Secure and share packages using feed permissions

Azure DevOps Services | TFS 2017

Packages you host in Azure Artifacts are stored in a feed. Setting permissions on the feed allows you to share your packages with as many or as few people as your scenario requires.

Feed permissions overview

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

Permission Reader Collaborator Contributor Owner
List and restore/install packages
Save packages from upstream sources
Push packages
Unlist/deprecate packages
Delete/unpublish package
Edit feed permissions
Rename and delete feed

By default, the Project Collection Build Service is a Contributor and your project team is a Reader.

Editing permissions for a feed

With your feed selected, select Edit feed (the gear icon).

Edit feed button

Edit feed button

Select Permissions.

Editing a feed's permissions

Editing a feed's permissions

Editing a feed's permissions

In the edit feed dialog:

  • Choose to make each person or team an Owner, Contributor, Collaborator, or Reader.
  • When you're done, select Save.

Package permissions in Azure Pipelines

To use packages from a feed in Azure Pipelines, the appropriate build identity must have permission to your feed. By default, the Project Collection Build Service is a Contributor. If you've changed your builds to run at project scope, you'll need to add the project-level build identity as a Reader or Contributor, as desired. The project-level build identity is named as follows:

[Project name] Build Service ([Organization name]) (e.g. FabrikamFiber Build Service (codesharing-demo))

Sharing packages with everyone in your organization

If you want to make the packages in a feed available to all users in your organization, create or select a view that contains the packages you want to share and ensure its visibility is set to People in my organization.