Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
As you manage security for your organization, you can set permissions at the organization/collection-level, project-level, and object-level. This article helps you go to the security dialogs for setting permissions at the object-level, as the user interface varies somewhat across Azure Devops. For more information, see Get started with permissions, access, and security groups.
The following items are considered objects:
General: Dashboards, Analytic views, Wikis, and notifications
Azure Boards: Area Paths, Iteration Paths, Shared queries and query folders, and more
Azure Pipelines: Build and release pipelines, deployment groups, task groups, and more
Azure Repos: Git repositories and branches, TFVC folders or branches
Azure Artifacts: Artifacts and feeds
Work items, tags, test plans, and other test artifacts are subject to the security settings typically set at the project level or for an area path.
Prerequisites
Category
Requirements
Permissions
Member of the Project Administrators group or explicit permissions through the individual object security dialog.
Piezīme
TFVC only supports a single repository per project. You can set permissions for the repository or repo folders/branches, which inherit from the repo.
Open the permissions dialog for an object section
To access the Permissions dialog for an object, follow these steps:
Go to the specific object.
Select More....
Select Security from the dropdown menu.
Piezīme
Some objects, such as repositories and Analytics views, require at least Basic access levels. For more information, see Access levels.
Set permissions for Dashboards, Wikis, and Analytic views
You can set permissions at the project-level and organization/collection-level for some general items, such as creating, deleting, and renaming projects. The following table provides information about setting permissions at the object-level for Dashboards, Wiki, and Analytic views.
Work item tags - permissions get set at the project level, Create tag definition. Work item tags don't qualify as an object, they're defined through work items.
Tips
Let's break down the following roles related to reviewers:
Changed reviewers:
This role applies to any reviewer who was added or removed, due to policies defined for a set of files.
For example, consider a pull request (PR) where changes are made to File1.cs.
If a policy specifies that Person A needs to review changes to File1.cs, they fall into the "Changed reviewers" role for that iteration of the PR.
Reset reviewers:
This role is related to the "reset votes" policy.
Suppose the repository has the policy “Reset votes on new pushes” configured.
If Person B, who was required to review the PR, already approved it, their vote gets reset due to the policy.
As a result, they're in the "Reset reviewers" role for that iteration.
Set permissions for Repos objects
The following table provides information about setting permissions at the object-level for repos, Git repos, Git branches, and TFVC repos.
The user interface button for this feature doesn't appear for users who aren't members of the Project Collection Administrators group.
Set permissions for Pipelines objects
The following table provides information about setting permissions at the object-level for build pipelines, release pipelines, deployment groups, and more.
Open your feed > gear icon > Permissions > + Add users/groups.
no
Set permissions for Test plans objects
Test plans, test suites, test cases, and other test objects are managed similarly to work items because they represent test-specific work item types, as discussed in Test objects and terms.
You can manage test-level permissions through project-level settings or through Area Path object-level settings. For more information, see Set permissions and access for testing.
While there isn't a user interface for setting notification permissions, some permissions can be set through command line tools and the EventSubscription namespace. For more information, see Security namespace and permission reference.
Here are some more tips for managing notifications:
Notification levels:
Notifications can be set at different levels: User, team, project, and organization/collection.
Unfortunately, there isn’t a user interface specifically for setting notification permissions.
However, some permissions can be configured through command-line tools and the EventSubscription namespace.
Skip initiator option:
If you don’t want to receive notifications for events that you initiated, enable the Skip initiator option.
This prevents notifications for actions you started.
Pievienojieties meetup sērijai, lai kopā ar citiem izstrādātājiem un ekspertiem izveidotu mērogojamus AI risinājumus, kuru pamatā ir reālas lietošanas gadījumi.