Manage permissions
TFS 2018
Azure Artifacts enables you to publish, consume, and store various types of packages in your feed. By configuring permissions for your feed, you can manage access to your packages and control who can interact with them.
Sign in to your Azure DevOps organization, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu. Select the Azure Artifacts settings icon on the right.
Note
By default, the Azure Artifacts settings icon is only visible to feed owners and project collection administrators.
Choose the users or groups who should have the ability to create and/or administer feeds, and then select Save when you're done.
Select Build and Release.
Select Packages, and then select the gear icon to navigate to your feed's settings.
Select Permissions, and then select Add user/group.
Add new user(s)/group(s) and choose the appropriate Role for them.
Select Save when you're done.
Permission | Reader | Collaborator | Contributor | Owner | Administrator |
---|---|---|---|---|---|
List/install/restore packages | ✓ | ✓ | ✓ | ✓ | ✓ |
Publish packages | ✓ | ✓ | ✓ | ||
Unlist packages (NuGet) | ✓ | ✓ | ✓ | ||
Deprecate packages (Npm) | ✓ | ✓ | ✓ | ||
Yank packages (Cargo) | ✓ | ✓ | ✓ | ||
Delete packages | ✓ | ✓ | |||
Promote packages to a view | ✓ | ✓ | ✓ | ||
Add/remove upstream sources | ✓ | ✓ | |||
Allow external package versions | ✓ | ✓ | |||
Save packages from upstream sources | ✓ | ✓ | ✓ | ✓ | |
Edit feeds settings | ✓ | ✓ |
Note
To access a project-scoped feed, a user must also have access to the project hosting that feed.
Feed views enable users to share certain packages while keeping others private. A common scenario for using a feed view is sharing a package version that has already been tested and validated but keeping packages under development private.
By default, there are three views in a feed: @local, @prerelease, and @release view. The latter two are suggested views that you can rename or delete as desired. The @local view is the default view and it includes all the packages published to the feed as well as all the packages downloaded from upstream sources.
Important
Users who have access to a specific view are able to access and download packages from the feed through that view even if they don't have direct access to that feed. If you want to completely hide your packages, you must restrict access to both feed and views.
Sign in to your Azure DevOps organization, and then navigate to your project.
Select Artifacts, and then select your feed from the dropdown menu. Select the gear icon to navigate to your feed's settings.
Select Views, and then select the ellipsis button, and then select Edit to modify its permission. To restrict access to your view, change its visibility to specific people.
Select Save when you're done. The access permissions column should reflect your changes.
Important
Views inherit permissions from the parent feed. If you set a view's visibility to Specific people without specifying any users or groups, the view's permissions will default back to the permissions of its parent feed.
Note
If you want to access a feed in a different project from your pipeline, you must configure the other project to provide read/write access to the build service.