Prevent all users being able to see all users, teams, groups and iterations in TFS / Visual Studio Online

Question

I am trying to implement a single Team Project with multiple sub-projects as recommended by this guy and this guy. I can control visibility of work items and source control folders but I cannot control visibility of iterations, teams, groups, and members. Say I have Team Project as the parent project of several sub-projects. Project1_Group has permissions only for accessing Project1_Area and Project1_Foler etc.

I place User1 in Project1_Team and Project1_Group and as expected that user can only see work items within that area. But User1 can go to their Administration page and see all iterations, teams and groups defined for the top level Team Project. User1 can even see groups that exist outside the Team Project by viewing the membership of each user within the current Team Project.

This is a lot of information. As far as I can tell, the minimum PROJECT-LEVEL permission I can give to a user is "View project-level information" (or GENERIC_READ at command line). Without this a user gets a 500 error. With it they get access to all information above. Is there some lesser Project-level permission that will allow full access to the relevant Area but deny read access to high level Team Project information?

Answer 1

No I don't think its possible. Iterations, teams and groups will be visible if you have access to the team project. If you want to permission everything in your project group I think creating separate Team Project is the only solution.