We have a TeamCity instance with a variety of projects and build configurations on it, with no security set up at present. Although it's OK for most of the projects to be publicly visible, we'd like to set up a couple of projects that are only visible to certain users.

Because there are many public projects already set up on the server, across a variety of teams, we'd like to avoid setting up restrictions on everything - that is, we'd rather use "deny access to project Z" than "allow access to project A, allow access to project B, ..., allow access to project Y".

How can I restrict access to these projects without affecting the public projects?

In case anyone still needs an answer, this can be done by TeamCity itself.

1. Go to Administration -> Groups -> 'Create new group'. For example, public
2. Assign roles to this group. You can choose 'Grant role in selected projects' radio button and choose those public projects and click Assign button.

I wanted to Create 'Testers' group and give them permission to trigger deployments for 'Test Build Configuration' only. Here is what I did. (BTW, this is TC 9.1 )

1. Go and 'Enable Per Project Permissions'

2. Created a role 'Project Tester' under 'Roles' and assign permissions 'run build' to the role

3. Created a group 'Test Team' and assigned the role 'Project Tester' to it.

And obviously, add the users to the group. Hope that helps someone.