Change project-level permissions

Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018

Several permissions are set at the project level. You can grant these permissions by adding a user or group to the Project Administrators group. Or, you can grant select project-level permissions to a custom security group or to a user.

Consider adding users to the Project Administrators group when they are tasked with adding or managing teams, area and iteration paths, repositories, service hooks, and service end points.

See the following articles for related information:

Project-level permissions

The following table lists the permissions assigned at the project-level. All of these permissions are granted to members of the Project Administrators group, except for the Delete shared Analytics views and Edit shared Analytics views permissions which are not set. For a description of each permission, see Permissions and groups reference, Groups.

The following table lists the permissions assigned at the project-level. All of these permissions are granted to members of the Project Collection Administrators group. For a description of each permission, see Permissions and groups reference, Groups.

Note

Permissions associated with Analytics requires that the Inherited process model is selected for an on-premises project collection.

General

  • Delete team project
  • Edit project-level information
  • Manage project properties
  • Rename team project
  • Suppress notifications for work item updates
  • Update project visibility
  • View project-level information
  • