We are trying to follow the branching strategy from the TFS Branching Guide and have reached the point where we have made a branch representing a release, which should now be made read-only.
In the Properties|Security tab for the branch, it presents six user groups each with 10 permissions other than Read. Do I have to go through and click Deny on 60 check boxes, or is there a better way to make this branch read-only?
Right-click the branch in the Source Control Explorer, and select the Lock... option
EDIT: This seems to get missed a lot when people are finding this so I'll make it more obvious.
Locks appear as a "pending change" for the person who locked the item. As long as the lock is in effect, it will appear as a pending change. When a commit is made of that pending change, the lock is released. While the lock is in effect, the locked branch is effectively read-only, since (to simplify) the locker is the only user who can make commits. The act of committing is what releases any locks on the branch.
h/t @AakashM for pointing that out in the comments
As a quick-n-dirty, you could Lock it for Check Out (although the locker would have to remember to keep the lock in their pending changes forever... which makes me think there's a better way)
To answer the 2nd part of the question -- removing or denying the Read permission effectively denies everything else.
As is mentioned above locking is not a very nice strategy. The correct way of handling this is setting permissions.
You can effectively make files readonly. Users trying to modify the files will get a message 'checkout denied'
https://msdn.microsoft.com/en-us/library/ms252587.aspx#project_level
In VS2013: Team Explorer -> Settings -> Security/Version Control
Deny Check In for domain\domain users
If you have inheritance set to 'On', the best way I've found is to:
Then, all groups within the Reader group will inherit the 'Deny' permissions and not be able to do anything but read.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 放荡不羁爱自由 的文章《Making a TFS Branch Read-Only》','https://www.manongdao.com/article-227671.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}