TFS 上的访问被拒绝 - PendChange 权限
当我尝试从 TFS 检出文件时出现错误 TF14098:访问被拒绝 用户 [用户名] 需要 [路径] 的 PendChange 权限。
我已将用户添加到贡献者组,但仍然不允许他们签出文件。
When I try to check out a file from TFS I get the error
TF14098: Access Denied User [username] needs PendChange permission(s) for [path].
I have added the user to the contributor group but it still won't let them check out a file.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
有时,权限可能需要一些时间才能同步。
http://msdn.microsoft.com/en-us/library/ms400712 .aspx#doesnottake
Sometimes it may take a bit for the permissions to take synchronize.
http://msdn.microsoft.com/en-us/library/ms400712.aspx#doesnottake
这是令人沮丧的愚蠢行为。 因此,如果您遇到类似的问题,但找不到需要更改的实际权限,并且似乎无法找到通过 IDE 设置这些权限的位置,那是因为您需要实际访问右键单击项目并选择“高级”->“安全”,而不是转到“团队”->“团队项目设置/团队项目集合设置”->“安全”,即可设置权限。 您也可以使用 tf 特殊 tf 命令通过 tf 命令行执行此操作,但我对此遇到了问题。
This is frustratingly stupid. So, if you're having this similar issue, but you can't find the actual permissions you need to change and can't seem to find where these permissions are set via your IDE, it's because you need to actually access the permissions by right-clicking on the Project and selecting Advanced->Security, not going to Team->Team Project Settings/Team Project Collection Settings->Security. You can do this with tf commandline too using tf special tf commands, but I had issues with that.
如果系统已经知道您修改的用户(或 AD 安全组),则更改应该是即时的。 同步仅在相反的情况下发挥作用:安全组已允许 PendChange,然后 Windows 管理员向该组添加了新用户。 TFS 在下一次计划同步期间与 Active Directory 对话之前不会知道更改。
您所看到的最可能的原因是权限继承。 即使用户被明确允许某个权限,任何适用于他的拒绝 ACL 都将覆盖该权限。 例如,在父项上设置的 ACL 可能会被继承。 同样,如果用户是两个组的成员(例如贡献者和读者),他的 ACL 可能会发生冲突,而“拒绝”将始终获胜。
此外,2008 SP1 中的继承模型略有变化。 请参阅:
If the user (or AD security group) you modified was already known to the system, changes should be instant. Synchronization only comes into play in the opposite scenario: a security group already had PendChange allowed, then a Windows admin added a new user to that group. TFS won't know about the change until it talks to active directory during the next scheduled sync.
The most likely cause for what you're seeing is permission inheritance. Even if the user is explicitly Allowed a permission, any Deny ACLs that apply to him will override it. For example, ACLs set on a parent item might be inherited. Similarly, if the user is a member of two groups (eg Contributors and Readers), he could have conflicting ACLs in play -- and Deny will always win.
In addition, the model for inheritance was changed slightly in 2008 SP1. See:
使用 tf perm 和 tfs ui,我发现通过在 TFS 2015 的安全选项卡中向指定的用户组授予项目根目录的 Checkout 权限来授予
PendChange
权限。PendChange
= 签出权限Using tf perm and tfs ui I found that the
PendChange
permission was granted by giving the specified usergroup Checkout permissions to the root of the project in the security tab of TFS 2015.PendChange
= Check Out permission从子分支合并到父分支时,我遇到了同样的问题。 项目管理员组的成员本身不允许合并到该分支。
检查“tf perm”后,确保该组的该分支没有拒绝权限。
在检查了很多地方后发现该分支中有一个由开发人员删除的结账。 使用“在源代码管理中查找”找到了这个 -> Status” -> Checkout Find。
后来发现有权访问该分支的开发人员在离开公司之前尝试删除该分支(作为清理的一部分)。我撤消了该更改(通过选择该结帐使用撤消)合并开始起作用了,
我仍然不确定这是如何发生的,也不知道原因,但是对于在合并中遇到此问题的人,请检查一次所有结帐,如果您发现了一些。签出(例如删除)很奇怪,撤消它并重试这可能是一个原因。
I experienced the same issue when merging from a child branch to a parent branch. A member of the Project Administrator group itself was not allowed to merge to that branch.
After checking with "tf perm ", made sure there are no Deny permissions for that branch for the group.
After going over lot of places found that there is a delete checkout in that branch attributed to a developer. Found this using "Find in Source Control" -> Status" -> Checkout Find.
Later found that a developer who had access to that branch had attempted deleting the branch (as part of cleaning up) before he was leaving the company. I undid that change (using undo by selecting that checkout) and Presto! the merges started to work.
I'm still not sure how this would have even happened and don't know a cause. But for anyone who face this issue in merges, please check all your checkouts once and if you find some checkouts(such as delete) as weird, undo it and try again. That might be a reason.
从 TFS 中的团队项目中删除读者权限,这将阻止编辑文件。
我已经在 TFS2013 中检查过这一点并且工作正常。
Readers permission to be removed from the team project in TFS, This will prevent editing the files.
I have checked this in TFS2013 and works fine.
问题解决了。
TFS UI->管理->项目->管理项目安全-> 转到版本控制选项卡-> 选择角色。
如果用户无法签入和回滚需要提供读取权限 需要在那里办理入住和退房手续。
Issue solved.
TFS UI->administer->project->manage project security-> go to version control tab-> select the role.
if user is not able to check-in and rollback need to provide permissions of read && check-in and check-out need to be allowed over there.
就我而言,下面的链接效果很好
http://ravendra.wordpress.com/2010/06/04/tf14098-access-denied-user-user-needs-pendchange-permissions-for-source-control-folder /
“这基本上会告诉您所有具有权限的用户/组的列表。从此列表中检查您作为成员的组是否被拒绝 PendChange 或直接拒绝您。如果是,则采取必要的操作删除它的步骤
是,拒绝始终优先。假设您是 TFS 管理员的成员(允许所有权限)并且也是项目读者(除了 PendChange 被拒绝),那么读者的 PendChange 将优先。将不允许删除。”
更新:
对于 TFS 2012,请使用“VS2012 的开发人员命令提示符" 并检查:https://msdn.microsoft.com/en-us/library/0dsd05ft(v=vs.100).aspx
In my case this link below worked well
http://ravendra.wordpress.com/2010/06/04/tf14098-access-denied-user-user-needs-pendchange-permissions-for-source-control-folder/
"This will basically tell you list of all users/groups with their permission. From this list check if any the group you are the member is denied for PendChange or its directly denied for you. If yes then take the necessary steps to remove that.
Point to note here is Deny always takes precedence. Let’s say you are member of TFS Admin (where all permissions are allowed) and also project reader (where except PendChange is denied) then PendChange of reader will take precedence and you will not be allowed to delete."
Update:
For TFS 2012 use "Developer Command Prompt for VS2012" and check: https://msdn.microsoft.com/en-us/library/0dsd05ft(v=vs.100).aspx
在我的场景中,当我被添加到项目的管理员组时,此错误已得到修复。
In my scenario this error was fixed when I was added to the admin group for the project.