Recently I wanted to give everyone who has access to TFS [Read] permissions to a specific folder in Source Control. When going through the Security settings I came across an interesting group [Project Collection Valid Users]. It contains all the team projects valid users. Sounds just like what i need.
I fired up Source Control Explorer from VS 2012 and navigated to the Special folder under the TFS_Rights Team Project. I clicked [Advanced/Security] from the context menu. That fired up the Web Access client for the Team Project. I navigated to the Readers group to see if there was an option to add the [Project Collection Valid Users] group to it.
Unfortunately that group is not available to add through the user interface.
So what to do next? Create a new TFS group and add all the users and keep it up to date?
Possible but i there might be a way out….. TFSSecurity to the rescue! Running the following  command will actually add [Project Collection Valid Users] to the Specific folder.Â
tfssecurity /a+ VersionControlItems “$/TFS_Rights/Special Folder/” Read “[DefaultCollection]\Project Collection Valid Users” ALLOW /collection:http://10.0.0.12:8080/tfs/
Executing this command will give you confirmation that it was successful.
Now lets see if the interface acutally knows about it:
Voila! It’s all there! Mission accomplished!
Jasper Gilhuis 