one of our developers is having problems accessing our TFS repository.

Question

one of our developers is having problems accessing our TFS repository.

Harvey Brofman 21

one of our developers is having issues accessing TFS (via azure, not self hosted). Not sure why, but she can not check in, and as we have tried various tactics to make it work, has lost partial access to one of the projects.

I can't tell via the various documents whether it's a permissions issue, but I think it may be.

regards,

Harvey

Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-05T18:57:31.92+00:00
Hi Harvey, here are a few things you can check and try:

Verify her Access Level

Make sure she isn’t set to Stakeholder (stakeholders can’t push or check-in).

In your org’s Azure DevOps portal, go to Organization settings > Users and confirm she has Basic (or higher) access.

Confirm Repo- and Branch-level Permissions

If you’re using Git:

Go to Project settings > Repositories > Git repositories > select the repo > Security.

Find her user (or the group she’s in, e.g. Contributors) and ensure “Contribute” is set to Allow and there’s no Deny on any ancestor.

If you have branch policies or locked branches, click Repos > Branches > … (ellipses) next to the branch > Branch security and double-check she has Contribute rights there too.

If you’re using TFVC:

In Project settings > Repositories > TFVC, go to Security and verify her permissions as a Contributor.

Check the Repos Service Is Enabled

In Project settings > Overview, scroll down to Azure DevOps services and make sure Repos is turned on for that project.

Look for a “Deny” Inheritance

Deny at any level (even in a broad group) overrides Allow. Use the web portal to view her effective permissions (Project settings > Permissions > select her identity and click “View effective permissions”).

Authentication Method

Are you using HTTPS or SSH to connect?

If it’s HTTPS, ensure she’s authenticated with a valid credential manager or PAT. If SSH, verify her SSH key is still valid and hasn’t expired or been removed.

Subscription Expiration

If she had a Visual Studio subscription that expired, past April 2026 she may have been auto-downgraded to Stakeholder. Double-check her subscription status and default access-level rules in Organization settings > Billing.

Once you’ve walked through those steps, try having her sign out of Azure DevOps, clear browser cookies (or use Incognito/InPrivate), then sign back in and do a fresh clone/pull/push.

Hope that helps! If she’s still blocked, could you please share a bit more detail?

Is it a Git or TFVC repo?

What error message does she see when checking in?

Does she have Basic access and is a member of your Contributors group?

Can other team members push to the same repo/branch?

With that info we can drill in further.

Reference Docs:

Set Git repo permissions

Set TFVC repo permissions

Permission inheritance & Deny override

Effective permissions view

Stakeholder access limitations

Branch security

Enable Repos service

Note: This content was drafted with the help of an AI system.
Harvey Brofman 21 Reputation points

2026-05-05T21:01:20.0966667+00:00

I tried to follow this, but there seems to be a higher-level issue related to the two accounts I have for DevOps / Visual Studio / Microsoft. I think there are some wires crossed because on some forms I get can't accees, on others I am not seeing the fields to modify for the permissions, which may be that one account has permissions and the other doesn't or something simiar.

At this point, I am amazed any of us can check in code.

regards,

Harvey
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-05T22:07:13.8433333+00:00

Hi Harvey, could you please list the issues with the screenshots masking private information so that we can understand the issue. Are you able to check in code?
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-07T00:43:41.1933333+00:00

Hi Harvey, following up to see if you had a chance to check my previous response and if it was helpful. Please do let me know if you're still facing the issue and need any further assistance on this.
Harvey Brofman 21 Reputation points

2026-05-07T17:21:29.5133333+00:00

Hi,

I have been awaiting another answer on this. As I mentioned earlier. I think there is an issue between the [Email REDACTED] and [EMAIL REDACTED] attached to the project with cross permissions. I think it needs to be looked at at a level above what I can see. Also, when I tried to follow the script above, at one point it told me I didn't have the permissions to make changes, but I am the only one on the team that is supposed to have permissions to do so.

One other question to add to this, if one of our team members has a licensed copy of Visual Studio rather than a subscription, is there a separate subscription for necessary for TFS or is that considered part of BASIC as their status? I need to have this reviewed by someone in order to be able to manage it properly. It has got to be part of the issues we are running into.

regards,

Harvey
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-07T21:10:56.1466667+00:00

Hi Harvey, please check private messages and share the requested information.
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-11T21:46:17.46+00:00

Hi Harvey, please share requested information in Private messages to assist you further on this.

