Team Foundation Server: Restricting Work Item creation based on a role
A while ago, i was asked a simple question. How can we restrict work item creation based on a user role. For example on MSF CMMI template, only testers can create Scenario Work Items.
To my knowledge there was no straightforward way to do it, but i though of a way to do it.
- Create (or use an existing one) mandatory field, and then place a restriction that the field is readonly for certain roles.
- On the workflow definition, create a restriction saying that only permitted roles are allowed to transition to a given state. In this case the given state would be the initial state (Active normally).
Technique number one, is not possible. since it is contradiction to have a field mandatory and read only (even if conditional)
Technique number two, can be achieved with the following XML, (placed on the TRANSICTIONS element, inside the the WORKFLOW element of the work item, to which you want to place the restrition)
<TRANSITION from="" to="Active" not="[global]\Team Foundation Administrators">
If you are thinking that this solution, is nothing more than a hack you are absolutely true. It is an hack, but it works. Although in a very inelegant way. If you implement this solution and try to create a "restricted" work item type you get the following error:
TF26212: Team Foundation Server could not save your changes. There may be problems with the work item type definition. Try again or contact your Team Foundation Server administrator.
No elegance at all indeed.
Does anyone know of a cleaner way to do it?
[Cross posted on http://www.agilior.pt/blogs/tiago.pascoal/archive/...]