Manage extension permissions

Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018

Learn how to grant permissions to users or groups for managing extensions. Extension management tasks include installing, disabling, enabling, reviewing, and approving extensions.

Learn how to grant permissions for publishing or updating extensions for users or groups.

1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

2. Select Organization settings.

   

3. Select Extensions.

   

4. Select Security in the upper right of the Extension Security page:

   

5. Add users or update permission settings:

   

1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

2. Select Admin settings.

   

3. Select Extensions, and then select Security.

   

4. Add users or update permission settings:

   

To grant permissions for publishing or updating to users or groups, use TFSSecurity command-line tool.

1. At the server level, create a group, for example, "TFS Extension Publishers":

   tfssecurity /gcg "TFS Extension Publishers" "publishers who can manage extensions for the server" /server:ServerURL
   

2. Grant access to the "TFS Extension Publishers" group to manage extensions:

   tfssecurity /a+ Publisher "//" CreatePublisher n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   tfssecurity /a+ Publisher "//" PublishExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   tfssecurity /a+ Publisher "//" UpdateExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   tfssecurity /a+ Publisher "//" DeleteExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   

   For Team Foundation Server "15" RC2 or earlier, use this syntax:

   tfssecurity /a+ Publisher "//" Create n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   tfssecurity /a+ Publisher "//" Publish n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   tfssecurity /a+ Publisher "//" Write n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
   

3. Add existing users and groups to the "TFS Extension Publishers" group.

   tfssecurity /g+ "[TEAM FOUNDATION]\TFS Extension Publishers" n:User /server:ServerURL
   

You can add users later to "TFS Extension Publishers". This permission is a server-level permission. Updating and deleting an extension affects all the project collections that use the extension.

Related articles

• Install extensions
• Request extensions
• About permissions