October 2006 - Posts
What makes a person spend hours on writing an article? Sometimes it’s the joy of research, some other times it’s the pleasure of sharing your knowledge. The motivation for this article comes from both places, but is mainly the result of repeating questions from our customers about security and permissions. The fact that handling security in TFS is quite complex and requires understating of the various parts of the platform pops-up a lot of questions. In the attached document we did our best to go through most of security and permissions issues: Server and project groups, permissions granting in: source control, portal, reporting services, work item and team build. We will also recommend a mixture of permissions that match common roles. Finally, we will go over three permissions tools: tf, TFSecuriry and TFSAdmin. You can download it also
from here.
There is a lot of useful free utilities for Team System you can find spread all over the web. Some of them are open source projects, others just a free utilities kindly shared for our convenience. I tried to collect in following table utilities that I know. You can find here only utilities in "active state", meaning those, that you can actually download and use, not only read description. There is no particular order in this table. You are more then welcome to vote for your favorite tool in comments, then we will be able to add some recommendations. Also I'll be glad if you let me know about cool stuff I missed. Enjoy:
| Name |
Description |
Category |
Availability |
| Team Foundation Server Administration Tool |
The TFS Admin Tool allows a TFS administrator to quickly add users to all three platforms utilized by Team Foundation Server: Team Foundation Server, Sharepoint, and SQL Reporting Services, all through one common interface. The tool also allows administrators to change the current permissions on any of the three tiers, identify any errors, and view all of the users and their permission sets across Team Foundation Server, Sharepoint, and SQL Reporting Services. |
permissions |
open source |
| TFS PowerPack |
The TFS PowerPack includes a set of tools to extend the client experience when working with a TFS server.
Currently, the TFS PowerPack set includes 2 tools:
- KillBill - Stops a Team Build currently running on a build server.
- WorkItem Terminator - Permanently deletes a work item from the TFS database.
|
build, work item tracking |
open source |
| TFS Source Code Version Tree Browser |
Provide a version tree browser for team foundation source control that is fully integrated into the Visual Studio 2005 environment with features matching or exceeding those available from ClearCase and Eclipse. |
source control |
open source |
| Automaton |
Automaton is a Continuous Integration engine for Microsoft Team Foundation Server. Automaton will monitor your source code repository and automatically run the correct team builds that you create within Visual Studio. Build reports can be view through a web site, and your development team can get notifications on e-mail or MSN Messenger when there is problem building the source code. |
build |
open source |
| CruiseControl.NET plug-in for TFS |
A plug-in to allow communication with Team Foundation Server for the popular open source build automation tool CruiseControl.NET |
build |
open source |
| TFS Code Review Workflow |
This project is a combination of a Code Review Work Item and a Code Review Check-in Policy. The check-in policy doesn’t allow a check-in unless it has an associated Code Review work item, and that work item is set to approved. Only people in a TFS group named {Project}\Code Reviewers can set an item to approved. |
work item tracking |
open source |
| TFS - Code Comments Check-in Policy |
This Team Foundation Server policy ensures that the code contains comments for classes, methods and properties before checking in it to the source control server. |
check-in policies |
open source |
| TFS BHAL |
This project aims at being a customizable orchestrator for managing Teams with the aid of Team Foundation Server. |
work item tracking |
open source |
| Process Template Editor |
This utility offers a visual interface for modifying Team Foundation Server work item types. You can modify the various fields and workflow and see a preview of the work item type form. This is a very nice tool for anyone modifying the various Team Foundation Server work item types and processes. |
process templates |
free |
| TFS Sidekicks |
MSBuild, Team Build, History, Workspace Sidekick and Status Sidekick applications. |
build, source control |
free |
| Team Build RSS Feed |
Provides the ability to track Team Builds via an RSS feed. |
build |
open source |
| TFS Bug Snapper |
A simple tool that allows you to take screenshots and create Bugs in Team Foundation Server with the file attached. |
work item tracking |
free |
| TFS Custom Path CheckIn Policy |
The Custom Path CheckIn Policy works in concert with existing Team Foundation Server (TFS) check-in policies, providing a mechanism that allows you to specify the source control path(s) that a particular policy is allowed to act on. This will allow for example a single Team Project to have one set of Code Analysis rules for a particular folder and completely different set of rules for another folder. It would also allow for filtering what specific items the rules work on for instance enforcing a Work Item for any check-in of files ending in ".cs, .sln, .csproj" but ignore the rule for all other check-ins. |
check-in policies |
open source |
| TFS Event Subscriber |
Team Foundation Server Event Subscriber is a full UI version of BISUBSCRIBE based on a blog and code by Marcel de Vries. |
events |
open source |
| AreaPath Manager |
Simple utility which allows to manage AreaPath and retrieve node Uri to be used with TFSSecurity utility. |
misc |
free |
| BuildTicker |
Tool which sits on the system tray and notifies of builds happening on the server. |
build |
open source |
|
| Team Build Web-view Extension |
A web UI which you can use to see the list of builds, optionally filtered by the Build Type in you favourite borwser. |
build |
open source |
| TFS Integrator |
Continuous Integration (CI) is the process of continually scanning the source code repository for changes, and, once they have been detected automatically kicking off a build process to verify that the code compiles successfully. |
build |
free |
|
| Visual Studio Team System - Pproject Server Connector |
The Connector synchronizes Project, Resource and Task data between the two systems. Project Managers, Resource Managers continue to work in the EPM environment while the development team works in the development environment, i.e. VSTS, and data seamlessly flows between the two systems. |
misc |
free |
| VSSConverter GUI |
An easy to use interface to the VSSConverter command line utility that comes with Team Foundation Version Control. |
misc |
open source |
| Work Item Event Subscribtion Tool |
A tool to help creating workitem tracking subscriptions. |
events |
open source |
| VSTS Work Item Type Designer |
A DSL Tools based Designer (Modeling tool) that allows you to visualize Work Item Type definitions exported from Team System and enables easy modification and creation via a graphical modeling tool instead of the XML document approach currently relied on. |
work item tracking |
open source |
| TFS Permission Manager |
Permission Manager allows TFS administrative users to easily set and modify every aspect of TFS permissions. Using this tool you can add or remove TFS group membership, Reporting Services role membership and SharePoint role membership; set Server and Project-level permissions; set AreaPath and Source Control permissions; create new TFS users with permissions identical to those of specified existing user; save user permissions as template and use it later to create new or update existing users. |
permissions |
free |
| IEeee |
An addin to Internet Explorer to easily allow testers / developers to raise a bug against the currently loaded page. The bug report will be automatically generated to include all the information a developer needs to reproduce and resolve the problem. |
work item tracking |
open source |
| TFS Permission Manager |
TFSBuild Manager supports build type editing, start and stop a build and changing build quality. |
Build |
free |
| TFS Build Manager |
The utility manages build types outside the IDE. |
Build |
open source |
|
Security must be very important to the Microsoft TFS security team, otherwise I cannot really understand why there are 3 different tools you need to use to cover all permissions aspects:
- tf.exe – Installed with Team Explorer.
- TFSAdmin.exe – Separate download from here.
- TFSSecurity.exe – Installed with Team Foundation server.
We are working on document, which will provide a complete reference of TFS permissions aspects, In the meanwhile, let's talk a little bit about TFSSecurity.exe.
This utility deals with group membership, project-level permissions, area path permissions and some server-level permissions.
Note: using TFSAdmin is the only way to set server-level permissions (as far as I know), except for using the API of course.First of all, I hate to say, but TFSSecurity is far from being an intuitive tool. It requires the following command line arguments:
TFSSecurity.exe /a+ <object Uri> <permission name> <member identity> {ALLOW|DENY} /server:<server name>
- Server name – this one is easy
- Member identity – in most cases you will use NT user name (MyDomain\MyUserName) or TFS group name ([SERVER]\Developers), also Sid or AD distinguished name can be used.
- Permission name – where should we get this one? You can see permissions tables with descriptions here.
Note: only permissions in upper case are relevant for TFSSecurity.
- Object Uri – this one is tricky. I was expecting an ability to use a friendly object path (e.g. MyProject\Area\MyModule\BL). Unfortunately there is no such option. We just have to extract the object Uri ourselves; the only way I know of is through the API.
- Retrieving the area path node Uri is relatively easy.
- Retrieving the project Uri is quite different; the value received from the API has little to do with the Uri expected by utility. After some investigation in TFS database I found that you have to concatenate " $PROJECT: " to the Uri to make it work.
- Global permissions: my investigation ended up with the surprising answer: use $NAMESPACE as Uri to set global permissions.
I am attaching a
simple utility to this post to help you with the Uri hunting task. Click on server name and project name to get global and project Uri.
About two weeks ago
I wrote about my first DB Dude impressions. Yesterday night new CTP (CT6) was published. There is a long list of fixes and improvements in this version. You can read about it
here and download from
here. First thing - it is a small download (about 32Mb only). I am setting new version up this very minute. If I'll have any surprises, you will know. :-)
As you all must know, there are no built-in client events in the IDE for editing work items. Since some time we just cannot do without it, we wrote a small add-in that does the job by listening to the ‘OnUpdate’ and ‘OnSaving’ events.
