How to: Set Share Permissions for a Database
As the database administrator for your team, you must create two groups of Windows users to share the database and limit access to the administrative programs installed in the Visual SourceSafe Win32 directory. Each user assigned to a group inherits the group permissions. Information about which Windows groups have permissions to access or modify a resource or file is contained in the Access Control List (ACL) for that resource or file. For more information about access control, see the Windows Help.
Note
To be able to restrict database access as described here, you must be a Windows administrator for your computer. The database must be installed on an NT file system (NTFS) because NTFS allows you to grant permissions for individual files and folders. The file allocation table (FAT) file system applies the same permissions to an entire share.
You will need to define an Administrator group for one or more database administrators, to include yourself, and a User group for regular database users. A database administrator has full access permissions for the databases and manages database users and content. A regular user performs basic database tasks through Visual SourceSafe Explorer or the command line utility, or by means of a SourceSafe plug-in in a third-party program, such as Visual Studio.
Note
The user name Admin is the only user name that can be used to log in to Visual SourceSafe Administrator. Any member of the Administrator group must log in using the user name Admin and the associated password.
Creating the User Groups
To create the Administrator and User groups:
On the Windows desktop, right-click My Computer, then click Manage.
In Computer Management, expand System Tools and Local Users and Groups.
Select Groups.
Right-click New Group, and fill in the group name and description to create an Administrator group, for example, VSS_DB1_Admin.
Use the Add button to add all database administrators to this group.
Click Create.
Repeat the above steps to create a User group, for example, VSS_DB1_User, and add users to that group.
Using Windows Explorer, navigate to the Visual SourceSafe database directory (containing the Srcsafe.ini file), and then select the directory.
On the File menu, click Properties, then click the Sharing tab.
Select Share this folder.
Type a new share name if you do not want to use the default.
Now click Permissions. You'll be working with the Group box.
An Everyone group is added automatically when you share the Visual SourceSafe database folder. Select this group in the list of user groups, and click Remove.
Ensure that the Group or user names box lists only the user groups that you have specified.
Now you can assign file access rights as described in "Assigning File Access Rights."
Assigning File Access Rights
With the user groups defined for the database, you must ensure that these groups have the correct file access rights for the Visual SourceSafe directories and files. Note that the directory permissions are inherited by all subdirectories.
To assign file access rights to the user groups:
In Windows Explorer, navigate to the Visual SourceSafe database directory (containing the Srcsafe.ini file), and then select the directory.
On the File menu, select Properties, then Security, after which you can click Add.
In the Select Users, Computers, or Groups dialog box, click Locations.
Select the location that contains the user groups that you have created and click OK.
Enter the Administrator and User group names and click OK.
Select the Administrator Group, and check Full Control.
Select the User Group, and check Read and List Folder Contents. Leave all other boxes clear.
Click OK to save these settings.
In a similar way, make the settings shown in the following table for all Visual SourceSafe directories and files.
Visual SourceSafe Directory/File Administrator Group User Group Win32 directory (if available)
Read and Execute
No user access
Data directory
Full Control (inherited)
Modify
Temp directory
Full Control (inherited)
Modify
Users/<username>
Full Control (inherited)
Modify
<shadow folder> (optional)
Full Control (not inherited)
Read (read-only users)
Modify
VssWebUpload
Full Control (for remote access)
Modify (for remote access)
VssWebDownload
Full Control (for remote access)
Modify (for remote access)
You might want to ensure that permissions assigned to a directory will not be inherited by its subdirectories. In this case, in the Inherit from parent box, select the entries that apply to subdirectories and click Remove.
Click OK to accept all your settings.
Assigning Share Permissions
You must also ensure that the Visual SourceSafe directories have the correct share permissions. Note that the directory permissions are inherited by all subdirectories.
To assign share permissions to the Visual SourceSafe directory
In Windows Explorer, go to the Visual SourceSafe database directory that contains the Srcsafe.ini file, and then select the directory.
On the File menu, select Sharing and Security.
Click Share this folder, and then click Permissions.
Select the Administrator group, and check Full Control.
Select the User group, and check Change.
Click OK to accept all your settings.
See Also
Tasks
How to: Create and Maintain Shadow Folders