Work Item Only View (WIOV) Users in TFS 2010

Team Web Access (TWA) is a customizable Web interface that can access Team Foundation Server project data. It acts as a client of Team Foundation Server and provides most of the functionality available through Visual Studio Team Explorer. Users that connect to TFS via TWA should also have a valid Client Access License (CAL).

WIOV

But … without having a CAL you may also create and view/modify work items that are created by you in Visual Studio Team Foundation Server. To perform these tasks, you need only Team Web Access in Work Item Only View (WIOV) and the required permissions.

Taken from the Visual Studio 2010 Licensing Whitepaper (area Client Access License Exception for Certain Work Items):

A user does not need a CAL or External Connector License to create new work items or to update work items that that same user has created. This exception applies only to work items related to defect filing or enhancement requests. However, a CAL is required when a user views or modifies a work item created by another user or interacts with Team Foundation Server in any other way.

Great, but how to make this work inside Team Foundation Server 2010?

Open up Team Foundation Administration Console and click on the Group Membership link that belongs to the Application Tier tab.

image

There you will find a TFS Security Group Work Item Only View Users. User accounts of users should be added to this group when these users should only have access to the Work Item Only View feature.

The actual downgrade of the permissions for these users is set through the Security Administration.

image

This TFS Security group is denied access to the full Web Access features.

Being part of this group will show you a limited version of Team Web Access where you will only be able to view and manage your own work items.

image

10 Responses to Work Item Only View (WIOV) Users in TFS 2010

  1. Thanks, this was really helpful!

  2. […] Which opens up TFS for people who wish to create defects (bugs) and feature requests.  Accessing TFS for this purpose is fairly obvious and easy to open to a large host of users – via Web Access.  However, how does a TFS Administrator set permissions appropriately?  It turns out that, via the TFS Administration Console, Active Directory groups and users can be added to a special group called the “Work Item Only View Users”.  For more information on configuring this, see the following article: Work Item Only View (WIOV) Users in TFS 2010 […]

  3. […] need a CAL. To make it easy to ensure users don’t overstep this provision, there is even a Work Item Only View security group which includes the relevant permissions and no more. This means anyone in your […]

  4. Edwin says:

    So, after doing the above, can I still make the WIOV users a project Reader without requiring a CAL, or what else should I do to allow them WIOV access to the project?

  5. No, a WIOV user may not be added to another TFS Security Group. Otherwise you will need the CAL.

  6. Zack Gao says:

    Hi, Pieter
    I am TFS admin. After I added a new state for User Story, my team works even myself can not create a new User Story in TWA. The creation keeps running for ever and never finish. But I can do it in Visual Studio.
    Do I need a CAL? That is ridiculous.
    Is there a work around? Please help!

    Thanks in advance.

    Zack

  7. Restart the TFS Application Tier.

  8. Zack says:

    Thanks for the quick response.
    That is the solution. It works for me now.

  9. Zack says:

    Just find out that one or two user still can not create the new user story WI. It looks like security issue. I deleted client TFS TWA local cash. Didn’t help. 😦

    Have any clue?

  10. They should also be part of a TFS User Group (for example “Contributors”) for the specific Team Project. The WIOV users will limit their permissions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: