Permission Work Item Types in TFS
April 26, 2012 1 Comment
When tracking work items for a development project you may want to capture issues reported by business users. However, giving business users access to TFS can lead to a lot of bugs getting reported that are really just issues that need to be triaged, broken down, or better categorized. One issue may be resolved by fixing 3 different bugs, 2 tasks being performed, and perhaps a test case developed. An issue can then be turned into a bug once the development team has reviewed it, or several different types of work items and related back to the original issue. But how can we ensure business users only enter issues, not bugs?
You might think work item types can be assigned permissions by user or groups. However, TFS currently doesn’t support this. There is a way though to still prevent a group of users from creating work items by type.
- Create a global group for business users and add them as members:
- Install the TFS Power Tools for VS if you haven’t already.
- The Power Tools install the Process Editor which allows you to edit work item types. Open each WIT for your project and go to the workflow tab:
- Select the first transition and set Not to the business user group you just created. The prevents the first workflow step from executing if the current user is in the group.
- Now users in the business group cannot save work items of type Bug:
Of course, this approach merely prevents users from creating work item types they don’t have access to. We still need to train business users to enter issues into TFS since the error message is not very informative. And of course security trimming would be nice but at least we have the bare minimum of access control by item type.