Over a million developers have joined DZone.

TFS 2012 – Issue: TF30063: You Are Not Authorized To Access And Can’t Trace Permissions

DZone's Guide to

TFS 2012 – Issue: TF30063: You Are Not Authorized To Access And Can’t Trace Permissions

· ·
Free Resource

Download this white paper to learn about the ways to make a Scrum Team great, brought to you in partnership with Scrum.org

Originally posted as TFS 2012 – Issue: TF30063: You are not authorized to access and can’t trace permissions on Visual Studio ALM - Guidance for agile teams developing software with Team Foundation Server, Visual Studio & Scrum from Martin Hinshelwood

No matter what permissions you set or what permissions you have you get a “TF30063: You are not authorized to access /Services/v3.0/LocationService.asmx” in SharePoint 2010.

Figure: Errors on the TFS components

And you have checked all of the usual suspects and even use the new TFS 2012 permission tracing features to no avail.

Figure: Cannot trace permissions on this item


Applies to

  • Visual Studio 2012 Team Foundation Server
  • Microsoft SharePoint 2010


I don’t know how unique my case is, but if you have searched the heck out of “TF30063: You are not authorized to access LocationService” and you still can’t find the issue then it is simple.

You do not have permission to read items in TFS from SharePoint!

Figure: Ahhhhhhhhhh

But I am logged in as the TFS Service account, TFS Administrator account and a SharePoint Farm Admin… how many more permission do I need! Here is the deal… you have a “deny” in your permission list somewhere. Deny takes presidence over any other permission. So if you have a deny high up but an allow lower down then this is just tough… denied. And if it is doing this for all of your users regardless of permissions or groups then I have a suspension that there is some deny high up in TFS. There are only two groups that apply to everyone…

Figure: [TEAM FOUNDATION]\Team Foundation Valid User

There are two places to look for global deny’s and that is the “Valid User” groups at either the server or at the collection level.

Figure: [DefaultCollection]\Project Collection Valid Users

In this case we upgraded from Team Foundation Server 2008 to 2012 so any permissions carried over would be at the Collection level, so lets start there…

Figure: Really… denied at the Project Collection Level

I can’t imagine what was trying to be achieved by this… so I will leave you with…


Are you trying to rise up and meet the needs of your bushiness in the world of the modern application lifecycle? Does your business want you to deliver more frequently? With the right guidance in process, practices and tools you can rise to the challenge and Northwest Cadence can provide that guidance... call rick.flath@nwcadence.com today to help you define, develop and operate your way to success...

Learn more about the myths about Scrum and DevOps. Download the whitepaper now brought to you in partnership with Scrum.org.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}