Allow for work-item types to be made read-only based on user role
We have a certain work item type ("Quality Checkpoint") that acts as a gate, and should only be created and edited by people in the QAManager role. Other users (developers, testers, etc.) should be able to open and read the work item but not save any changes to it. I can add role based security on individual fields using the READONLY attribute, but this work item type has hundreds of fields. It would be both tedious and brittle to make every field read-only based on role.
having a new right created will be more helpful rather than modifying existing WIT
You can use the following field definition to create the same result. Not the best solution but it is a work around. In this example, any member of the Clients group will not be allowed to create or modify this work item type.
<FIELD name="ReadOnly" refname="My.ReadOnly" type="String">
<DEFAULT from="value" value="ReadOnly - Do Not Modify" />
<PROHIBITEDVALUES expanditems="true" for="[Project]\Clients">
<LISTITEM value="ReadOnly - Do Not Modify" />
<HELPTEXT>This will cause an error in the Clients group tries to make a change</HELPTEXT>