Work Item Rules Workarounds: Secure creation of a work item type

In our last post in this series, Sunder blogged about Deactivating a work item type. Here’s another popular request: “Secure creation of a work item type”. For example, people say:

  • “Only my Testers can create bugs”
  • “Only my Business Analysts can create Requirements”

This is a legitimate request and we don’t have a good answer in Work Item Tracking, but do have AN answer.

First you add the following rules to the default transition.

<Transition from="" to="Active“ for=>
<DEFAULTREASON value="New" />

   <FIELD refname="System.State">
<READONLY not="[project]\Business Analysts" />

The group “[project]\Business Analysts” should then be populated with the users that can create this work item type.

Now if a user who is NOT in the group attempts to save a work item of that type, this is what he/she will see:


This is the approach we’ve found that works the best. But be aware of these issues:

  • It doesn’t prevent a non-approved user from creating a work item of that type, only from saving the work item of that type. Not the best experience.
  • The error message, of course, isn’t the best.

But it does do its job.

Someone who many have tried to solve this problem before, may be asking. Why aren’t we using transition security? Transition is the ability to allow only certain users to make a transition between work item states. Using this method, you would do this:

<TRANSITION from=“" to=“Active"

     for="[project]\AllTesters" not="[project]\Business Analysts">


The reason we didn’t like that method, is because of the error message you received:

“The field ‘State’ contains a value that is not in the list of supported values”

So … when choosing a method, we chose the one that displayed the error message closest to what we’d like to show.

That’s it!