Restrict TFS 2010 access by work item type

1
votes

In TFS 2010, is it possible to give a group of users the ability to update certain work item types, but restrict to read-only access on all others?

2
tfstfs-workitem

2 Answers

3
votes

One way you can do it is by adding required field to work item types you want to control. What you need to do:

  • Export WI type definition xml using witadmin:

    witadmin.exe exportwitd /collection:http://localhost:8080/tfs/DefaultCollection /p:<project name> /n:<WI type name> /f:C:\type.xml

  • Modify WI type xml by adding new field definition to the FIELDS node:

    <FIELD name="Block" refname="Test.Block" type="String" reportable="dimension"> <ALLOWEDVALUES> <LISTITEM value="NotUsed" /> </ALLOWEDVALUES> <REQUIRED for="[Project]\RestrictedUsers" /> <DEFAULT for="[Project]\RestrictedUsers" from="value" value="You don't have permissions to create work items of this type."/> </FIELD>

  • Import updated xml back to the server:

    witadmin.exe importwitd /collection:http://localhost:8080/tfs/DefaultCollection /p:<project name> /f: C:\type.xml

  • Now members of the RestrictedUsers project group won't be able to create/update work items of this type. When they try to save the work item of this type, they'll get an error saying:

    The field 'Block' contains the value 'You don't have permissions to create work items of this type.' that is not in the list of supported values.

2
votes

No I don't believe this is possible to do by Work Item Type. You can restrict access to Work Items based on which Area they are in however. But the security by Area permissions would apply equally to all Work Item Types in that area.