TFS 2010 source control permissions history \ "changed by"

Question

Is there a way in TFS to get the history of the permissions to an object in source control? Or to pull a log of the individual who changed those permissions.

Case in point... I lock users out of certain areas of source control during various periods in our SDLC by removing check-in permissions. There are only a couple TFS administrators who have rights to manage the permissions to objects in source control. Somehow, some people are gaining permissions to these locked out objects... someone is adding their user accounts.

None of my TFS admins claim to have made the permissions changes... so I've either got an admin who is not owning up to it... or some other kind of security problem.

I need to be able to audit the permissions history to see who made changes to permissions and when.

Taylor Lafrinere Taylor Lafrinere · Accepted Answer · 2012-05-03T16:09:18

Currently TFS doesn't keep a log of security changes. It is something we have on our backlog. I would suggest that you go to the TFS User Voice site and vote for this feature.

As a workaround, you could create a new group called "almost-admins" and then grant that group all of the permissions except for the ability to administer permissions. Then you could move everyone but yourself out of the administrators group and into the new "almost-admins" group.

TFS 2010 source control permissions history \ "changed by"

1 Answers