I use TFS 2013 with one team collection and I have a Project. This project uses area paths to differentiate between teams.
So I have an area Path/Team lets call it "Inventing". This Inventing team has a Product Owner who should only do what a product owner is supposed to do in scrum.
I can add this particular person to the area path and allow him the rights. I want to say: he is the product owner of this AreaPath.
Do I need to create for every area path a TFS Group called "product owner inventing" and add/remove the persons for that TFS Group? Or is there a better solution?
There is no way you can isolate a specific user role like this from the create wizard by default. So yes, you'll need to create a group for the product owner. Remember that work items have links to change sets, so it might be hard to isolate the product owner completely from viewing any code it's not a simple checkbox to tick.
BTW we often do trust external people with the code they're basically owner of. Non Disclosure Agreements and contracts can get a long way in legally closing that loop. I'd expect that the product owner will look over the shoulder of team members, will have opportunity once in a while to access developer workstations, no matter how hard you secure everything. Trust is important in Scrum and Agile, this is one aspect of trust.