Work Item Access control based on Work Item Type?

Hot Topic

Recreating TF DIR using the TFS API
Work item changes
how to delete the file or folder in version control and keep disappeard?
VSSConverter Failures/Flaws
Team Explorer : External component has thrown an exception: Beta 3 Refresh on TFS with RTM on Visual Studio
What “Default Value” is the correct one to represent “Scenarios”?
Automatic retrieval of latest version on checkout?
TFS MSSCCI Provider Final - Bug on Details for Work Item XX DialogBox
Custom FxCop rule for detecting empty catch blocks?
InstallationError 32000: in SetupWarehouse.exe (Team Foundation App-Data Tier Beta 2 Setup)

VS Team System

BaseIntrospectionRule.TargetVisibility is different for Whidbey FxCop 1.32
Does TFS still need Win2003 Active Directory Domain?
Team Explorer doesn't support filenames with characters [ or ].
Team Foundation Server installation error
Team Project Creation fails for custom process template
Check-in policy results in high use of shelving
Build based on Source Control info
Beta 3 Refresh question
Requirement for Team Foundation Server.
26201 Error

Work Item Access control based on Work Item Type?

We'd like to give our customers access to TFS for reading e.g. bug-information. Thus we would need a speciel security group that controls this access, e.g. a "Bug-readers"-group.

However, what is needed is to define access to particular types of Work Items, namely only Work Items of type "Bug". We don't want our customers to be able to see Tasks or Requirements.

How can an access control for Work Items be set up for specific Types or based on information in other properties of a Work Item

regards,

*Martin.

Answer this question

Work Item Access control based on Work Item Type?

  • Ross Grayum Microsoft

    Sorry for the long wait on a reply.

    I don't have a good answer. You are correct that data in the warehouse is not secured the same way that data is inside Work Item Tracking. Part of the reason is that the warehouse data is meant to be open to anyone that has access.

    You would probably have to limit your customers to certain reports (I am not sure how to do that) and always filter those reports on the Area Path settings that are appropriate.

    Obviously, this is not a great solution, but I hope it helps.

    Thanks, Jason

  • Richard Hafner

    Probably the best way to do what you want is to use the Area Path field. Area Paths can have security on each node (or branch). So, you could place Bugs in an Area Path like \Project1\Bugs. Then limit your customers to only being able to read that Area Path.

    Other work item types (and even internal bugs) could live outside the Bugs Area Path.

    To set security on an Area Path, go to Team->Team Project Settings->Areas and Iterations. Find the Area Path node that you want to change security for and click the Permissions button.

    Hope that helps,

    Jason

  • mirzahat

    Thanks, Jason. The Area-setting does the trick in my case.

    However, this reveals a difference in security access control for the Datawarehouse and the Work Item Tracking Database: when running a report "Work Item" listing all work items in the project even a user with NO access to the details of a Task or Requirement can see some high level information - obviously this info cannot be controlled further Clicking on the detail link for a work item either show the correct details page (if access is granted for the user) or an "access denied" error page.

    Is there a way to limit what work items are listed in the main report

    We don't want to list work items that the user does not have access to (well, we could make a specific report with listings only for the "bugs"-area, but that would still require twice as much work as just configuring the security setting and letting this controlling the content of the report.

    Any hints

     

    regards,

    *Martin.
  • Work Item Access control based on Work Item Type?
Answer this question