Configure release pipeline permissions in Azure Pipelines
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
This article describes how to set user and group permissions to securely manage release pipelines in Azure Pipelines. Permissions control who can view, use, edit, and manage release pipelines and releases.
Once you create a release pipeline, you can set project-level permissions for all release pipelines and object-level permissions for individual release pipelines and stages. You can also set permissions for release stages, which are a subset of permissions inherited from the object-level release pipeline permissions.
The permission hierarchy for release pipelines is:
- project-level release pipelines permissions
- object-level release pipeline permissions
- object-level stage permissions
By default the following users and groups are assigned permissions:
| Group | Role |
|---|---|
| Contributors | All permissions except Administer release permissions. |
| Project Administrators | All permissions. |
| Readers | Can view pipelines and releases. |
| Release Administrators | All permissions. |
| Project Collection Administrators | All permissions. |
| <project name> Build Service(<organization/collection name>) | Can view pipelines and releases. |
| Project Collection Build Server (<organization/collection name>) | Can view pipelines and releases. |
For permission descriptions, see Permissions and groups.
Prerequisites
- You must be a member of an administrator group or be allowed Administer release permissions to manage permissions.
- A release pipeline must be created to set permissions.
Set project-level release pipeline permissions
Follow these steps to update permissions for all releases:
Go to your project and select Pipelines > Releases.
Select the file view icon.
Select the All pipelines folder.
Select More actions
and select Security.
Select users and groups to and change their permissions.
When you're finished, close the dialog to save your changes.
Add users or groups to the permissions dialog
To add users and groups that aren't listed in the permissions dialog:
- Enter the user or group in the search bar, then select the user or group from the search result.
- Set the permissions.
- Close the dialog.
When you open the security dialog again, the user or group is listed.
Remove users or groups from the permissions dialog
To delete a user from the permissions list:
Select the user or group.
Select Remove and clear explicit permissions.
When finished, close the dialog to save your changes.
Follow these steps to set permissions for all releases:
Go to your project and select Pipelines > Releases from the menu.
Select the file view icon.
Select the All pipelines folder.
Select More actions
and select Security.
To add users or groups that aren't listed in the permissions dialog, select Add, enter the user or group, and select Save changes.
Select a user and group and set the permission to Allow, Deny or Not set, then select Save changes or Undo changes.
Repeat the previous step for each user or group to modify their permissions.
When you're finished, close the dialog.
Set object-level release pipeline permissions
By default, the object-level permissions for individual release pipelines are inherited from the project-level release pipeline permissions. You can override these inherited permissions for a specific release pipeline.
To override permissions for a release:
Go to your project and select Pipelines > Releases.
Select the file view icon
.Select the release pipeline you want to modify, and then select More actions
> Security.
Select users or groups to set their permissions to Allow, Deny or Not set.
When you're finished, close the dialog to save your changes.
When you explicitly set an inherited user or group permission, inheritance is disabled for that specific permission. To restore inheritance, set the permission to Not set. To disable inheritance for all user and group permissions, turn off the Inheritance setting. Upon re-enabling inheritance, the permissions for all users and groups revert to their project-level settings.
Add users or groups to the permissions dialog
To add users and groups that aren't listed in the permissions dialog:
- Enter the user or group in the search bar, then select the user or group from the search result.
- Set the permissions.
- Close the dialog.
When you open the security dialog again, the user or group is listed.
Remove users or groups from the permissions dialog
Users and groups can be removed from a release pipeline. Inherited users and groups can't be removed unless inheritance is disabled.
Select the user or group.
Select Remove and clear explicit permissions.
When finished, close the dialog to save your changes.
You can set the permissions to Allow, Deny, or to Not set if the permission is not inherited. If inheritance is enabled you can change an explicitly set permission back to the inherited value.
Go to your project and select Pipelines > Releases.
Select the file view icon
.Select the release pipeline you want to modify, select More actions
, and select Security.
To add users or groups that aren't listed in the permissions dialog, select Add, enter the user or group, and select Save changes.
Select a user and group and set the permission to Allow, Deny, or Not set, or the inherited value (for example, Allow (inherited)).
Select Save changes or you can select Undo changes to undo the changes. You must save the changes to apply the permissions before selecting another user or group.
To remove a user or group, select the user or group and select Remove. Inherited users and groups can't be removed unless inheritance is disabled.
Select OK when you're finished.
When you explicitly set an inherited user or group permission, inheritance is disabled for that specific permission. To restore inheritance, set the permission to Not set. Select Clear explicit permissions to reset all explicitly set permissions to their inherited settings. To disable inheritance for all user and group permissions, turn off the Inheritance setting. Upon re-enabling inheritance, the permissions for all users and groups revert to their project-level settings.
Set release stage permissions
Stage permissions are a subset of permissions that are inherited from the object-level release pipeline permissions.
To set permissions for a stage:
Go to your project, select Pipelines > Releases.
Select the file view icon
and select All pipelines.Select the release pipeline you want to modify from All pipelines
Select the stage you want to modify.
Select the More options icon
and select Security.
To add users or groups that aren't listed in the permissions dialog, select Add, enter the user or group, and select Save changes.
Select users and groups to set their permissions to Allow, Deny or Not set.
Select Save changes or you can select Undo changes to undo the changes. You must save the changes to apply the permissions before selecting another user or group.
You can select more users and groups to change their permissions.
To remove a user or group, select the user or group and select Remove. Inherited users and groups can't be removed unless inheritance is disabled.
Select OK when you're finished.
When you explicitly set an inherited user or group permission, inheritance is disabled for that specific permission. To restore inheritance, set the permission to Not set. Select Clear explicit permissions to reset all explicitly set permissions to their inherited settings. To disable inheritance for all user and group permissions, turn off the Inheritance setting. Upon re-enabling inheritance, the permissions for all users and groups revert to their project-level settings.
Related articles
Atsauksmes
Drīzumā: 2024. gada laikā mēs pakāpeniski pārtrauksim izmantot “GitHub problēmas” kā atsauksmju par saturu mehānismu un aizstāsim to ar jaunu atsauksmju sistēmu. Papildinformāciju skatiet: https://aka.ms/ContentUserFeedback.
Iesniegt un skatīt atsauksmes par