for quite some time, this will be a welcome addition!
Michel Perfetti Because security auditing is necessary to have a trustfully development platform.
Prasanna Ramkumar I have been asked by my clients about Security and Auditing so many times and to have something to help them now is great.
Mehmet Aras Opportunity to provide guidance to the TFS ALM community and our customers on some of the most frequently needed TFS security operations was too interesting and challenging to pass up.
Niel Zeeman It is a request from many a company. Applications form the strategic advantage and differentiation from competitors and it is important to know who the custodians are and how to manage the security around it.
Richard Albrecht I get requests from my regulatory customer like the government and financial institutions, in general security auditing is being required by more company’s over its code.
Stefan Mieth Security auditing becomes especially a big deal when developing solutions in a regulatory environment like health care or pharmacy. The government often requires all-over capture and point in time captures for verification. Because of this, there is a real world need and we tried to provide a real world solution.
Vinicius Moura

It’s amazing join this project because all clients ask about this functionality and give us a great tool to auditing theirs TFS. For me is important to explore important fuctions that shows the internal mechanisms of Team Foundation Server.

please send candid feedback!

We can’t wait to hear from you, and learn more about your experience using the sample add-in. Here are some ways to connect with us:

  • Add a comment below.
  • Ask a question on the respective CodePlex discussion forum.
  • Contact me on my blog.
Comments (2)

  1. Matt says:

    I understand this is a prototype, but it’s very helpful. What’s the future plan for this functionality? Will it be integrated into TFS at some point? Will a more robust add-on be released (one that isn’t labeled “prototype”)? The alternative is to use the concepts here to develop our own solution, which we would prefer not to do if there are plans to integrate it in a Microsoft-approved fashion.

    1. The product team is committed to rolling out this functionality and make it native in the product. We’re targeting CY17 to make this available.

Skip to main content