How to provide non-admins access to activity and job pages

Buck Hodges

When we shipped TFS 2012, we introduced a feature in the web UI that makes it easy to look at the activity and job history. In the post I mentioned that you had to be an admin to be able to see the information. A question about this came up last week, and Sean Lumley, one of the folks who built the feature, pointed out there is a specific permission for this.

The permission is called Troubleshoot and it is in the Diagnostic security namespace. These are not exposed in the web UI for setting permissions, so you have to use the tfssecurity.exe tool.

Here’s an example command line that gives a TFS group called “diag test” the permission to see this info. Anyone added to the “diag test” group would then have access to these pages.

C:\Program Files\Microsoft Team Foundation Server 12.0\Tools>TFSSecurity.exe /a+ Diagnostic Diagnostic Troubleshoot n:”diag test” ALLOW /server:http://server:8080/tfs


Follow me on Twitter at


Leave a comment

Feedback usabilla icon