Microsoft Test and Lab Manager and security and permission settings

Within TFS you can set permissions, what people are aloud to do within projects and with 2010 in place also within project collections and within Microsoft Test and Lab Manager.

In some situations, project settings, you want to set these permissions. For example in the TMap process template there are different rolls responsible for different tasks. The Test Manager is responsible for the Master test plan, the Test infrastructure coordinator for the test infrastructure and tools, the test coordinator for the test plans, the runs and reports and the tester for creating and execution of the tests cases.

These rolls/ groups you also can find in the TMap Process Template.


All rolls have there specific restrictions. For example a Test Infrastructure Coordinator is aloud to setup lab environments but a Tester isn’t, and a test coordinator can create a test plan but a tester isn’t. A test manager and coordinator can edit test runs results. A tester can execute test cases but a developer can’t, a developer can change sources but a tester can’t… etc, etc… A frequent ask question by test organizations is: how can a set this restrictions…. the answer is it is easy but you need to have project edit permissions :-)

On several places you can set security permissions.

In the Team Foundation Admin Console, the same settings can be set within Visual Studio menu Team—>  Team Project Collections Setting


You only can set project collection and TFS specific setting at this level, not that interesting for test management.

Within Visual Studio, right mouse click on within Team Explorer or by using the Team menu.


This is a more interesting place to set permissions for the test organization. For example in this setting a test coordinator is aloud to create test runs, but can’t change configurations and environments.


This results in the fact that he must contact the test infrastructure coordinator to maintain the test infrastructure. And he got a message when he tries to change a setting in Lab Center.

lab restrictions

A hidden security setting [I call it hidden because its hard to find in my opinion and I had to search for the projectplan permissions] is a the Area and Iteration menu item, just below the ‘Group Membership’  item.


When clicking the ‘Areas and Iteration’ menu item and click on the bottom right of the dialog what appears you can set permissions for the selected Area node or Iteration node. For the test organization important manage test plan permissions can be set.


When you set this permission so a tester isn’t aloud to manage test plans he gets nice an clean messages when he tries to save one.

testplan restrictions

But, it gets even more interesting. When a tester isn’t aloud to manage test plans he also can’t add test cases to a test plan. So, the create new test case in the plan tab of MTLM also will result in a ‘Not Aloud Message’. While the tester is aloud to create test cases he isn’t aloud to add them to a test plan, within MTLM he has to create test cases in the ‘organize’ tab –> test case manager. So a test coordinator, or some one else who has the manage test plan permission can add it to the test plan.  


I have spoken with test organizations who prefer this way of restrictions also have spoken with who don’t want this. Within the TMap Process Template, you will find a light weight implementation of these permissions settings. [not yet in the download ]

To mention all the permission settings locations, right click on the source control treeview and select properties, you can set permissions for source control in that dialog [ you also have to maintain the reporting server and the SharePoint server separately]. ping me if I forgot a security settings location…

Comments (3) -

Nice post! GA is also my biggest earning. However, it’s not a much.Smile

good stuff here  keep it up man

great view!!! I like your story

Add comment

Şarkı Sozleri