Set TFVC repository permissions
TFS 2018
Visual Studio 2019 | Visual Studio 2022
You can grant or restrict access to a Team Foundation Version Control (TFVC) repository to lock down who can contribute to your source code. There's only one TFVC repository per project. For guidance on who to give greater permission levels, see Grant or restrict access using permissions.
Prerequisites
You must have a TFVC project. If you don't have a project yet, create one in Azure DevOps Services or set one up in on-premises Azure DevOps Server.
You must be a member of the Project Administrators group or have Manage permissions set to Allow for the TFVC repository.
To contribute to the source code, you must be granted Basic access level or greater. Users granted Stakeholder access have no access to source code. To learn more, see About access levels.
Default repository permissions
By default, members of the project Contributors group have permissions to contribute to a repository. For a description of each security group and permission level, see Security groups, service accounts, and permissions in Azure DevOps.
Note
Tasks such as create, delete, or rename a TFVC repository are not supported. Once a TFVC repository is created you can't delete it. Also, you can only have one TFVC repository per project. This is different from Git repositories which allow for adding, renaming, and deleting multiple repositories.
Permission
Readers
Contributors
Build Admins
Project Admins
Check in, Label, Lock, Merge, Pend a change in a server workspace, Read
Read only
✔️
✔️
✔️
Administer labels, Manage branches, Manage permissions, Revise other users' changes, Undo other users' changes, Unlock other users' changes
✔️
Set TFVC repository security permissions
To set permissions for a custom security group, you must have defined that group previously. See Change project-level permissions.
In the web portal for the project where you want to set permissions, select Settings and then select Version Control. Choose the TFVC repository for the project.
Choose the security group whose permissions you want to manage.
Change the permission setting to Allow or Deny.
For example, here you change the Manage branch permission to Allow for all members of the Contributors group.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Microsoft Entra ID or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
Save your changes.