I created a new VSO account and created a new project in it. In this project I added Iterations, Areas and Teams. So I have one big project with multiple teams in it.
I gave the teams specific access to one Area, so they only see the work items in this area.
When I add a member to a specific Team, this member can access all the different teams, and so can access work items that shouldn't be accessed. I found this website (http://blogs.msdn.com/b/danhellem/archive/2014/06/11/how-to-implement-multiple-team-strategy-in-team-foundation-server-2013.aspx) that explains exactly the security system I want to implement, but when I follow his steps, I still have the same problem.
My current setup is as follows:
- Team A - No permissions set
- Team A - Has 1 member, a new VSO Group "Team A Contributors"
- Team A - Is member of the VSO Group "Project Valid Users"
- VSO Group "Project Valid Users" - No Permissions Set
- VSO Group "Team A Contributors" - Only got the permission "View Project-Level Information"
- User A - Member Of 'Team Foundation Invited Users' and 'Team A Contributors"
- User A - Permissions, only inherit allow "View Project-Level Information"
When this user goes to visualstudioonline.com, and selects 'Browse' at 'projects & teams', this user sees the Collection, Project, and All Teams (A/F). This user can goto all these levels, and sees the information in it.
How can I fix this, so this user only sees his own team and the information in it?
See screenshow below, even though a team has no members you still can navigate to it (and see it):
