Add an admin role to a protected resource

Azure Pipelines requires specific permissions to a protected resource and to open access to all pipelines. For all protected resource types other than Environments, you'll need the administrator role to create a protected resource or edit its Security configuration. For Environments, you'll need the Creator role. When you don't appropriate access, the Grant access permission to all pipelines option is disabled.

Protected resources include:

• Agent pools
• Secret variables in variable groups
• Secure files
• Service connections
• Environments
• Repositories

For repository resources, see protect a repository resource.

Prerequisites

You must be a member of the Project Administrators group to update resource permissions.

Agent pools

You can add the Administrator role for a specific agent pool and for all agent pools.

To add the Administrator role for all agent pools:

1. Go to Project Settings > Pipelines > Agent pools.

2. Select Security.

3. Assign the Administrator role in the Role column.

To add the Administrator role to a specific agent pool:

1. Go to Project Settings > Pipelines > Agent pools.

2. Select a specific agent pool.

3. Select Security.

4. In User permissions, assign the Administrator role in the Role column.

Library resources (variable groups and secure files)

1. Go to Pipelines > Library.

2. Select Security.

3. Assign the Administrator role in the Role column.

Service connections

1. Go to Project Settings > Service connections.

2. Select a service connection.

3. Go to and select Security.

4. Assign the Administrator role.

Environments

1. Go to Pipelines > Environments.

2. Select an environment.

3. Go to and select Security.

4. Assign the Administrator role in the Role column.

   

Next steps

Learn more about permissions in Azure DevOps.