About access levels

Azure DevOps Services | TFS 2018 | TFS 2017 | TFS 2015 | TFS 2013

Access levels enable administrators the ability to provide their user base access to the features they need and only pay for those features. To connect and use the functions and features that TFS provides, users must be added to a group with the appropriate permissions. To use select web portal features, they must also belong to the access level that enables access to that feature.

Make sure to set each user's access level based on what you've purchased for that user. Basic access includes all Stakeholder features. Advanced and Visual Enterprise access levels include all Basic features.

To add user accounts or groups to specific access levels, see Manage users and access.

To add user accounts or groups to specific access levels, see Change access levels.

When you add a user or group to a team or project, they're automatically granted access to those features supported by the default access level, which is Basic. This provides most users all the features they need. For a simplified overview of the permissions assigned to the most common groups—Readers, Contributors, and Project Administrators—as well as the Stakeholder access group, see Permissions and access.

The systems employ these access levels:

  • Stakeholders: provides partial access, can be assigned to unlimited users for free
  • Basic: provides access to most features
  • VS Enterprise (TFS 2017.1 and later versions): provides access to premium features
  • Advanced (TFS 2017 and earlier versions): provides access to premium features

Basic access

Assign Basic access to all users with a Visual Studio subscriptions and paid Azure DevOps users, including a TFS client access license (CAL). Basic provides access to most features, except for Test and other premium features.

Basic access features

Stakeholder access

Assign Stakeholder access to an unlimited number of users for free.

Stakeholder access grants access to features differently depending on whether you're working from a private or a public project. To learn more about public projects, see What is a public project?.

Service, application, or setting Private project Public project
Dashboards Partial access Full access
Wiki Full access Full access
Boards (Work) Partial access Full access
Repos (Code) No access Full access
Pipelines (Build and Release) Full access Full access
Test Plans (Test) No access No access
Notifications Full access Full access
Semantic search Full access Full access
Project settings Partial access Partial access
Organization settings Partial access Partial access

Assign Stakeholder access to those users who need to enter bugs, view backlogs, boards, charts, and dashboards, but who don't have a TFS CAL. Stakeholders can also view releases and manage release approvals. Stakeholder access is free.

Stakeholder access features

Stakeholder access to user features for private projects

The following features are available to Stakeholders from the web portal for private projects.

Area Task
Boards/Work tracking
Organization, dashboards, Wiki, and notifications
Pipelines/Build & Release
  • All features 8

Notes:

  1. Can assign existing tags to work items, but not create new tags.
  2. Cannot change the backlog priority order (all items are added at the end of the backlog), assign items to an iteration using drag and drop, use the mapping pane or forecasting.
  3. Cannot move cards on the board to update status, set the values of fields shown on cards, or set or view team capacity.
  4. Can save queries under My Queries but cannot save under Shared Queries.
  5. Cannot view markdown README files defined for repositories.
  6. Can add users and assign licenses when added to the Project Collection Administrators group. To learn more, see Manage users and access.
  7. Have read-only permissions to wiki pages. These permissions can't be changed.
  8. When the Free access to Pipelines Preview feature is enabled, Stakeholders gain access to all Pipeline (Build and Release) features. If it is disabled, Stakeholders have access to View releases and Approve releases only.

Stakeholder access to user features for public projects

From the web portal for private projects, Stakeholders have access to the following features in full, similar to those granted to users who were granted Basic access.

Area Task
Boards/Work tracking
Organization, dashboards, Wiki, and notifications
Pipelines/Build & Release
  • All features 2

Notes:

  1. To add users and assign licenses, stakeholders must be added to the Project Collection Administrators group. To learn more, see Manage users and access.
  2. When the Free access to Pipelines Preview feature is enabled, Stakeholders gain access to all Pipeline (Build and Release) features. If it is disabled, Stakeholders have access to View releases and Approve releases only.

Stakeholder access to administrative features

The following administrative features are granted or denied to users with Stakeholder access by default. Additional features are granted to Stakeholders in public projects.

Items with a  checkmark are granted permission by default. Items with an red x indicate that permissions aren't granted and can't be granted to Stakeholders. Members of the Project Collection Administrators or Project Administrators group can grant or deny these permissions for Stakeholders.

Project settings

Permission Private project Public project
Bypass rules on work item updates yes yes
Change process of project yes yes
Create work item tag definition no yes
Delete and restore work items no yes
Move work items out of a project no yes
Permanently delete work items no yes
Suppress notifications for work item updates yes yes
Agile backlog tools management no yes

The following permissions to manage area and iteration path settings are granted to Stakeholders by default in both private and public projects:

  • Create, delete, and edit child nodes
  • Edit work items in this node (area path only)
  • View work items in this node (area path only)

The following permissions to manage organization settings are granted to Stakeholders in both private and public projects:

  • Administer process permissions
  • Create, delete, edit processes
  • Delete field from account
  • Add and manage users

You can change the permissions granted to Stakeholders. See Grant or restrict access to select features and functions.

Stakeholder access to user features

The following features are available to Stakeholders from the web portal.

Area Task
Work tracking
Dashboards, Wiki, and notifications
Pipelines (Build & Release)

Notes:

  1. Stakeholders can assign existing tags to work items, but not create new tags.
  2. Stakeholders cannot change the backlog priority order (all items are added at the end of the backlog), assign items to an iteration using drag and drop, use the mapping pane or forecasting.
  3. Stakeholders cannot move cards on the board to update status, set the values of fields shown on cards, or set or view team capacity.
  4. Stakeholders can save queries under My Queries but cannot save under Shared Queries.
  5. Stakeholders can only view and approve releases.
  6. Stakeholders cannot view markdown README files defined for repositories.
  7. Stakeholders have read-only permissions to wiki pages. These permissions can't be changed.

