We have enabled web access to our TFS 2010 server.
We have a set of users with security settings at all levels so that they can create new work item and view existing work items from the TFS website (http://:8080/tfs/web).
The Issue:
Now, we are trying to add new Windows domain users and provide security settings that match with the above (security settings listed below) so that they can also create new work items and view existing work items.
But no matter what permissions are given, they are
- NEITHER able to see the "New Work Item" section on the left menu,
- NOR able to view existing work items using the "Work Item #" query
on the top right header menu. If they give an existing work item
number and click "Go", they get the error:
TF26198: The work item does not exist, or you do not have permission to access it.
- They can only see "Queries" on the left menu.
- If they search using the Search on the Left side, the "New Work Item" is enabled, but when clicked, they get the error:
You do not have permission to create work items in project 'OurProject'. Contact your Team Foundation Server administrator
My Question:
How do I get users the required permission to create new work items and view existing work items from TFS 2010 web access? Am I missing something in the security settings listed below?
Security Settings:
Security Settings applied from Team Foundation Server Administration Console:
- The user
OURDOMAIN\MyUser
is added to the[TEAM FOUNDATION]\Team Foundation Administrators
group. - At servername > Application Tier > Administer Security: All permissions are checked for Allow for both
OURDOMAIN\MyUser
user and the[TEAM FOUNDATION]\Team Foundation Administrators group
. None of permissions are checked for Deny. - At servername > Application Tier > Team Project Collections > OurProjectCollection > Administer Security: All permissions are checked for Allow for both
OURDOMAIN\MyUser
user and the[TEAM FOUNDATION]\Team Foundation Administrators group
. None of permissions are checked for Deny.
Security Settings applied from Visual Studio 2010's Team Explorer:
- At servername\OurProjectCollection > OurProject (Right-Click) > Team Project Settings > Security > Administer Security: All permissions are checked for Allow for both
OURDOMAIN\MyUser
user and the[TEAM FOUNDATION]\Team Foundation Administrators group
. None of permissions are checked for Deny.
Things that we tried out:
During testing this out, we tried the following but to no avail:
numerous security setting combinations, cleared out cache regularly (Refresh Cache), removed and added areas and iterations (though none of the work items are categorized into them), restarted the TFS website, restarted IIS 7, recycled both app pools: Microsoft Team Foundation Server Application Pool and Microsoft Team Foundation Server Web Access Application Pool, restarted our windows server (Windows Server 2008 Standard).
Exception Trace Log:
Web method response: [http://servername:8080/tfs/TeamFoundation/Administration/v3.0/CatalogService.asmx] QueryNodes[Administration] 4 ms
Web method running: [http://servername:8080/tfs/OurProjectCollection/WorkItemTracking/v3.0/ClientService.asmx] QueryWorkitemCount[WorkItemTracking]
Web method response: [http://servername:8080/tfs/OurProjectCollection/WorkItemTracking/v3.0/ClientService.asmx] QueryWorkitemCount[WorkItemTracking] 11 ms
Web method running: [http://servername:8080/tfs/OurProjectCollection/WorkItemTracking/v3.0/ClientService.asmx] GetWorkItem[WorkItemTracking]
Web method response: [http://servername:8080/tfs/OurProjectCollection/WorkItemTracking/v3.0/ClientService.asmx] GetWorkItem[WorkItemTracking] 25 ms
UserControl: [Error, P 2460, T 3260/8, A 7511460, S 0, 10/18/12 06:31:32.271] { Error occured in user control ASP.ui_controls_workitems_editworkitem_ascx. Url: http://servername:8080/tfs/web/UI/Pages/WorkItems/WorkItemEdit.aspx?id=288&pguid=********-****-****-****-************
UserControl: [Error, P 2460, T 3260/8, A 7511460, S 0, 10/18/12 06:31:32.271] Exception: {
Exception Message: TF26198: The work item does not exist, or you do not have permission to access it. (type DeniedOrNotExistException)
Exception Stack Trace: at Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItem.LoadWorkItem(Int32 id, Int32 rev, Nullable`1 asof)
at Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItem..ctor(WorkItemStore store, Int32 id)
at Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore.GetWorkItem(Int32 id)
at Microsoft.TeamFoundation.WebAccess.UI.Controls.EditWorkItem.OpenWorkitem(String workitemId, Int32 revision)
at Microsoft.TeamFoundation.WebAccess.UI.Controls.EditWorkItem.GetEditorState(NameValueCollection requestParams)
at Microsoft.TeamFoundation.WebAccess.UI.Controls.EditWorkItem.RenderUserControl()
at Microsoft.TeamFoundation.WebAccess.UI.WebAccessUserControl.OnLoad(EventArgs e)
}
UserControl: [Error, P 2460, T 3260/8, A 7511460, S 0, 10/18/12 06:31:32.271] }
Application_Request: [Info, P 2460, T 3260/8, A 7511460, S 0, 10/18/12 06:31:32.303] Application request processing ended for /tfs/web/UI/Pages/WorkItems/WorkItemEdit.aspx?id=288&pguid=********-****-****-****-************.