Configuring TFS2010 so users can create/update bugs but modify nothing else

Environment: I am administrator of a proj开发者_高级运维ect in TFS 2010, but don't have any administrative rights for the project collection.

Is there an easy way that I can set up access rights for a group of users so that they can:

• Create/update "Bug" work items only
• View all other work items
• Execute work item "Team Queries" and create their own queries
• No access to source control

The idea is I want them to enter bugs, but I don't want them creating/modifying User Stories or Tasks, nor do I want them to have access to source control.

From what I can see, the standard groups don't have fine enough control:

• Contributors can create all work item types
• Readers can view files in Source Control as well as work items.

UPDATE

Limiting access to Source Control is covered by Ewald's answer.

However Ewald also indicates that there isn't a realistic way to set up security on the "Work Item Type" level so that users can only enter/update bugs. He suggests it could be achieved by customising every work item definition and setting field rules for every field on every work item type, but this is a lot of work, and in any case I want to avoid customising the process template.

I've therefore created an issue on Connect for this: https://connect.microsoft.com/VisualStudio/feedback/details/591121/configuring-tfs-project-so-that-users-can-create-update-bugs-but-modify-nothing-else

---

I don't see a way to only allow modifications to a Bug work item other then modifying all the work items. You can modify the work items to set specific field rules (like readonly) for specific security groups (http://msdn.microsoft.com/en-us/library/ms194940.aspx) to get your result.

Your second issue is about Team Queries and Own queries. You can modify the permissions as stated in http://msdn.microsoft.com/en-us/library/dd286628.aspx.

For Source Control you can also change the permissions as stated in http://msdn.microsoft.com/en-us/library/ms253158.aspx.