I gave an account the read_only permission through team project portal, so the account can read the share document through web access, but can't modify the files. However, when the account is logged in to TFS through vs2010, there is some problem; the share document can be modified! Who can tell me why?
This could happen if that account is added in another group and that group has rights to modify files.
Related
I am trying to add user having Hotmail account but team foundation showing following error.
Can anybody please tell me that how can I add another user in VSTS?
No identities found.
Depends on how your account was set up. If it's Microsoft Account based (LiveID/Outlook.com/Hotmail), then you need to navigate to the account level users hub first.
https://{{account}}.visualstudio.com/_admin/_users
If your account is Azure Active Directory backed, then you need to import these users into Azure Active Directory first, then add them at the account level before being able to add them to a security group.
I'm trying to somehow allow other people to download uploaded files on QuickBase on a different website. I have files on QuickBase uploaded, but people need to sign-in to QuickBase to download it. Is there any other way around it?
You can grant what is essentially anonymous access to one of your Quickbase applications by giving "Everyone on the Internet" a role in your application. It gives anyone with a link to that application whatever access level is defined in the role given. If you want to only share files, you could create a role that has view only access of that specific file attachment field and assign that to "Everyone on the Internet". If you want to be selective about which records are available for download you can include a checkbox to "Make Public" and include that in the role's view logic.
You grant "Everyone on the Internet" access in the add user form for the application. If you start typing "Everyone on the Internet", you'll see it pop up as a recommended user name. If you do not see this as an option, that means that granting open access was disabled by one of your billing account administrators.
Just remember, whatever permissions you grant "Everyone on the Internet" applies to literally anyone on the Internet that has a link to your app. Of course, you can always use a separate file hosting service like Dropbox or Box if you want to avoid the Quickbase issue entirely.
You can allow file downloads for anyone with the link to the file. That's a setting for every file attachment field on QuickBase. Once you go to the specific attachment field setting you will find it under File Attachment field options. It's a checkbox called "Allow access to this file attachment from a Quickbase link without signing in". For me, that's prefered compared to giving everyone access to the app and restricting all the other fields by role.
I have a user requesting that an employee be allowed to access only a specific sub-area in a project.
No access to the source code, no access to tests, only access to a single "area".
I have tried granting the user access as a Reader, and then setting specific security permissions on the area node. The business complains that the user has access to everything.
Is this possible to accomplish with the TFS 2013 security model?
Not trivial, the solution goes along this line.
Remove from the individual any groups except "Valid Users".
The user account must have "View project-level information".
Give the individual "View work items in this node" by right-clicking on the Area node he/she must have access.
You can add additional permission in this latter, if the person requires write access.
Define a new TFS group for these "special users".
Click on the Group Membership. This should open up the web page in IE.
Now click on the link "Create TFS Group" on the top left hand side.
Create a new TFS group for these special users. Lets call it "Special Users".
Remove the UserID of these special users from any other TFS groups that they are present.
Go to the specific sub-area in the project which they need access to. 1. Right click the file -> Advanced -> Security
Now here you can define the rights for your new "Special users group". Give them just the read access and deny everything else.
I have developed a small outlook add-in using VS 2010 and InstallShield. The plugin scans email content while composing the email and allows or blocks the sending of email based on some keywords.
This plugin was configured to install as "PER MACHINE" and installed through admin login
while blocking, plugin creates a text log of that action. Currently, The log file is created in C:\Program data\addin.log.
But non admin users are able to edit this log file.
Is there a way, to configure the plugin, to create a log in a location which cant be accessed by non-admin users ?
You can configure the installer to create a log file in the Application Data folder of the user. Thus, a log file will be created in the admin's profile and non-admin users will not be able to access it without granted privileges.
You may find the Deploying an Office Solution section in MSDN helpful.
Could anyone tell me please how can I grant permissions on creating Group Policy Objects to user or group (NON-domain-admin, just domain-user). User should be able to create GPO only in specific OU and children OUs but wan't be able to create or edit GROs in others. How to do it?
P.S. Domain is based on Windows Server 2012.
GPOs are not created in OUs, but they are linked to them. So you need to adjust ACLs in two places:
The user in question must have the access right to create GPOs in your domain. And he must have the access right to link GPOs to the OU in question.