Stakeholder access to user features

The following features are available to Stakeholders from the web portal of the listed TFS or later version. Those not annotated are available from all versions. To determine your platform or TFS version, see Platform and version support.

Area Task
Work tracking
Dashboards and notifications
Build and release

Notes:

  1. Stakeholders can assign existing tags to work items, but not create new tags.
  2. Stakeholders cannot change the backlog priority order (all items are added at the end of the backlog), assign items to an iteration using drag and drop, use the mapping pane or forecasting.
  3. Stakeholders cannot move cards on the board to update status, set the values of fields shown on cards, or set or view team capacity.
  4. Stakeholders can save queries under My Queries but cannot save under Shared Queries.
  5. Stakeholders can only view and approve releases.
  6. Stakeholders cannot view markdown README files defined for repositories.

Features stakeholders can't access

If you need access to the following features—which support the daily work of product owners, team leads, developers, testers, and project administrators—you need to be have Basic access.

Note

Stakeholders that choose a feature that's not available to them receive an error message indicating that they don't have permissions to complete the task.

For Private projects:

  • Change the priority of an item within a backlog
  • Delete work items or move work items to another project
  • Create shared queries, view charts, and modify the home page
  • View Delivery Plans (a Marketplace extension)
  • Access the full set of features under Pipelines (Build and Release), Repos (Code) or Test Plans (Test).

For Public projects:

  • View Delivery Plans (a Marketplace extension)
  • Access the full set of features under Repos (Code) or Test Plans (Test).
  • Change the priority of an item within a backlog
  • Delete work items or move work items to another project
  • Create shared queries, view charts, and modify the home page
  • View Delivery Plans (a Marketplace extension)
  • Access the full set of features provided under Code, Build and Release, and Test
  • Change the priority of an item within a backlog
  • Delete work items or move work items to another project
  • Create shared queries, view charts, and modify the home page
  • View Delivery Plans (a Marketplace extension)
  • Access the full set of features provided under Code, Build and Release, and Test
  • Participate in team rooms, which capture interactive, detailed conversations about the project.

VS Enterprise

For TFS 2017.2 and later versions, assign VS Enterprise to those users for whom you've purchased Visual Studio Enterprise. These include a TFS CAL plus the rights to access VS Enterprise features. (For users with MSDN Platforms subscriptions or Test Professional, assign the Basic access level and the Test Manager extension.) To learn more, see Assign paid extension access to users. For example, for users with Visual Studio Test Professional or Visual Studio Enterprise, assign them access to the Test Manager extension.

VS Enterprise access features

Advanced

For TFS 2017 and earlier versions, you should assign the Advanced level to those users for whom you've purchased the full Test feature set. Here are the purchasing options:

  • Higher-level Visual Studio subscriptions: Visual Studio Test Professional, Visual Studio Enterprise, or MSDN Platforms subscriptions. These include a TFS CAL plus the rights to access the full set of Test features.
  • A paid Azure DevOps user (which includes a TFS CAL) plus the Test Manager extension.

For TFS 2017.2, Assign Advanced access to those users for whom you've purchased MSDN Platforms or Visual Studio Test Professional subscriptions. These include a TFS CAL plus the rights to access Test Manager. To learn more, see Get extensions for TFS, Assign paid extension access to users.

TFS 2017.2

TFS 2017.2, Advanced Access

TFS 2017.1

Note

With TFS 2017.1, the Advanced access level was temporarily disabled. Updating to TFS 2017.2 will re-enable it. If you are on TFS 2017.1 and have users with Visual Studio Test Professional or MSDN Platforms subscriptions, you should assign them Basic access level. In addition, you need to open Users for the project collections in which they are a member and assign them the Test Manager extension. To learn more, see Buy access to TFS or TFS Test.

TFS 2017, TFS 2015, TFS 2013

Advanced access features

Note

The Advanced access level is deprecated for TFS 2017 and later versions of TFS. Use the VS Enterprise access level only for active Visual Studio Enterprise subscribers. For MSDN Platforms and Visual Studio Test Professional with MSDN subscribers needing access to Test, assign them to the Advanced access level and the Test Manager extension.

Test Plans/Test features and Marketplace extensions

Full access to Test Plans/Test features requires VS Enterprise access. Visual Studio Test Professional plus the test features in the web portal are managed through Azure DevOps, Azure billing services, and purchase of Test Manager extensions from the Marketplace.

To learn more, see Start free trials for paid Azure DevOps Services features and extensions.

Test features and Marketplace extensions

Full access to Test Plans/Test features requires Advanced (TFS 2015 or earlier versions) or VS Enterprise (TFS 2017 or later version) access. Visual Studio Test Professional plus the test features in the TFS web portal are managed through Azure DevOps, Azure billing services, and purchase of Test Manager extensions from the Marketplace.

To learn how to grant access to an extension, see Get extensions for TFS.

What features can users access who are added to two different groups?

If a user belongs to a group that has Basic access and another group that has VS Enterprise access, the user has access to all features available through VS Enterprise, which is a superset of Basic.

TFS Service account access

TFS service accounts are added to the default access level. If you make Stakeholder the default access level, you must set the TFS service accounts to Basic or Advanced/VS Enterprise access.

Service accounts don't require a TFS CAL or other purchase.