Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
This article shows you how to manage permissions at the organization or collection level. Several permissions are set at these levels. You can only grant these permissions if you're a member of the Project Collection Administrators group.
An organization is the container for several projects that share resources. For more information, see Plan your organizational structure.
A project collection is the container for several projects that share resources. For more information, see About projects and scaling your organization.
You might find the following articles helpful:
Note
Security groups are managed at the organization level, even if they are used for specific projects. Depending on user permissions, some groups might be hidden in the web portal. To view all group names within an organization, you can use the Azure DevOps CLI tool or our REST APIs. For more information, see Add and manage security groups.
Note
Security groups are managed at the collection level, even if they are used for specific projects. Depending on user permissions, some groups might be hidden in the web portal. To view all group names within a collection, you can use the Azure DevOps CLI tool or our REST APIs. For more information, see Add and manage security groups.
Note
Security groups are managed at the collection level, even if they are used for specific projects. Depending on user permissions, some groups might be hidden in the web portal. To view all group names in a collection, you can use the REST APIs. For more information, see Add and manage security groups.
The following table lists the permissions assigned at the organization or collection level. All permissions, except for Make requests on behalf of others, are granted to members of the Project Collection Administrators group. For more information, see Permissions and groups reference, Groups.
General
Service Account
Boards
Repos (TFVC)
Pipelines
Test Plans
Auditing
Policies
Note
Project Collection Administrators can manage organization or collection-level security groups, group membership, and edit permission ACLs. This permission isn't controlled through the user interface.
Category | Requirements |
---|---|
Permissions | Member of the Project Collection Administrators group. If you created the organization or collection, you're automatically a member of this group. |
Directory services | Security groups defined in Microsoft Entra ID or Active Directory before adding them to Azure DevOps. |
Note
Note
Users with Stakeholder access can't access specific features even if they have permissions to those features. For more information, see Stakeholder access quick reference.
Do the following steps to add users to the Project Administrators group or any other group at the organization or collection level. To add a custom security group, first create the group.
Note
To turn on the Organization Permissions Settings Page v2 preview page, see Enable preview features.
Sign in to your organization (https://dev.azure.com/{Your_Organization}
).
Select Organization settings > Permissions.
Select Project Administrators group, Members, and then Add.
Enter the name of the user account or custom security group into the text box and select the matching result. You can enter multiple identities into the Add users and/or groups box, and the system automatically searches for matches. Select the appropriate matches.
Select Save.
Open the web portal and choose the collection where you want to add users or groups.
Select Collection Settings > Security.
Select Project Administrators > Members > Add.
Enter the name of the user account into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Select one or more matches.
Select Save changes and the
refresh icon to see the additions.
You can change the permissions for any organization or collection-level group, except the Project Collection Administrators group. Adding security groups to a collection is similar to adding them to a project. For more information, see Add or remove users or groups, manage security groups and About permissions, Permission states.
Note
To turn on the Organization Permissions Settings Page v2 preview page, see Enable preview features.
Go to the Permissions page as described in the previous section, Add a user or group to the Project Administrators group.
Note
By design, you can't change the permission settings for the Project Collection Administrators group.
Choose the group whose permissions you want to change.
In the following example, we choose the Stakeholders Limited group, and change several permissions.
Your changes automatically save.
Go to the Security page as described in the previous section, Add a user or group to the Project Collection Administrators group.
Choose the group whose permissions you want to change.
In the following example, we choose the Stakeholders Limited group and change several permissions.
Select Save changes.
You can change the collection-level permissions for a specific user. For more information, see About permissions, Permission states.
Note
To turn on the Organization Permissions Settings Page v2 preview page, see Enable preview features.
Go to the Permissions page as described in the previous section, Add a user or group to the Project Administrators group.
Select Users, then choose the user whose permissions you want to change.
Change the assignment for one or more permissions.
In the following example, we change the Edit project-level information for Christie Church.
Dismiss the dialog and your changes automatically save.
Open the Security page as described in the previous section, Add a user or group to the Project Administrators group.
In the Filter users and groups text box, enter the name of the user whose permissions you want to change.
Change change the assignment for one or more permissions.
In the following example, we change the Edit project-level information for Christie Church.
Select Save changes.
For on-premises deployments, see the following articles:
If your on-premises deployment is integrated with SQL Server Reports, manage membership for those products separately from their websites. For more information, see Grant permissions to view or create SQL Server reports.
A: It varies. In most organizations, Project Collection Administrators manage the collections created by the Team Foundation Administrators group. They don’t create collections themselves but handle tasks like creating team projects, adding users to groups, and modifying collection settings.
A: Project Collection Administrators need the following permissions:
A: You need the following permissions:
Important
To create project collections and perform other administrative tasks, users need administrative permissions. Additionally, the service account for the Team Foundation Background Job Agent must have specific permissions. For more information, see Service accounts and dependencies in Team Foundation Server and Team Foundation Background Job Agent.
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Documentation
Find a project administrator - Azure DevOps
Quickly identify members of the Project Administrators group in Azure DevOps.
Look up a project collection administrator - Azure DevOps
Learn how to identify members of the Project Collection Administrators group in Azure DevOps.
Change project-level permissions or group membership - Azure DevOps
Quickstart guide to change project-level permissions or group membership in Azure DevOps