I have developed a TFS web extension. I have some auxiliary data that I've placed on a separate page, which is currently accessed from a hub. I want to restrict access to that data so that it can only be changed by people with certain permissions (e.g. only people who have the "Manage project properties" set to Allow).
Both hubs were created by following these instructions, but it doesn't seem to mention how to restrict access to the hub.
According to this, I can't restrict access to a hub group, and it sounds like this may also apply to a hub.
Is it possible to hide the hub based on the user's permissions? If not, what are my options for restricting access to the auxiliary data?
Yes, this is also apply to a hub. At the code level, as a extension author, you could not limit your extensions' access to specific users or groups.
For now, there is also no way to specify the users or groups to access the installed extension in web portal or server side (expect the priced).
There has been a related user voice, you could vote and follow up, TFS PM will kindly review the suggestion.
VSTS extension restrict for specified users or groups
One way maybe work: if a user doesn't have access to the various data that the extension pulls from TFS/VSTS, they will have parts of this extension not work. However, you could not hide the extension and its link entirely for a user by now.