Events
17 Mar, 21 - 21 Mar, 10
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowRequest a permission increase
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
To access certain tasks, you might need to request higher permissions or be assigned to a specific security role. This scenario typically occurs when you encounter an informational or error message indicating insufficient permissions, which specify the required permission levels.
Most members of the Contributors group have the permissions they need to perform most tasks. However, the following tasks require membership in the Project Administrators group or a change in permissions.
Work tracking:
- Add or change Area Paths or Iteration Paths: Requires elevated permissions to an Area Path or Iteration Path node. For more information, see Set work tracking permissions, Create child nodes.
- Create shared queries or query folders: Requires elevated permissions set for a shared query folder. For more information, see Set work tracking permissions, Set permissions on queries or query folders.
- Change team settings—such as board settings: Requires addition as a team administrator. For more information, see Add or remove a team administrator.
Source code, Git repositories: The following tasks require elevated permissions for Git repositories or a specific repository. For more information, see Set Git repository permissions.
- Create, delete, or rename a Git repository
- Manage repository permissions
- Bypass policies
The following tasks require membership in the Project Collection Administrators group or a change in permissions at the collection-level or addition to a specific role.
- Collection-level configurations:
- Create projects: Requires elevated permissions at the collection level.
- Add, edit, or manage a process: Requires elevated permissions at the collection level or process-level permissions.
- Install, uninstall, or disable extensions: Requires addition to the Manager role for extensions.
For an overview of built-in security groups and default permission assignments, see Default permissions and access.
| Category | Requirements |
|---|---|
| Permissions | To view permissions and to look up a project administrator: Member of the Project Valid Users group. Project members are automatically part of this security group. For more information, see View permissions for yourself or others. |
| Knowledge | Before you request a permission change, ensure you understand the basics by reviewing Get started with permissions, access, and security groups. |
Note
Users added to the Project-scoped users group don't have access to Organization settings other than the Overview section if the Limit user visibility and collaboration to specific projects preview feature is enabled for the organization. For more information including important security-related call-outs, see Manage your organization, Limit user visibility for projects and more.
Before you request a change to permission levels, review your permission assignments as described in View permissions for yourself or others.
Verify that your permission assignments are preventing you from accomplishing a task you need to perform.
To request a change or increase in your permission levels, take the following actions:
Identify the permissions you need and at what level. Permissions are set at the object, project, and project-collection level. Also, permissions are granted through various roles. To identify the level and permission you need, review the Permissions lookup guide.
Identify a person in your organization who can grant you the permissions you need. For example:
- To get permissions to manage team settings, identify the team administrator for your team or a member of the Project Administrators group.
- To change an object-level permission, identify the owner of the object or a member of the Project Administrators group. To learn how, see Set object-level permissions.
- To change a project-level permission, identify a member of the Project Administrators group. See Look up a project administrator.
- To change a project collection-level permission, identify a member of the Project Collection Administrators group. See Look up a project collection administrator.
Contact the person you identified in step 2 and make your request. Make sure you specify the permission you want changed.
After your permission levels get changed, you might need to refresh your permissions for Azure DevOps to recognize the updates. This step is recommended when:
- Permission or role changes: Your permission level or role was modified.
- Security group modifications: You were added to a new or different security group in Azure DevOps, Microsoft Entra ID, or Active Directory.
Getting added to a new security group can alter your inherited permissions.
Refresh your permissions, which prompts Azure DevOps to reevaluate your permission assignments immediately. If you don't refresh, your permission assignments don't update until you sign out, close your browser, and sign back in.
Note: The author created this article with assistance from AI. Learn more
Additional resources
Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Documentation
-
View permissions for yourself or others - Azure DevOps
How you can view the permissions assigned to you or your team members, including project-level, collection-level, and object-level permissions.
-
About permissions and security groups - Azure DevOps
Learn about permissions and access levels in Azure DevOps via inheritance, security groups, roles, and more.
-
Security, permissions, access, and billing documentation - Azure DevOps
Assign users to security groups, manage permissions, access levels, and billing for Azure DevOps.