I will try to explain my problem, apologizing for my poor English.
I need to manage multiple accounts in a Team Foundation Server 2015 so that a group of these do not have visibility on some of the solution files, but can still work. This means that, for security reasons, they must be able to build the whole solution, without however being able to read all sources.
Do you have any suggestions?
Thanks you for any repply!
TFS build is using build service account not the user which trigger build. As long as the build service account have appropriate permission, it will get source from TFS server and download to build agent.
The permission in TFS is mutual independence. And permissions can be granted directly to an individual user, or to a group.
In version control permissions, explicit deny takes precedence over administrator group permissions.
You could deny the Read permission for those users. And set the other related build permission such as view build definition and queue build to allow.
Read
Can read the contents of a file or folder. If a user has Read permissions for a folder, the user can see the contents of the folder and the properties of the files in it, even if the user does not have permission to open the files.
Queue builds Can queue new builds.
View build definition Can view build definition(s).
View builds Can view builds belonging to build definition(s).
...