Managing permissions of a VSTS/TFS sometimes become a nightmare specially if you have many teams groups etc. created in your account and in team projects. It is important to have a way to find group membership of an individual or group, so that you can analyze where the memberships are assigned in order to make required maintenance or change permission activities. Lets look at a command which can help you find that information quickly.
tfssecurity is a command line tool made available to you if you have Visual Studio team explorer installed (default path C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer) or in on-premises TFS server Application Tier. You can read documentation about various types of usages of tfssecurity command line from here.
For our problem of finding which groups or teams a user if member of in VSTS/TFS we can utilize this command with /imx which will list all group membership. To use this command you need View collection-level information or the View instance-level information permission set to Allow. You can use developer command prompt of Visual Studio in administrator mode or normal command prompt in admin command prompt and change directory to the path where tfssecurity is or add tit to path variable, in order to use the command below.
tfssecurity /imx Identity [/collection:CollectionURL] [/server:ServerURL]
For VSTS you can provide the VSTS account url for collection url parameter. and for identity you have to use something similar to “email@example.com” to pass the user identity you want to evaluate for permissions. It can even be VSTS group or team name.
Using with a user of VSTS
tfssecurity /imx "firstname.lastname@example.org" /collection:https://vstsaccountname.visualstudio.com
You can execute this command with a team or a group of VSTS/TFS to see the member list of the group and which groups this group/team is member of.
tfssecurity /imx "[teamproject]\ABC Team" /collection:https://vstsaccountname.visualstudio.com