Manage extension permissions
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019 | TFS 2018
Learn how to manage permissions for users or groups, so they can manage extensions.
Prerequisites
- You must be a member of the Project Collection Administrators group to manage permissions for users or groups. Organization owners are automatically members of this group.
- Private extensions must be shared with your organization to be installed. Check out the publishing documentation for information on how to share private extensions.
- You must be a member of the Project Collection Administrators group or have "Edit collection-level information" permissions to manage permissions for users or groups. Organization owners are automatically members of the Project Collection Administrators group.
Manage permissions
Sign in to your organization (
https://dev.azure.com/{yourorganization}
).Select
Organization settings.
Select Extensions.
Select Security.
Add users or update permission settings.
Sign in to your organization (
https://dev.azure.com/{yourorganization}
).Select
Admin settings.
Select Extensions, and then select Security.
Add users or update permission settings.
To grant permissions for publishing or updating to users or groups, use the TFSSecurity command-line tool.
At the server level, create a group, for example, "TFS Extension Publishers".
tfssecurity /gcg "TFS Extension Publishers" "publishers who can manage extensions for the server" /server:ServerURL
Grant access to the "TFS Extension Publishers" group to manage extensions.
tfssecurity /a+ Publisher "//" CreatePublisher n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL tfssecurity /a+ Publisher "//" PublishExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL tfssecurity /a+ Publisher "//" UpdateExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL tfssecurity /a+ Publisher "//" DeleteExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
Add existing users and groups to the "TFS Extension Publishers" group.
tfssecurity /g+ "[TEAM FOUNDATION]\TFS Extension Publishers" n:User /server:ServerURL
You can add users later to "TFS Extension Publishers". This permission is a server-level permission. When you update or delete an extension, it affects all the project collections that use the extension.
Related articles
Feedback
Submit and view feedback for