问题描述

我正在尝试在 TFS 上设置发布定义，但遇到访问被拒绝消息:

I'm trying to setup a release definition on TFS but I'm running into an access denied message:

我认为我应该拥有此权限，因为我是代理池管理员"组的成员:

I thought I should have this permission, since I am part of the "Agent Pool Administrator" group:

然而，我注意到我的队列没有角色，并且由于某种原因我无法添加角色，我怀疑这与问题有关:

I noticed however, that my queue has no roles, and that I can't add one for some reason, which I suspect to be the related to the problem:

我的问题是如何正确配置权限?我已经在谷歌上搜索了很多，但我仍然无法确定我缺少什么确切的权限.

My question is how do I correctly configure the permissions? I've already googled a bunch but I still couldn't pinpoint what exact permission I'm missing.

[[更新]]

这是 TFS 2015 更新 3

This is TFS 2015 update 3

显然，我自己已经是项目集合管理员，但仍然没有队列权限并且不知道，或者看不到在哪里将自己添加为队列管理员.

Apparently, I am myself a project collection administrator already, but still don't have queue permissions and don't know, or can't see where to add myself as a queue admin.

上述队列是我创建的，但间接地，我创建了代理池并检查了自动配置队列，并创建了队列，但是，如果我尝试直接创建队列，我会遇到另一个访问拒绝"错误

The said queue was created by me, but indirectly, I created the agent pool with the auto-provision queues checked, and that created the queue, however, if I try to directly create a queue, I run into another "Access Denied" error

[更新]

尝试运行 tfssecurity/collection:http://wada-pc:8080/tfs/DefaultCollection/g+ "[Agent Queues]\Agent Queue Administrators" "domain\account"

让我进入错误:拒绝访问:Eduardo Wada 需要以下权限来执行此操作:编辑集合级别信息

但是，我应该有那个权限:

However, I should have that permisison:

推荐答案

是的，您的问题与代理队列角色有关.代理队列提供对代理池的访问.通常，角色下有两个组:

Yes, your issue is related to the agent queue roles. An agent queue provides access to a pool of agents. Usually, there are two groups under the Roles:

代理队列管理员:此组中的人员可以在该池中注册新代理、将用户添加到代理池服务帐户并将其他管理员添加到池中.

Agent Queue Administrators: People in this group can register new agents in that pool, add users to the Agent Pool Service Accounts and add other administrators to the pool.

代理队列用户:对于 Team Foundation Server，您为代理指定的服务帐户(通常为网络服务)会在您注册代理时自动添加.

Agent Queue Users: For Team Foundation Server the service account you specify for the agent (commonly Network Service) is automatically added when you register the agent.

尝试使用创建此代理队列的帐户检查是否可以看到角色，并将您的帐户添加到两个组中.

Try to use the account that create this agent queue to check whether it can see the roles, and add your account into the two groups.

或者，尝试创建一个新的代理队列，看看是否可以看到角色，并部署一个新的代理.

Or, try to create a new agent queue to see whether you can see the roles, and deploy a new agent.

这篇关于创建 TFS 版本定义时访问被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！