1

Making TFS 2012 Work Item Types Read-Only Based on User Roles

by Angela 14. January 2013 09:35

Warning: this is most certainly NOT the most elegant solution to the problem. It’s a known shortcoming, or maybe it’s a feature, that you cannot limit access to an entire work item based on a user’s role in TFS.  I can limit transitions, and access to individual fields, but for very large and complex work item types, this is cumbersome and fragile. In a nutshell, I am trying to limit access to specific work item types, so that they are only editable by specific groups of people, and I had posted it to the forums to no avail.  So here is my ugly solution which for now, is sufficient. 

I started with Gregg’s post from 2009 that provided a workaround to my issue, but the error message thrown has changed in such a way as to make it even less intuitive as to what is going on. Below is the implementation of his suggestion and the resulting user experience:

image

image

The other issue with the above solution, is that it only prevents a user from CREATING that work item type, I need the user to also not be able to edit the item.

 

So I decided to try something a little different. I created a custom field, that is never displayed on any form, specifically for the use of locking down work items since we have several scenarios where we have to enforce read-only access to a work item type for certain users. I called it “UserAccessDenied”, since that is at least indicative of the issue when displayed to a user.

clip_image001

Like I said, the field is never displayed to a user, so it should never be populated.  We make that field required for any user that should NOT be editing the work item as below, which prevents them from saving it since it will always be empty:

clip_image002

 

Still not an awesome solution but at least now the provided error is a BIT more helpful, and the client was happy which is all that matters right? Smile 

image

image

 

You can provide a better experience to the user if you have the ability to create custom controls or write listeners that capture work item events to handle this. Where I am, they want something easy to maintain that does not require any kind of code to be written or maintained. So it is what it is.  If you, like me, would find the ability to set access permissions at the work item level, vote on my suggestion here.

 

And as always, if YOU have come up with a better way to do this, I’d love to hear about it!

Tags:

ALM | Application Lifecycle Management | MSDN | Power Tools | SDLC | TFS | TFS 2012 | TFS Administration | TFS Power Tools | Team Foundation Server | Visual Studio 2012 | Visual Studio | Work Item Tracking

Comments (1) -

Rene van Osnabrugge
Rene van Osnabrugge Netherlands
2/10/2015 2:42:32 AM #

Great work-around! Thanks Angela !

Powered by BlogEngine.NET 2.7.0.0
Original Design by Laptop Geek, Adapted by onesoft