Within TFS 2010 I can right click a build definition under the Builds node, select the Security option and control which group can carry out what activities on that build definition.
My question is how can I control my team members from being able to modify the security settings of build definition. In other words which user group by default has the permission to control Security setting on build definitions and in terms of Agile Process template where is this setting specified?
It turns out that in TFS 2010 there is no single permission or security setting that will allow you to control this. This particular restriction is computed by the TFS security model by looking at the overall security permissions with respect to Build. Specifically these three
“Destroy Builds”, "Manage Build Queue", and "Delete Build Definition"
collectively determine what a user can or can not do per build within TFS 2010