Managing users in the TFS work items "Assigned To" field

Question

So I know there have been a couple of posts around about this topic, but I don't think they've quite got to the bottom of it!

So my problem is that when I create a new work item in TFS, the users which I can assign it to include NT Authority\Local Service (which is also the TFS service account). I'm not asking why, as I know that this field, by default is populated by the Valid Users group, and upon inspecting the groups, I can see that the group permissions hierarchy looks like this:

 -> Valid Users
   -> Project Collection Admistrators
      -> Project Collection Service Accounts
         -> NT Authority\Local Service

And you can't change anything in the project collection service accounts, so surely by default, everyone has this user in the assign to field? So does this mean everyone accepts it, or do they modify their process templates to filter it out (see the blog here)?

Just seems a bit odd to me that by default is isn't filtered out already! Clearly I don't want to be removing this from any permissions either (even if I could) as I'm worried it'll cause problems later.

So is filtering in the process template the only way (which looks like a bit of effort to maintain), or is there a simpler way?

Thanks,

Andy.

Answer 1

Under TFS2008, you do need to do it this way. Under 2010, there might be an "exclude", but I'm not able to check that at the moment.

To keep from having a whole lot of maintenance, instead of listing each user individually, what we did was just pared down the list from "Valid Users" to the "Moderators" and "Contributors". We know that we can control those groups without affecting service permissions:

        <FIELD name="Assigned To" refname="System.AssignedTo" type="String" reportable="dimension">
            <ALLOWEDVALUES expanditems="true">
                <LISTITEM value="[project]\Contributors"/>
                <LISTITEM value="[project]\Moderators"/>
            </ALLOWEDVALUES>
        </FIELD>