It's all about the answers!

Ask a question

how to make the partner only can access work items created by themselves?

jane zhou (106552) | asked Feb 08 '17, 4:23 a.m.

Hi Guys,

   We have a project for development team to use, and now manager team wants to use the same project as interface to let the third party to submit defect WI as well. But considering security issue, they want the third party can only access the work item created by themselves, or the work items assigned to them. They should not access other work items not meet these two conditions. At the same time, Development team can access any work item no matter it is created by themselves or by third party. For query result, it should be the same requirement. We should not expose title for any work item as well.

    But currently, RTC way for restriction is to let specific team to access specific work item.

    How could we meet this requirement?

    In fact, I think it is safer to make interface between third party implemented in another project. But manager team think it is troublesome to let development team to maintain two projects and move work item content from one to the other and vice versa.

Best Regards,
Jane Zhou

One answer

permanent link
Ralph Schoon (62.3k33643) | answered Feb 08 '17, 5:07 a.m.
edited Feb 08 '17, 5:32 a.m.


there are basically the following ways of read access control to work items:

1. By access to a project area e.g. by being a member
2. Using categories:

There is no simple only the owner can read the work item. I would suggest to consider a project area where the partner(s) can file their requests and then dealing with that e.g. by having developers using these items or creating proxy items in the project area e.g. for planning.

Alternatively you would have to create a follow up action that sets the restricted access attribute of the work items. This can be done like explained here: .

A user can only see the access groups they have access to in the follow up action. So the simplest way would be to look for an access group the user belongs to and have an order to pick it, so if a developer saves a work item the first time the internal access group is selected. If an external partner does that only the access group for the partner is found and set. The developers would be in that as well and have also access,  

The access group could be changed by some few roles later, if needed.

Your answer

Register or to post your answer.