Security and permission management tools for Azure DevOps
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
While you set most permissions through the web portal, you can use other tools to manage security groups and permissions. For permissions that aren't available to manage through the web portal,you have the option to manage them using a command line tool.
To learn more about permissions not available through a user interface, see the Security namespace and permission reference, Internal namespaces and permissions.
Important
Select the version of this article that corresponds to your platform and version. The version selector is above the table of contents. Look up your Azure DevOps platform and version.
Additional options include the following tools:
- Manage security groups using az devops security CLI
- Manage permissions using az devops permissions CLI
- Tf Team Foundation Version Control (TFVC) permission command-line tool
- Tf git permission command-line tool
- Security REST API commands
You manage server-level permissions and security groups through the Team Foundation Administration Console, as well as a few select collection-level permissions.
You can use the tools listed in the following table to set permissions. Links in the table connect you to the article for setting permissions through the web portal.
| Permission level | Web portal security pages | az devops CLI | Tf CLI |
|---|---|---|---|
| Add users to an organization | ✔️ | ✔️ | |
| Organization-level, auditing, enterprise policies, process, workspaces | ✔️ | ✔️ | |
| Project-level, test management, create tags | ✔️ | ✔️ | |
| Git repository | ✔️ | ✔️ | ✔️ |
| Team Foundation Version Control | ✔️ | ✔️ | ✔️ |
| Builds, Task groups | ✔️ | ✔️ | |
| Build resources | ✔️ | ✔️ | |
| Pipeline security roles | ✔️ | ✔️ | |
| Releases | ✔️ | ✔️ | |
| Area path (CSS) | ✔️ | ✔️ | |
| Iteration path | ✔️ | ✔️ | |
| Delivery plans | ✔️ | ✔️ | |
| Work item query | ✔️ | ✔️ | |
| Work item tags | ✔️ | ✔️ | |
| Analytics views | ✔️ | ✔️ | |
| Dashboards | ✔️ | ✔️ | |
| Notifications or alerts | ✔️ |
| Permission level | Web portal security pages | TFSSecurity CLI | Tf CLI |
|---|---|---|---|
| Add users to a server instance | ✔️ | ✔️ | |
| Collection-level, process, workspaces | ✔️ | ✔️ | |
| Project-level, test management, create tags | ✔️ | ✔️ | |
| Git repository | ✔️ | ✔️ | ✔️ |
| Team Foundation Version Control | ✔️ | ✔️ | ✔️ |
| Builds | ✔️ | ✔️ | |
| Build resources | ✔️ | ✔️ | |
| Pipeline security roles | ✔️ | ✔️ | |
| Releases | ✔️ | ✔️ | |
| Area path | ✔️ | ✔️ | |
| Iteration path | ✔️ | ✔️ | |
| Delivery plans | ✔️ | ✔️ | |
| Work item query | ✔️ | ✔️ | |
| Work item tags | ✔️ | ✔️ | |
| Analytics views | ✔️ | ✔️ | |
| Dashboards | ✔️ | ✔️ | |
| Notifications or alerts | ✔️ | ✔️ |
Setting permissions for SQL Server reports
For information about how to set permissions in Reporting Services, see Grant permissions to view or create SQL Server reports in TFS.
Related articles
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for