Team Foundation Server - application layer for the data layer: authentication, impersonation and authorization

Question

Team Foundation Server - application layer for the data layer: authentication, impersonation and authorization

According to Team Foundation Server Architecture under Groups and Permissions :

Team Foundation Server has its own set of default groups and permissions that you can set at the project, collection, or server level. You can create custom groups and configure permissions at the group and individual levels. However, the users or groups that you add to Team Foundation Server are not automatically added to the two components that Team Foundation Server may depend on: SharePoint Products and Reporting Services . If your deployment uses these programs, you must add users and groups to them and grant appropriate permissions before these users or groups work correctly in all operations in Team Foundation Server.

Authentication and impersonation:

Please confirm your answer with evidence using the profiler trace, configuration fragments or authoritarian descriptions from Microsoft articles (I personally could not find them).

Is integrated security enabled from the application level to the core Sql server?
If integrated protection is enabled, is an impersonation (with a standard configuration) impersonated to impersonate a user's identity within the application level?
If impersonation is enabled, is the application tier responsible for managing database security?
If impersonation is not enabled at the application level, is all interaction with the data layer performed using the TFSService identifier?

Authorization:

As far as is known, authorization is evaluated in the Data Layer or in the Application Layer (i.e. value Project.HasWorkItemReadRightsRecursive)?

Why:

, , - WCF Sql, , Transact-Sql. , TFS .

, , .

+5

authentication tfs sql-server authorization impersonation

Rabid 02 . '12 14:09

1

Derek Evermore · Accepted Answer · 2012-03-07T20:34:05+0000

,

, , web.config - TFS TFS.

1. Sql?

. Web.config : C:\Program Files\Microsoft Team Foundation Server 2010\Application Tier\Web Services

Tfs_Configuration. , Integrated Security.

<add key="applicationDatabase" value="Data Source=YOURSQLSERVER\YOURSQLINSTANCE;Initial Catalog=Tfs_Configuration;Integrated Security=True;" />

2. , ( ) ?

. TFS , Microsoft Team Foundation Server, . TFS web.config...

    <!-- Disable Identity Impersonation -->
    <identity impersonate="false"/>

, TFS - Tfs_Configuration. ( , )

Tfs_Configuration SQL Management Studio "", , " " TFS.

3. , ?

N/A - №2. "". TFS ( Microsoft, : http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24337), "TFSSERVICE", sysadmin * db_creator * SQL. TFS . "Admin Console User", TFS. , "" Tfs_Configuration .

, TFS , , " " , .

4. , TFSService?

. , , , . TFS Web Access TFSSERVICE. ( , ... TFS ... MS, , : D)

: , (.. Project.HasWorkItemReadRightsRecursive)

(Project.HasWorkItemReadRightsRecursive) . . ? TFS. , TFS , . \ , SQL, .

. http://msdn.microsoft.com/en-us/library/ms252587(v=vs.100).aspx , , , , . TFS - .

, ,

, Team Foundation Server, , Team Foundation SharePoint Reporting Services.

? SharePoint Reporting Services , , , (, , ) SQL. Content Viewer, Content Manager .. SSRS, Contributor, Site Collection Admin, Farm Admin .. SharePoint. SSRS SharePoint , SQL.

, . SQL, SQL Management Studio, , . , , ?

Team Foundation Server - application layer for the data layer: authentication, impersonation and authorization

Authentication and impersonation:

Authorization:

Why:

More articles: