Share via

Security and permission management tools for Azure DevOps

  • Article

TFS 2018

While you set most permissions through the web portal, you can use other tools to manage security groups and permissions. For permissions that aren't available to manage through the web portal,you have the option to manage them using a command line tool.

To learn more about permissions not available through a user interface, see the Security namespace and permission reference, Internal namespaces and permissions.

Important

Select a version from Azure DevOps Content Version selector.

Select the version of this article that corresponds to your platform and version. The version selector is above the table of contents. Look up your Azure DevOps platform and version.

Additional options include the following tools:

You manage server-level permissions and security groups through the Team Foundation Administration Console, as well as a few select collection-level permissions.

You can use the tools listed in the following table to set permissions. Links in the table connect you to the article for setting permissions through the web portal.

Permission level Web portal security pages TFSSecurity CLI Tf CLI
Add users to a server instance ✔️ ✔️
Collection-level, workspaces ✔️ ✔️
Project-level, test management, create tags ✔️ ✔️
Git repository ✔️ ✔️ ✔️
Team Foundation Version Control ✔️ ✔️ ✔️
Builds ✔️ ✔️
Build resources ✔️ ✔️
Pipeline security roles ✔️ ✔️
Releases ✔️ ✔️
Area path (CSS) ✔️ ✔️
Iteration path ✔️ ✔️
Delivery plans ✔️ ✔️
Work item query ✔️ ✔️
Work item tags ✔️ ✔️
Dashboards ✔️ ✔️
Notifications or alerts ✔️ ✔️

Setting permissions for SQL Server reports

For information about how to set permissions in Reporting Services, see Grant permissions to view or create SQL Server reports in TFS.