Set permissions and access for testing
TFS 2017 | TFS 2015 | TFS 2013
To exercise the full features of Azure Test Plans, you must be granted Basic + Test Plans access level or have one of the following subscriptions:
In addition, you can grant or restrict access to various manual test features by granting users or groups specific permissions for an object or project. Many test artifacts correspond to test-specific work item types. So, work-tracking permissions apply to test-specific work items, such as test plans, test suites, test cases and more. You set permissions for work items and manual testing features for area paths and at the project-level. You set permissions to manage test controllers at the organization or collection level. Test controllers are used in performing load tests.
Object-level, Area path level
- Edit work items in this node: Add or edit test-specific work items, such as test plans, test suites, test cases, shared steps, or shared parameters.
- Manage test plans: Modify test plan properties such as build and test settings.
- Manage test suites: Create and delete test suites, add, and remove test cases from test suites, change test configurations associated with test suites, and modify a test suite hierarchy (move a test suite).
Project-level
- Manage test configurations: Add or edit test configurations and configuration variables.
- Manage test environments: Add or edit test plan settings.
- Create test runs: Run manual tests
- Delete and restore work items: Delete test-specific work items
- Manage test configurations: Add or edit test configurations and configuration variables.
- Manage test environments: Add or edit test plan settings.
- Move work items out of this project: Move work items from one project to another
- Permanently delete work items: Permanently delete test-specific work items
Organization or collection-level
- Manage test controllers: Permission associated with a deprecated feature for TFS 2018 and later versions. To learn more, see Overview of test agents and test controllers for running load tests and Install test agents and test controllers.
Prerequisites
- To manage access-levels, you must be a member of the Azure DevOps Server Administrators group.
- To manage project or object-level test-related permissions, you must be a member of the Project Administrators security group.
- To manage collection-level permissions or manage access levels, you must be a member of the Project Collection Administrators security group, or have your Edit instance-level information set to Allow.
For more information, see the following articles:
- About access levels
- Add a server-level administrator
- Change access levels for users or groups
- Change project-level permissions
- Change project collection-level permissions
Grant access to manual testing features
To have full access to the Test feature set, your access level must be set to Basic + Test Plans. Users with Basic access and with permissions to permanently delete work items and manage test artifacts can only delete orphaned test cases.
Manage test plans and test suites under an area path
Area path permissions let you grant or restrict access to edit or modify test plans or test suites assigned to those areas. You can restrict access to users or groups.
In addition to the project-level permissions set in the previous section, team members need permissions to manage test artifacts which are set for an area path.
Open the Security page for area paths and choose the user or group you want to grant permissions.
Set the permissions for Manage test plans and Manage test suites to Allow.
Set permissions to manage test controllers
Test controllers are used to perform load testing. To learn more, see Overview of test agents and test controllers for running load tests.
To set permissions for managing test controllers, open Organization settings and choose Security or Permissions. Choose the group you want to grant permissions. To learn how to access organization or collection-level Security, see Change project collection-level permissions.
In this example, we grant members assigned to the Team Collection Admin group permissions to manage test controllers.
