I need to give a TFS Project Group contributor privileges to a Source Control subdirectory in a TFS project. I can connect successfully as someone from this group but can't browse Source Control, presumably because the user doesn't have access to the top level of the project. Is there any way to configure access in a manner that doesn't require giving read access to the whole project or maintaining privileges for every folder that shares a directory with folders in the path to the target subdirectory?
Clarification:
Project / Folder1 / Folder2 / TargetFolder
I have set this up by giving them permissions, but to restrict permissions to only TargetFolder and its contents, I need to give the group read access to Folder1 and Folder2. But because the permissions are inherited, I need to deny this group on every other folder under Project, Folder1, and Folder2. This is a maintenance headache and if new directories are added in the future, they will need to have their permissions changed as well.
There is no way to do this out of the box. If you're only going to be doing it rarely, the manual process of denying on the parent folders is going to be most efficient.
If, however, this is a task you think you'll find yourself repeating fairly often, you can create a utility using the TFS API to do it for you.
(Something along these lines. Warning, this is not tested)
When you right click on the folder, go to Properties and then the the Security tab, do you see the group listed for that folder?
You should be able to change the read permissions for folders for separate groups.