Request an increase in permission levels

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

To get access to certain tasks, you might need to request an increase to your permissions or be added to a security role. Typically, you'll do this upon receiving an information or error message indicating you have insufficient permissions. Such a message will indicate the permission levels you need.

Prior to requesting a change in permission levels, make sure you understand the basics by reviewing Get started with permissions, access, and security groups.

Common permissions to request

Most users added to the Contributors group are granted the permissions they need to perform most tasks. However, the following tasks require membership in the Project Administrators group or a change in permissions.

• Work tracking

  • Add or change Area Paths or Iteration Paths: Requires elevated permissions to an Area Path or Iteration Path node. For more information, see Set work tracking permissions, Create child nodes.
  • Create shared queries or query folders: Requires elevated permissions set for a shared query folder. For more information, see Set work tracking permissions, Set permissions on queries or query folders.
  • Change team settings—such as board settings: Requires addition as a team administrator. For more information, see Add or remove a team administrator

• Source code, Git repositories, the following tasks require elevated permissions for Git repositories or a specific repository. For more information, see Set Git repository permissions.

  • Create, delete, or rename a Git repository
  • Manage repository permissions
  • Bypass policies

The following tasks require membership in the Project Collection Administrators group or a change in permissions at the collection-level or addition to a specific role.

• Collection-level configurations
  • Create projects: Requires elevated permissions at the collection level.
  • Add, edit, or manage a process: Requires elevated permissions at the collection level or process-level permissions.
  • Install, uninstall, or disable extensions: Requires addition to the Manager role for extensions.

For an overview of built-in security groups and default permission assignments, see Default permissions and access.

Prerequisites

• To view permissions, you must be a member of the Project Valid Users group. Users added to a project are automatically added to this security group. For more information, see View permissions for yourself or others.
• To look up an administrator for your project or project collection, you must be a member of the Project Valid Users group.

Note

Users added to the Project-Scoped Users group won't be able to access Organization Settings other than the Overview section if the Limit user visibility and collaboration to specific projects preview feature is enabled for the organization. For more information including important security-related call-outs, see Manage your organization, Limit user visibility for projects and more.

Review your permission assignments

Before you request a change to permission levels, review your permission assignments as described in View permissions for yourself or others.

Verify that your permission assignments are preventing you from accomplishing a task you need to perform.

Request a change to a permission level or role change

To request a change or increase in your permission levels, take the following actions:

1. Identify the permissions you need and at what level. Permissions are set at the object, project, and project-collection level. Also, permissions are granted through various roles. To identify the level and permission you need, review the Permissions lookup guide.

2. Identify a person in your organization who can grant you the permissions you need. For example:

   • To get permissions to manage team settings, identify the team administrator for your team or a member of the Project Administrators group.
   • To change an object-level permission, identify the owner of the object or a member of the Project Administrators group. To learn how, see Set object-level permissions.
   • To change a project-level permission, identify a member of the Project Administrators group. See Look up a project administrator.
   • To change a project collection-level permission, identify a member of the Project Collection Administrators group. See Look up a project collection administrator.

3. Contact the person you identified in step 2 and make your request. Make sure you specify the permission you want changed.

Refresh or re-evaluate your permissions

After your permission levels are changed, you may need to refresh your permissions for Azure DevOps to recognize the changes. This step is recommended when a change is made to your permission level, role level, or if you are added to a new or different Azure DevOps, Microsoft Entra ID, or Active Directory security group. When you are added to a new or different security group, your inherited permissions may change.

By refreshing your permissions, you cause Azure DevOps to re-evaluate your permission assignments. Otherwise, your permission assignments won't be refreshed until you sign-off, close your browser, and sign-in again.

To refresh your permissions, choose User settings, on the Permissions page, you can select Re-evaluate permissions. This function reevaluates your group memberships and permissions, and then any recent changes take effect immediately.

Related articles

• Permissions lookup guide
• Default permissions and access
• Troubleshoot permissions
• Look up a project administrator
• Look up a project collection administrator