Back to Blog List

TFS 2012 – Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade

Topic(s)
Audience

Everyone

After an upgrade from TFS 2008 you are unable to edit permissions even though you are part of the appropriate groups. In this case it is an upgrade from TFS 2008 to TFS 2012 that did not have any errors on the way through. Everything looked like it worked, but…

Updated 2012-10-11 – Solution improvement for additional circumstances

I found that the solution below did not always do the job and I had to add a second command line to make it work. Effectively adding an additional ACL to the logged in user if they are not in the Project Administrator list.

You get an “Unable to remove the selected identity from this group” error when trying to remove someone from contributors.

image
Figure: Unable to delete user from group

Applies To

  • Visual Studio 2012 Team Foundation Server

Findings

You need to make sure that you are in the appropriate groups first. This could be simply a case of not actually having permission.

  1. I am in the Administration Console Users list… (yes I reapplied)
    image
    Figure: Administration Console User List
  2. I am in the Team Foundation Server Administrators group…
    image
    Figure: Team Foundation Server Administrators 
  3. I am in the Project Collection Administrators group…image
    Figure: Project Collection Administrators

If you have checked all of the permissions then we have a problem. Log in as the “TFS Service” account that you are using and see if you still can’t change things.

Now I can delete users from the Contributors group, woot… but why can’t other accounts that are administrators.

Solution

You need to add the permissions that you need as they were not part of the upgrade. To do this you need to call TFS Security and this is where things get a little complicated.

tfssecurity.exe /a+ Identity vstfs:///Classification/TeamProject/PROJECT_GUID 
        ManageMembership adm:vstfs:///Classification/TeamProject/PROJECT_GUID ALLOW 
        /collection:http://tfsserver01:8080/tfs/Tfs01

tfssecurity.exe /a+ Identity vstfs:///Classification/TeamProject/PROJECT_GUID 
        ManageMembership domainusername ALLOW 
        /collection:http://tfsserver01:8080/tfs/Tfs01

Figure: Command to add the missing security

In order to call TFS Security to add permissions to the Project Administrators group for the Team Project you need the Team Project GUID. Now in Visual Studio 2010 you can just right-click on the project node and you will see the GUID in the properties. But what if, like me, you don’t have 2010 to hand…

If you connect to the TFS Server and view the tbl_project table in the Collection you will see the Project Uri, which contains the GUID.

image
Figure: Finding the Project GUID

Now that you have the GUID for the Team Project you can execute the command above to add the missing ability to Modify Membership back into TFS.

image
Figure: Adding the missing security

Hopefully there will be a better way to get the Team Project GUID once the RTM version of the Power Tools becomes available and that there will be a hotfix for this annoying bug in the upgrade.

Did this fix your problem?

Create a conversation around this article

Share on Facebook
Share on Twitter
Share on Linkdin
Martin Hinshelwood

Martin Hinshelwood

Martin Hinshelwood has worked with many customers in government, finance, manufacturing, health and technology to help them adopt and improve their agility using DevOps and Agile techniques. He writes regularly on naked Agility's Blog, and speaks often on DevOps, Agile & Process Improvement with Scrum, Visual Studio, and TFS. Martin is available onsite for technical or agile mentioning, coaching, or consulting. Find out what Martin's customers say about him and his work.

Read more

Martin Hinshelwood
You can’t stop the signal! But you can ignore it!
In organizational development and team dynamics, Agile (as the Agile Manifesto delineates) and Scrum (as the Scrum Guide outlines) guide teams not by solving their problems but by illuminating the issues that demand attention. These frameworks aim to identify and spotlight the challenges within a team or organization’s processes, effectively …
17 April, 2024
Martin Hinshelwood
The Evolution of Agile Learning: Insights from Scrum.org’s Webinar
This week, I participated in a Scrum.org Webinar hosted by Sabrina Love (Scrum.org Product Owner) as well as my colleagues, Joanna Płaskonka, Ph.D. and Alex Ballarin to discuss the state of learning and how immersive learning is the future of training. You can watch the video below to hear what …
14 December, 2023
Martin Hinshelwood
Naked ALM: starting with why and getting naked
For a long time now I have been searching for that perfect domain that epitomised the vision, the why, of what I am trying to achieve with my customers and the industry at large. Now I have found it in http://nkdagility.com
2 May, 2013
Martin Hinshelwood
You can’t stack rank hierarchical work items?
At the MVP Summit I was appalled by the number of people who asked questions about new features for supporting hierarchical tasks! I shared a disgusted look with Peter Provost and we had a quick (and I mean really quick) conversation that resulted in this post. it really comes down …
1 March, 2012