Chapter 20. Security and Privileges

WHAT'S IN THIS CHAPTER?

  • Getting to know the different types of users and groups

  • Understanding the new and interesting permissions

  • Using tips for managing security

  • Learning about useful tools

When you first start looking at security, groups, and permissions in Team Foundation Server, it can be very daunting. This is a large system with many different features. A large part of the customer base also demands fine-grained controls in order to meet their compliance goals. Combined, these two things make managing security a sometimes tricky task.

However, by understanding some basic principles and avoiding some of the traps, Team Foundation Server security can be wrangled to achieve your security objectives. This chapter examines those principles and provides the information you'll need to avoid common pitfalls.

USERS

The first concept to understand in Team Foundation Server security is that there are a couple of different types of users, including the following:

  • Domain users

  • Local users

Domain Users

A domain in a Windows network usually means an Active Directory (AD) domain. AD is a directory and authentication service that comes with Windows Server. User accounts that are created in the directory are called domain users. In the directory, each user object has a set of properties, including a unique identifier (called a security ID, or SID), a display name, and an e-mail address.

Service Accounts

A service account is nothing more than just another domain user. The ...

Get Professional Team Foundation Server 2010 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.