Manage extension permissions

Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2015

Learn how to grant permissions to users or groups for managing extensions. Extension management tasks include installing, disabling, enabling, reviewing, and approving extensions.

Learn how to grant permissions for publishing or updating extensions for users or groups.

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

  2. Select gear icon Organization settings.

    Open Organization settings

  3. Select Extensions.

    Extension settings hub

  4. Select Security in the upper right of the Extension Security page:

    Extension security page

  5. Add users or update permission settings:

    Extension security permission setting

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

  2. Select gear icon Admin settings.

    Open Admin settings

  3. Select Extensions, and then select Security.

    Select Extensions, and then select Security.

  4. Add users or update permission settings:

    Extension security

To grant permissions for publishing or updating to users or groups, use TFSSecurity command-line tool.

  1. At the server level, create a group, for example, "TFS Extension Publishers":

    tfssecurity /gcg "TFS Extension Publishers" "publishers who can manage extensions for the server" /server:ServerURL

  2. Grant access to the "TFS Extension Publishers" group to manage extensions:

    tfssecurity /a+ Publisher "//" CreatePublisher n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
tfssecurity /a+ Publisher "//" PublishExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
tfssecurity /a+ Publisher "//" UpdateExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
tfssecurity /a+ Publisher "//" DeleteExtension n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

    For Team Foundation Server "15" RC2 or earlier, use this syntax:

    tfssecurity /a+ Publisher "//" Create n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
tfssecurity /a+ Publisher "//" Publish n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL
tfssecurity /a+ Publisher "//" Write n:"[TEAM FOUNDATION]\TFS Extension Publishers" allow /server:ServerURL

  3. Add existing users and groups to the "TFS Extension Publishers" group.

    tfssecurity /g+ "[TEAM FOUNDATION]\TFS Extension Publishers" n:User /server:ServerURL

You can add users later to "TFS Extension Publishers". This permission is a server-level permission, so updating and deleting an extension affects all the project collections that use the extension.