1 answer

Your answer

Harvey Brofman 21 Reputation points

2026-05-05T21:01:20.0966667+00:00

I tried to follow this, but there seems to be a higher-level issue related to the two accounts I have for DevOps / Visual Studio / Microsoft. I think there are some wires crossed because on some forms I get can't accees, on others I am not seeing the fields to modify for the permissions, which may be that one account has permissions and the other doesn't or something simiar.

At this point, I am amazed any of us can check in code.

regards,

Harvey
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-05T22:07:13.8433333+00:00

Hi Harvey, could you please list the issues with the screenshots masking private information so that we can understand the issue. Are you able to check in code?
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-07T00:43:41.1933333+00:00

Hi Harvey, following up to see if you had a chance to check my previous response and if it was helpful. Please do let me know if you're still facing the issue and need any further assistance on this.
Harvey Brofman 21 Reputation points

2026-05-07T17:21:29.5133333+00:00

Hi,

I have been awaiting another answer on this. As I mentioned earlier. I think there is an issue between the [Email REDACTED] and [EMAIL REDACTED] attached to the project with cross permissions. I think it needs to be looked at at a level above what I can see. Also, when I tried to follow the script above, at one point it told me I didn't have the permissions to make changes, but I am the only one on the team that is supposed to have permissions to do so.

One other question to add to this, if one of our team members has a licensed copy of Visual Studio rather than a subscription, is there a separate subscription for necessary for TFS or is that considered part of BASIC as their status? I need to have this reviewed by someone in order to be able to manage it properly. It has got to be part of the issues we are running into.

regards,

Harvey
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-07T21:10:56.1466667+00:00

Hi Harvey, please check private messages and share the requested information.
Rakesh Mishra 8,670 Reputation points Microsoft External Staff Moderator

2026-05-11T21:46:17.46+00:00

Hi Harvey, please share requested information in Private messages to assist you further on this.

Answer 1

Use a structured permissions and access check in Azure DevOps to isolate the problem.

Confirm the developer’s identity and sign-in
- Ensure the developer signs in with the correct UPN (for example, ******@contoso.com) and not an alias. Alias vs. UPN confusion can cause 401/Not Authorized errors.
- If the organization is backed by Microsoft Entra ID and the user is a guest, verify that the B2B invitation has been accepted. If it shows as “Pending acceptance,” resend the invitation and have it accepted before retrying access.
Verify the user is in the Azure DevOps organization and project
- In Azure DevOps, go to Organization settings → Users and confirm the user appears there with the correct identity.
- If the user can reach https://dev.azure.com/{orgName} but not a specific project (https://dev.azure.com/{orgName}/{projectName}) or repo, this indicates insufficient project-level permissions.
Check access level and subscription status
- In Organization settings → Users, verify the user’s Access level is at least Basic or equivalent (Visual Studio subscription / GitHub Enterprise) for code operations.
- If a Visual Studio or GitHub Enterprise license was used, confirm it has not expired. If it has, either renew it or temporarily assign Basic access.
- If the Azure subscription used for billing is inactive or removed, restore or relink billing so paid access levels remain valid.
Confirm project and repo permissions
- In the target project, go to Project settings → Permissions → Users, select the developer, and review effective permissions.
- Ensure the user (directly or via groups such as Contributors) has at least Read and Contribute permissions on the repository and branch used for check-in.
- If the user recently had permissions changed, allow up to an hour for Microsoft Entra group membership and permission propagation, then have the user refresh/restart the client.
Trace permissions to find the root cause
- In Project settings → Permissions → Users, select the user.
- For any permission that appears incorrect (for example, Contribute = Deny or Not set), select the information icon next to that permission to trace where it is granted or denied.
- Adjust the relevant group or direct assignment so the user inherits the correct permissions. Avoid explicit Deny unless necessary, as it overrides Allow.
Check for special limiting conditions
- Confirm the user is not only in a limited-scope group such as Project-Scoped Users, which can restrict access.
- Verify the project or specific services (Repos, Boards, Pipelines) have not been disabled at the project or collection level.
- If the user lost partial access after changes, review recent group rule or custom rule changes that might restrict operations on work items or code.
Validate after changes
- After updating access level and permissions, have the developer:
  - Sign out and sign back in to Azure DevOps.
  - Restart Visual Studio or other client and retry check-in.
- If 401 or permission errors persist on specific resources, re-check the resource-level permissions (repo, branch, pipeline, etc.) and ensure at least Read access is granted.

If these steps do not resolve the issue, capture the exact error message (HTTP code or Azure DevOps error text) and re-run permission tracing on the specific feature (repo/branch or work item area) where the failure occurs.

References:

Share via

one of our developers is having problems accessing our TFS repository.

1 answer

Your answer