Following up from this forum post: http://social.msdn.microsoft.com/Forums/en-US/tfsadmin/thread/67c10439-c35f-42d8-b414-d3c01559cb07 as suggested by Cathy Kong.
As administrator of a TFS 2010 project that is using the Agile process template, I'd like to have a security group with the following permissions:
• Create/update "Bug" work items only
• View all other work items
• Execute work item "Team Queries" and create their own queries
The idea is I want users of my application and members of the QA team to create/update/close bugs, but I don't want them creating/modifying User Stories or Tasks.
Apart from bugs, they should not be able to mess with work items that I am using to manage the project.
One response to the forum post suggests that this could be achieved by setting field-level permissions for all work item types in the project, but this is a lot of work.
What's really needed is a way to apply security at the "Work Item Type" level.