Microsoft Team Foundation Server 2015 Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Assigning a license, adding users, and auditing user access

A Scrum Team consists of a product owner, a development Team, and a Scrum master. While your stakeholders aren't part of the Scrum Team, they will need visibility into the product backlog. The Scrum Team is cross-functional and will have the skills to cover design, development, testing, and deployment of the increment. From a tooling point of view, not everyone in the Team may need the same access to TFS.

TFS offers three access levels: Stakeholder, Basic, and Advanced. The TFS license required for the access levels is listed here:

The product licensing has been significantly simplified over the last year. A few key licensing changes have been introduced in TFS 2015 and now in TFS 2015 Update 1:

  • The TFS CAL license has been changed to include access to even more TFS features:
    • Agile planning: All backlog management and sprint planning capabilities in TFS 2015 web access are now available to any user with a TFS CAL.
    • Chart authoring: Chart authoring and the ability to pin/share charts to your project home page are now available in the CAL.
    • Team Rooms: Team Rooms are now available with a CAL in TFS 2015.
    • Test Hub: With TFS 2015, the web-based test experience for executing test cases (for User Acceptance Testing such as scenarios) is now available in the TFS CAL.
  • Buying Visual Studio Team Services, Professional, or Advanced license gives you a free TFS CAL for that named user with it. This provides several advantages:
    • You can now "rent" a TFS CAL. Rather than having to pay a onetime $499 (list price) license cost, you can pay a much lower monthly cost for as long as you need it.
    • Companies using vendors/contractors now have a simple way to manage people who need temporary access to their TFS.
    • The CAL is "always up to date". Because it is a subscription rather than a onetime purchase, you don't have to deal with buying/renewing your CALs when new TFS versions come out. The CAL that comes with a VS Online license works with any TFS version, whereas a traditionally purchased CAL supports only a given TFS version and earlier.

    Access Level and Role are two separate things in TFS. Access Level dictates the features you have the right to use, the Role dictates the permissions. For example, with the basic license, the Access Level includes grants for source control use; however, if you are in the reader role, you will not have permissions to edit the source code.

    The Team Foundation Server Access Levels are closely related to the typical roles in a software project and the activities carried out in those roles. The following table summarizes the feature to access level mapping. So a project supporter will only need a stakeholder license, a project manager or developer will need a basic license, and a tester or portfolio manager will need an advanced license.

    With stakeholder access, users can create and modify all Work Items, and create and save queries on all Work Items under their My Queries folder. (This is a change from limited access, in which users can create and modify only those Work Items that they created, and query and view Work Items they created.) Also, stakeholders can create and modify Work Items using Team Foundation clients such as Microsoft Excel, Microsoft Project, and Microsoft Feedback Client.

  • Standard features include access to the home and work hubs.
  • Can view backlog pages and Kanban boards and add Work Items through the Quick Add panel, which appear at the bottom of the list. It can't move items on the page or use other features.
  • Can view sprint pages and task boards and add Work Items, but can't use other sprint planning tool features.

To set up new users in TFS, the user first needs to be assigned a license and then added to a Team. In this recipe, you'll learn how to allocate licenses and add members to a Team, you'll also learn how to audit user access in TFS.

Getting ready

In this recipe, we'll be allocating the license and permissions to the following users in the FabrikamTFVC Team Project.

In order to add new users to the Access Levels, you'll need to be a collection administrator. To add new users to a Team Project, you need to be a project administrator; if you aren't already, arrange to be added to these groups.

How to do it...

Assigning a user license:

  1. Log into Team Portal and navigate to the Access Level administration screen by browsing to http://tfs2015:8080/tfs/_admin/_licenses:
  2. From the left panel, click on the Stakeholder access. From the right panel, click on the Add button and choose Add Windows user or group. In the Add new user or group window, enter the user details as TFS2015\JohnS and click the OK button:

    Repeat this step to add all users into the Access Levels as specified in the user table in the Getting ready section of this recipe. At this point, you should have one Stakeholder, three Basic, and three Advanced users.

Adding users to the project:

  1. There are two ways to add users to the Team Project. One way is to navigate to the FabikamTFVC project security screen in Team Portal by browsing to http://tfs2015:8080/tfs/DefaultCollection/FabrikamTFVC/_admin/_security. From the left panel, click on the Contributors group, from the right panel, click on the Members tab and the Add... button to add Windows user or group. Enter the user details and click on OK:
  2. The other option is to navigate to the FabrikamTFVC project home page by browsing to http://tfs2015:8080/tfs/DefaultCollection/FabrikamTFVC. From the Members widget, click on Manage..., in the MANAGE MEMBERS OF FABRIKAMTFVC TEAM window enter the user details and press OK. Repeat these steps to add other users listed in the user table in the getting started section.

    Note

    Managing users in TFS is much easier if you create Windows or Active Directory groups for them. If you decide to use Active Directory groups in TFS, consider creating specific ones whose purpose is dedicated to user management in TFS.

Auditing user access

In the next few steps, you'll learn how to extract an audit log to track the last login of users and groups and their access type:

  1. Navigate to the Access Level screen in Team Web Access by browsing to http://tfs2015:8080/tfs/_admin/_licenses.
  2. From the left navigation, click on Export audit log. Open the downloaded CSV file; we'll explore this in depth in the How it works... section.

How it works...

The default Access Level is assigned to a user that is directly added via the Team Project security or members screen. It is recommended that the default Access Level be set to Basic. If a user is assigned to multiple Access Levels, the highest always takes precedence.

Next, let's review the audit log, import the data.csv into Excel. You should see a view similar to the following screenshot. The Last Accessed (UTC) column tells you whether the user has accessed TFS or not; you don't need to pay for a license for users that have not accessed TFS.

上一章目录下一章