Configuring TFS Project so that users can create/update bugs but modify nothing else - by JocularJoe

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 591121 Comments
Status Closed Workarounds
Type Suggestion Repros 0
Opened 8/30/2010 8:50:43 AM
Access Restriction Public


Following up from this forum post: as suggested by Cathy Kong.

As administrator of a TFS 2010 project that is using the Agile process template, I'd like to have a security group with the following permissions:

• Create/update "Bug" work items only 
• View all other work items 
• Execute work item "Team Queries" and create their own queries 

The idea is I want users of my application and members of the QA team to create/update/close bugs, but I don't want them creating/modifying User Stories or Tasks.  
Apart from bugs, they should not be able to mess with work items that I am using to manage the project.

One response to the forum post suggests that this could be achieved by setting field-level permissions for all work item types in the project, but this is a lot of work.

What's really needed is a way to apply security at the "Work Item Type" level.
Sign in to post a comment.
Posted by SergeLalonde1 on 12/9/2011 at 10:28 AM
We've also run into this limitation as we were setting up TFS. I would have thought that work item level permissions was a given, but obviously not. It seems perfectly logical that the QA group should have restricted access to work item types other than bugs. The QA group shouldn't be able to see the Builds or the Source Control either either, BTW.

I see that this has been marked as "Closed as Won't Fix" for this release. I hope that it will be added to the next release as this is really a very basic feature that is missing.
Posted by Microsoft on 10/22/2010 at 1:31 PM
Thank you for your feedback.

We've added your request to the product backlog.

In the meantime, you can workaround by creating work item type rules that cannot be satified by certain users using the FOR attribute.

For example,
     <FIELD name="Work Item Type Security" refname="CustomFields.WorkItemTypeSecurity" type="String">
         <READONLY />
         <REQUIRED for="DOMAIN\Bug Only Users" />

There are probably other combinations that will yield a better error message.
Posted by Microsoft on 8/30/2010 at 5:04 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(