How can we improve Visual Studio Team Services (VSTS)?

Allow for work-item types to be made read-only based on user role

We have a certain work item type ("Quality Checkpoint") that acts as a gate, and should only be created and edited by people in the QAManager role. Other users (developers, testers, etc.) should be able to open and read the work item but not save any changes to it. I can add role based security on individual fields using the READONLY attribute, but this work item type has hundreds of fields. It would be both tedious and brittle to make every field read-only based on role.

16 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Angela DuganAngela Dugan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • HMIndiaHMIndia commented  ·   ·  Flag as inappropriate

        having a new right created will be more helpful rather than modifying existing WIT

      • BruceBruce commented  ·   ·  Flag as inappropriate

        You can use the following field definition to create the same result. Not the best solution but it is a work around. In this example, any member of the Clients group will not be allowed to create or modify this work item type.

        <FIELD name="ReadOnly" refname="My.ReadOnly" type="String">
        <DEFAULT from="value" value="ReadOnly - Do Not Modify" />
        <PROHIBITEDVALUES expanditems="true" for="[Project]\Clients">
        <LISTITEM value="ReadOnly - Do Not Modify" />
        </PROHIBITEDVALUES>
        <HELPTEXT>This will cause an error in the Clients group tries to make a change</HELPTEXT>
        </FIELD>

      Feedback and Knowledge Base