How to: Remove Access to Source Control Files
As a Team Foundation administrator, you may have to remove access to a file that is under source control. For example, someone may check in a file infected with a virus.
The following procedure provides the details for removing the file by using the user interface or the tf command-line utility. Access is removed by overwriting the bad version with a clean version and adding the clean version to the database. By setting the read/write permissions, you can prevent the file from appearing in Source Control Explorer.
Note
Although the file remains in the database in a deleted state, do not remove the row for the file directly from the database or you may experience unexpected results.
Warning
If you remove the Read permission for the Service Accounts security group on a file or folder that is under source control, the VersionControl.Adapter might not be able to read the file or folder. If the adapter cannot read the source control information to the data warehouse, the adapter will write a message in the application-tier event log similar to The service account might not have permissions to retrieve this changeset. Without the source control information from the file or folder, the data warehouse, and subsequent source control reports, might not be completely accurate.
Required Permissions
To remove access to Team Foundation source control files, you must belong to the Team Foundation Administrators group. For more information, see Team Foundation Server Permissions.
To remove access to a file under source control
On the Visual Studio View menu, point to Other Windows, and then click Source Control Explorer.
Locate and check out the file that you want to remove.
In the Check Out dialog box, verify that the correct file is selected, then click Check Out in the Select lock type options.
Create a new file and save the file in the same location and with the same name and extension as the file that you want to overwrite the latest version.
Check in the file.
Note
You might want to make sure that any client user who has a local copy of the file on their computer removes any reference to the file in Visual Studio's Solution Explorer and manually removes any copy of the file on their client computer.
Open the Properties for the file, click the Security tab, and clear the Inherit Security Settings box.
Click deny for each user and group except the Administrators.
Click OK and the file is removed from Source Control Explorer.
To remove access to the file from the command line
Open the command line and use the CheckOut command of the tf utility to obtain a write-enable version of the file that you want to remove. For example:
tf checkout myfile.cs
Create a new file and overwrite the file that you want to remove.
Use the CheckIn command to replace the version of the file in the database.
For example, you might want to add a comment describing that you overwrote the file and that the permissions are denied.
tf checkin /comment:"Overwrote bad file and denied permissions."
Use the permission command together with the /deny option to change the permissions to that file for a user or a group.
For example, you can use the following command to deny read permissions on the file to groups on the ADATUM domain.
tf permission /inherit:no myfile.cs
tf permission /deny:read myfile.cs /group:ADATAUM\Group1, ADATAUM\Group2 myfile.cs