About access levels
TFS 2017 | TFS 2015 | TFS 2013
Access levels grant or restrict access to select web portal features. This is in addition to permissions granted through security groups, which provide or restrict specific tasks. Access levels enable administrators to provide their user base access to the features they need and only pay for those features.
Important
To view the content available for your platform, make sure that you select the correct version of this article from the version selector which is located above the table of contents. Feature support differs depending on the on-premises version of TFS you are using. .
To learn which on-premises version you are using, see What platform/version am I using?
When you add a user or group to a team or project, they're automatically granted access to those features supported by the default access level and those supported by the security group to which they are added. Most users can access most features by being assigned to the Basic access level and Contributors security group. For a simplified overview of the permissions assigned to the most common groups Readers, Contributors, and Project Administrators, see Default permissions.
To add user accounts or groups to specific access levels, see Change access levels. Make sure to set each user's access level based on what you've purchased for that user.
Supported access levels
Assign users or groups of users to one of the following access levels:
- Stakeholder: Provides partial access, can be assigned to unlimited users for free. Assign to users with no license or subscriptions who need access to a limited set of features.
- Basic: Provides access to most features. Assign to users with a CAL or with a Visual Studio subscription.
- Advanced: Provides access to premium features. Only assign to users with a subscription to MSDN Platforms or Visual Studio Test Professional.
The following table indicates those features available for each supported access level. Visual Studio Test Professional and MSDN Platform subscriptions grant access to the same features as Visual Studio Enterprise.
Feature
Stakeholder
(Limited)
Basic
(Standard)
Advanced
(Full)
Administer organization
Can configure resources when also added to a security group or role: team administrator, Project Administrator, or Project Collection Administrator.
✔️
✔️
✔️
Advanced backlog and sprint planning tools
Includes full access to all backlog and sprint planning tools.
✔️
✔️
Advanced home page
Includes access to projects, work items, and pull requests defined across projects you work in.
✔️
✔️
Advanced portfolio management
Includes full access to define features and epics from a portfolio backlog or Kanban board.
✔️
✔️
Agile boards
Stakeholders have limited access to Kanban boards and Taskboards. Stakeholders can't add work items, drag-and-drop cards to update status, update fields displayed on cards, nor view or set capacity.
✔️
✔️
✔️
Agile Portfolio Management
Includes limited access to portfolio backlogs and Kanban boards. Stakeholders can't change the backlog priority order, can't assign items to an iteration, use the mapping pane, or exercise forecasting.
✔️
Author Release Pipelines and Manage Releases
Includes defining release pipelines, multi-stage continuous deployment (CD) pipelines, and using approvals and gates to control deployments; when the Free access to Pipelines Preview feature is enabled, Stakeholders gain access to all Azure Pipelines features.
✔️
✔️
Basic backlog and sprint planning tools
Includes limited access to add and modify items on backlogs and sprint backlogs and taskboards. Stakeholders can't assign items to an iteration, use the mapping pane, or forecasting.
✔️
✔️
Build
Includes full access to all features to manage continuous integration and continuous delivery of software.
✔️
✔️
Chart Authoring
Can create work tracking query charts.
✔️
✔️
Chart Viewing
Can only view work tracking query charts. Stakeholders can't view query charts from the Queries page, however can view them when added to a dashboard.
✔️
✔️
Code
Includes full access to all features to manage code using Git repositories or using Team Foundation Version Control (TFVC) Team Foundation Version Control (TFVC).
✔️
✔️
Request and Manage Feedback Includes full access to request and manage feedback on working software.
✔️
✔️
Standard Features
Includes working across projects, View dashboards, View wikis, and Manage personal notifications. Stakeholders can't view Markdown README files defined for repositories and can only read wiki pages.
✔️
✔️
✔️
Team rooms
Requires TFS 2017 or earlier versions. Deprecated for TFS 2018 and later versions.
✔️
✔️
Test services in build and release
Includes running unit tests with your builds, reviewing, and analyzing test results.
✔️
✔️
Test Case Management
Includes adding test plans and test suites, creating manual test cases, deleting test artifacts, and testing different configurations.
✔️
Test Execution and Test Analysis
Includes running manual, tracking test status, and automated tests.
✔️
✔️
View My Work Items
Access to add and modify work items, follow work items, view and create queries, and submit, view, and change feedback responses. Stakeholders can only assign existing tags to work items (can't add new tags) and can only save queries under My Queries (can't save under Shared Queries).
✔️
✔️
✔️
Advanced access
Users assigned Advanced access can manage test cases when you have purchased the Test Manager extension for Azure Test Plans and assigned to the user accounts to gain full access to Web-based test case management tools.
What features are available to users who are added to two different access levels?
If a user belongs to a group that has Basic access and another group that has VS Enterprise access, the user has access to all features available through VS Enterprise, which is a superset of Basic.
Service account access
Azure DevOps Server service accounts are added to the default access level. If you make Stakeholder the default access level, you must add the service accounts to Basic or Advanced/VS Enterprise access.
Service accounts don't require a CAL or other purchase.