Using the add-in is very straightforward for most scenarios (so we do not bother you with the boring details…), in this post we’d like to tell you about a tricky and interesting scenario we came across.
One of our work items includes a field, which is ReadOnly, we display data to the users but do not let them do any editing. Still, we need to update the field while the work item is being saved. And this is exactly the problem, the add-in is running under the exact permissions as our user, so if the user cannot edit the field, so does the add-in.
Like all good things, the solution is nice and simple: we defined another field, a hidden field:
<FIELD name="ReadOnlyTrigger" refname="SRL.ReadOnlyTrigger" type="String" />
Then, we added some logic: the user (and add-in) cannot write to the Log field only when the hidden field is empty:
<FIELD name="ReadOnlyTrigger" refname="SRL.ReadOnlyTrigger" type="String" >
<COPY from="value" value="" />
</FIELD>
Now, we can define our readonly field as follows
<FIELD name="ReadOnlyField" refname="SRL.ReadOnlyField" type="String" >
<WHEN filed="ReadOnlyTrigger" value="">
<READONLY />
</WHEN>
Note that the ‘copy’ instruction makes sure that the filed is empty, and hence ReadOnly, each time the work item is loaded. When saving the work item, the add-in first writes something to the hidden field, which opens the Log file for writing.
Hi all,
I uncounted a very annoying matter the other day. I was using the IDE to work on our ‘Dev’ TFS and had to switch to the ‘Test’ server to check some assignment I have completed. Although I’ve disconnected from ‘Dev’ and connected to ‘Test’ the list of team projects still displayed to ‘Dev’ projects.
After some research, I realize that the IDE is using some unclean cache. The cache is saved for, each user ,and can be found in "%userprofile%\Local Settings\Application Data\Microsoft\Team Foundation\1.0\Cache".
In order to fix the problem:
- Close all the opened IDEs
- Switch to "%userprofile%\Local Settings\Application Data\Microsoft\Team Foundation\1.0\Cache"
- Delete the ServerMap.xml file and all the sub folders.
After that, we can open the IDE and use the Tools>Connect to Team Foundation Server and get the actual projects.
I’ve spent some time lately playing with VSTE for Database Professionals (CTP5 refresh).
Well, let's see what we have here: VSTE for DB Professionals was announced in May, a couple CTPs were released since. There are still some bugs. Some were fixed in this CTP, other will be fixed (I am sure) in upcoming releases.
This edition was supposed to bring us tools for Database schema management, Unit testing and life cycle management and supply us, for the first time an integrated solution for database Unit Testing and Change Management. The first two are accomplished quite nicely; the third one has a descent way to go to be able to deliver all it promises.
- Unit testing includes robust data generation mechanism (not so simple to use at this stage). Testing can be performed on dedicated sterile database as part of VSTS solution test/build process
- The Change management provides us with the ability to develop in a private "sand box" environment, and to store changes in Team System source control or any other MSCCI compliant provider. You can perform schema and data comparison and share changes through TS "shelving" capability.
- Schema management. The tool allows us to manage database objects through scripts. You can import scripts into project from existing database or external files. Scripts conveniently arranged in familiar hierarchy of Tables, Stored Procedures etc. New T-SQL editor with syntax colorization introduced to work with DB scripts. But… Maybe Visual Studio environment has pampered me, but for me this version lucks the most basic features:
- There is no IntelliSense in T-SQL editor. It is not even planned for V1. I’m aware of the complexity of implementing IntelliSense for SQL, but there are a lot of tools doing a good job in this field. Guys you are smart, you can do it too
- There are no visual designers for database objects. No Table/View designer, no Query builder for T-SQL. Editing is possible in text mode only. Some of those designers exist in other parts of VS (Server Explorer for example). Why not to add a design view for the database project as well? Even better idea will be to create DSL for database objects.
- There is no support for Stored Procedures/Functions debugging. Yes, you can initiate debugging through Unit Test or some custom test project, but I would like to debug SQL while I’m developing, directly from T-SQL editor.
- MS-SQL schemas are not reflected in the database project
- There is no support for ERD or similar diagrams. I would like to see integrated DSL based solution instead of using Visio with separate code generation.
Couple of days ago guys posted
two entries about TFS 180 days trial activation. As the time pass the problem become more and more common. Even if you remember to upgrade from trial in time, activation procedure is still very confusing.
Brian Harry came for rescue. He posted clear explanation of upgrade process together with
TFSVersionDetection utility which is able to check TFS version you running and also extend trial period by 30 days (
once).