Add server-level administrators to Azure DevOps Server
TFS 2017
Azure DevOps provides one built-in role and three security groups to manage administrative tasks:
- Team administrator role
- Project Administrator group
- Project Collection Administrator group
- Team Foundation Administrators group
This article describes how to add users to the Team Foundation Administrators group. For information on adding users to other admin groups or roles, see:
For an overview of administrative tasks, see About user, team, project, and collection-level settings.
Prerequisite
You must be a member of the Team Foundation Administrators group to add a user to this group. The person who installed Azure DevOps Server is automatically added to this group.
Add a user to the server administrators group
To perform system maintenance, schedule backups, add functionality, and other server administrative tasks, Azure DevOps Server administrators must be able to configure and control all aspects of Azure DevOps Server. As a result, Azure DevOps Server administrators require administrative permissions in the software that Azure DevOps Server inter-operates with, in addition to Azure DevOps Server itself.
You can quickly grant these permissions to administrators by adding them to the Team Foundation Administrators group in Azure DevOps Server.
On the application-tier server, add the user to the local Administrators group.
On the application-tier server, open the Azure DevOps Server Administration Console.
Choose the Application Tier, and then Administer Security. Choose the [Team Foundation]\Team Foundation Administrators group. Then, select the group type and then choose Add.
Tip
To add an Azure DevOps Server Group, first create it from the web portal. For details, see {Add and manage security groups](/azure/devops/organizations/security/add-manage-security-groups).
Next, choose Add under the Administration Console Users section to add users or groups to the set of users who can run the administration console.
If you're running a standard single-server deployment, or a multi-server deployment without SharePoint or reporting, you're done!
However, if you have multiple application tiers, you'll need to repeat these two steps on each application-tier server.
If you have reporting servers integrated with your Azure DevOps deployment, you need to manually add administrative users to those products separately. For details, see Grant permissions to view or create SQL Server reports in Azure DevOps Server.
If you have SharePoint Products on other servers, you may need to manually add administrative users to those products separately. For details, see Set SharePoint site permissions.