In the Administrator's Guide to Team System (TFSAdmin-v61101.chm ) in the chapter "Planning a Team Project" there is the following recommendation:
--------------------------------------
Do you need different people to have different permissions
Review the task assignments and security permissions for all the team project members. Determine whether:
-
Current team project members will be performing multiple roles in the future work.
-
The same person will need different permissions for different parts of the project.
-
Different people will be performing the same roles as current team members.
If you will have different people with different permissions working on the project, you must create a new team project.
-----------------------------------------
I do not agree with this recommendation as it totally ignores the concept of Areas that can be used for existing Team Projects. For an Area you can define individual security settings.
What is the reasoning behind the recommendation in the Guide
regards,
Martin Born.
Administrator's Guide recommends creating new Team Project if security roles are different.
harvard_isaac
Area paths as a security mechanism don't apply to all of TFS - for instance, the version control system doesn't do any checking against area paths.
Strictly speaking, we have granular enough permissions (area paths, version control items, etc) to make it so you could manage with a single team project, but it makes management more complicated, as you're out of our "default mode" of just adding people to a team project's Contributors/Administrators/etc groups.
It probably shouldn't say "must create a new team project", though. I'll file a bug on that.