This command-line utility uses the Team Foundation Server object model to connect to a server, retrieve all team projects and then retrieve all the areas and iterations. It then outputs XML to a specified file or the console. The output could then be used with tools like TFSSecurity.exe to apply area-level permissions.

Usage

ListProjectAreas.exe http://server:8080 output.xml

Sample output

Download

Download v1.0 Source and Binary from my TFS ListProjectAreas workspace on ProjectDistributor.

Why?

We came across a problem today at work while setting up a new TFS server to be shared by a number of development teams. There are several applications each managed by different development teams within source control folders within a single team project. The Team Foundation Server Permissions MSDN article makes mention of “You can also set area-level permissions for viewing and interacting with work items on a project basis.” however it doesn’t go into much detail on how to do it.

Things don’t have to be this complicated if your projects can exist as separate team projects go with that layout. However the current architecture and management of our application neccessitated that we have multiple teams working out of the same team project managed by area-level permissions. See Martin Woodward’s post on Team Projects if you’re not sure about your situation.

An example best describes our setup:

$\[Team Project]   \Framework   \SubProject1 (SubProject1Team_Contributors)   \SubProject2 (SubProject2Team_Contributors)   \SubProject3 (SubProject3Team_Contributors)

Groups have been setup within TFS to map to each of the development teams. For example “SubProject1_Contributors”.

To manage access on the version control repository “tf.exe permission” was used and permissions were applied to each SubProject folder. This was all fine.

We are then using Areas within the team project to manage the individual subprojects. The problem came when we wanted to restrict permissions within these areas. The TFSSecurity.exe tool allows you to add specific ACLs to Team Project Areas but requires you to know “Area objectID” or “URI of the access control object” – no friendly names!!

I would’ve expected you could do something like:

TFSSecurity.exe /a+ “[Team Project]\Area1” WORK_ITEM_WRITE “[Team Project]\Contributors” ALLOW

But instead of [Team Project]\Area1 you have to specify the URI which corresponds to the area. e.g.

vstfs:///Classification/Node/53f0b4cf-dae2-4c87-a74d-23e0eb1f0335

Is there an easy way to get this? Not through Team Explorer. You have to dive into the tfs object model. Thanks to this MSDN Forums post I was able to get a list of areas and iterations for all team projects.