TFS Security: Where is the "Create a new Publisher" permission?

2
votes

I'm trying to publish my web extension to an on-premises TFS 2017U3:

tfx extension publish --service-url "http://fqdn:8080/tfs"

It tells me the account doesn't have permission to "Create a new publisher":

Checking if this extension is already published It isn't, create a new extension. error: Received response 403 (Forbidden). Check that you have access to this res ource. Message from server: Failed Request: Forbidden(403) - Access Denied: (account name) needs the following permission(s) on the resource to perform this action: Create a new publisher

I've checked the following links, but none of them mention any "Create a new publisher" permission:

Where can I find the "Create a new publisher" permission?

1
tfsazure-devopsazure-pipelines-release-pipeline

1 Answers

3
votes

You could try this:

1 - At the server level, create a group, for example, "TFS Extension Publishers":

tfssecurity /gcg "TFS Extension Publishers" "publishers who can manage extensions for the server" /server:ServerURL

2 - Grant access to the "TFS Extension Publishers" group to manage extensions:

tfssecurity /a+ Publisher "//" CreatePublisher n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

tfssecurity /a+ Publisher "//" PublishExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

tfssecurity /a+ Publisher "//" UpdateExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

tfssecurity /a+ Publisher "//" DeleteExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

3 - Add existing users and groups to the "TFS Extension Publishers" group.

tfssecurity /g+ "[TEAM FOUNDATION]\TFS Extension Publishers" n:User /server:ServerURL

Full reference: https://docs.microsoft.com/pt-br/vsts/marketplace/how-to/grant-permissions?toc=/vsts/security/toc.json&bc=/vsts/security/breadcrumb/toc.json&view=tfs-2017