Is it possible to prevent usage of scmtools by roles
Accepted answer
you can prevent from SCM save/alter operations by role in the team configuration permission. There is no difference in the operations for UI and SCM tools that I am aware of. The server does not know if it is a UI or the SCM tools.
If you want to prevent certain users from seeing streams you can look into the ownership and visibility options. This is not by role, but by team membership. If you want to allow some users/roles only to be able to see work items and no SCM at all, you can split the work into two project areas and use the read access settings to prevent users from seeing the SM project. Again, this is not by role as far as I can tell.
Comments
Thanks Ralph. I will be more specific :-)
Thanks for the clarification, but I don't know if the server can detect if it is the SCM tools or any other UI. I would guess no. I am certainly not aware of any setting e.g. in the advanced attributes that could switch off specific API's for specific client types..
Maybe someone else can help here.
There is no way to restrict which clients can be used. If you're worried that users will mess up configurations, you'll have to trust they know what they're doing with a GUI as much as the command line. A user can do just as much damage with the GUI, if not more, as with the command line.
You'll be safe against losing data though. Users can't drop a component from your stream without an automatic baseline being created (if changes were delivered since the last baseline). You'll always be able to re-add components back at the state they were dropped.
For deliveries, you'll just have to trust those with deliver rights will deliver the correct change sets. For accidental deliveries, you'll have to manually discard change sets and drop components. Otherwise, you're covered from people accidentally discarding change sets and dropping components.
2 votes
Guess trust is the only option now :-)