Place restrictions so that only certain user roles may add work items to the backlog

Thanks Ralph.  For this particular use case, we were looking at restricting the roles that could adjust the 'Planned For' attribute.  This works, as it prevents users from creating a work item and planning it for the backlog, however then prevents other roles from being able to move the work item from the backlog into a Sprint, and then create the Tasks that are Planned For that Sprint.

In short, what I'm looking to be able to do is;

1) Any user can create a work item, however may not set the Planned For value

2) The 'Product Manager/Owner' adds to the backlog does the ranking etc.

3) The 'Scrum Master' moves the item to a Sprint, creating the Tasks for that sprint etc...

Apologies if its contained within the link within the answer above, however I could not locate that.

You can only permit/limit setting an attribute for a role. You can't selectively select what values a role could set. In your case, allow the scrum master role and the product owner role to set the value for the iteration and prevent everyone else from doing it.

Personally I think an agile team should be able to handle this without such limitations. After all agile is all about trust, communication and coordination in the team. If the distrust in the team is so big that you have to limit roles doing this, the team is likely going to fail.

If you want an even more dynamic behavior e.g. limit roles to select iteration types, you would have to create a work item save advisor that checks this and prevents the save.
See https://rsjazz.wordpress.com/2015/09/30/learning-to-fly-getting-started-with-the-rtc-java-apis/ if you think this is necessary.