Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
As you manage security for your organization, you can set permissions at the organization/collection-level, project-level, and object-level. This article helps you go to the security dialogs for setting permissions at the object-level, as the user interface varies somewhat across Azure Devops. For more information, see Get started with permissions, access, and security groups.
The following items are considered objects:
Work items, tags, test plans, and other test artifacts are subject to the security settings typically set at the project level or for an area path.
Category | Requirements |
---|---|
Permissions | Member of the Project Administrators group or explicit permissions through the individual object security dialog. |
Note
TFVC only supports a single repository per project. You can set permissions for the repository or repo folders/branches, which inherit from the repo.
To access the Permissions dialog for an object, follow these steps:
...
.
Note
Some objects, such as repositories and Analytics views, require at least Basic access levels. For more information, see Access levels.
You can set permissions at the project-level and organization/collection-level for some general items, such as creating, deleting, and renaming projects. The following table provides information about setting permissions at the object-level for Dashboards, Wiki, and Analytic views.
Object | Default group membership | How to access security | Inherited? |
---|---|---|---|
Dashboards | Contributor | Open Dashboards, select the area path, and then More ... > Security. | ✔️ (project settings for team dashboard) |
Wiki | Contributor | Open the wiki, choose More ... > Wiki security. For more information, see Manage Wiki permissions. | no |
Analytic views | Contributor & Basic | Open the analytic view, choose More ... > Security. | no |
The following table provides information about setting permissions at the object-level for area and iteration paths, work items, and more.
Object | Default group membership | How to access security | Inherited? |
---|---|---|---|
Area path | Project Administrator | Open Project settings > Project configuration > Areas > next to an area, More ... > Security. | ✔️ (child node from parent node) |
Iteration path | Project Administrator | Open Project settings > Project configuration > Iterations > next to an iteration, More ... > Security. | ✔️ (child node from parent node) |
Work item | Contributor | Open Project settings > Project configuration > Areas > Area path > the work item. | no |
Work item query and query folder | Creator of the query or folder or Project Administrator | Open the work item query or query folder > More ... > Security. | no |
Delivery Plans | Project Administrator or creator of the Delivery Plan | Open Boards > Delivery Plans > next to a delivery plan, More ... > Security. | no |
Process | Project Administrator | Select More ... > Security. | ✔️ (from Organization/Collection settings) |
Note
Work item tags - permissions get set at the project level, Create tag definition. Work item tags don't qualify as an object, they're defined through work items.
Let's break down the following roles related to reviewers:
File1.cs
.File1.cs
, they fall into the "Changed reviewers" role for that iteration of the PR.The following table provides information about setting permissions at the object-level for repos, Git repos, Git branches, and TFVC repos.
Object | Default group membership | How to access security | Inherited? |
---|---|---|---|
Repos | Project Administrator | Open Project settings, Repositories > highlight your repo > Security. | ✔️ |
Git repository | Project Administrator | Open Project settings > Repositories and the Git repository. | ✔️ (from project settings for Git repository) |
Git branch | Project Administrator | Open Repos > Branches > your branch > More ... > Branch security. | ✔️ |
TFVC repository | Project Administrator | Open Project settings > Repositories and the TFVC repository. | ✔️ |
The following table provides information about setting permissions at the object-level for build pipelines, release pipelines, deployment groups, and more.
Object | Default group membership | How to access security | Inherited? |
---|---|---|---|
Pipelines | Project Administrator | Open Pipelines > Pipelines > All > your pipeline > More ... > Manage security. | ✔️ |
Build pipelines | Project Administrator | Open your build pipeline > More ... > Manage security. | ✔️ |
Build pipeline runs | Project Administrator | Open your build pipeline run > More ... > Manage security. | ✔️ |
Release pipelines | Project Administrator | Open your release pipeline > More ... > Manage security. | ✔️ |
Task groups (Classic) | Project Administrator | Open your task group > More ... > Manage security. | ✔️ |
Deployment groups | Project Administrator | Open your deployment group > More ... > Manage security. | ✔️ |
Deployment pools | Project Administrator | Open your deployment pool > More ... > Manage security. | ✔️ |
Environments | Project Administrator | Open your environment > More ... > Manage security. | ✔️ (from Environments permission settings) |
Variable groups | Project Administrator | Open your variable group > More ... > Manage security. | ✔️ (from Library permission settings) |
Secure files | Project Administrator | Open your secure file > More ... > Manage security. | ✔️ (from Library permission settings) |
The following table provides information about setting permissions at the object-level for artifacts and feeds.
Object | Default group membership | How to access security | Inherited? |
---|---|---|---|
Artifacts | Project Administrator | Open Artifacts > Azure Artifacts settings icon. You don't see the icon if you don't have the right permissions. | no |
Feeds | Project Administrator or Feed Administrator | Open your feed > gear icon > Permissions > + Add users/groups. | no |
You can use the az devops security command line tool, which allows you to view and manage permissions for various objects and features.
Here are some examples of more granular permissions that can be managed through the command line:
EventSubscription
and EventSubscriber
namespaces.DashboardPrivileges
namespace.ServiceEndpoints
namespace.Plans
namespace.For more information about namespaces, see Security namespace and permission reference.
While there isn't a user interface for setting notification permissions, some permissions can be set through command line tools and the EventSubscription
namespace. For more information, see Security namespace and permission reference.
Here are some more tips for managing notifications:
az devops banner
command that all users see when they sign in.Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.