Big and Visible boards in TFS

We have teams starting to use TFS to walk their boards throughout the day.  Previously they used sticky notes or whiteboards with cards.  During this transition some teams have a desktop setup that refreshes the electronic TFS Kanban board (User Story level and above).  Desktop was nice enough to setup a service account with a policy to prevent the screen from locking.  This keeps the Agile philosophy to keep work visible.

What's wrong with this picture?

Well if you add this service account to the team it becomes a contributor.  So anyone walking by now has complete access to the source code.  It probably shouldn't as the purpose of the service account logged in for display is just for board purposes only.

Solution

You will need to explicitly deny this user any access to source control.  Since this may become more than one user I created a new TFS group called NoVersionControl.  This group is denied read for the team project under  the Version Control security tab.

This same group I set to have the same permissions as the Readers group so that it can view the board and test runs.

In addition you will need to mimic the Readers group at the root area for the team project.  Just go to Areas and right-click on the area.  Edit the security to grant Allow access to the NoVersionControl group to View permissions for this node and to View work items in this node.

You will need to buy a Microsoft CAL to be compliant since it is viewing Agile Boards.

Do you see a problem with this setup?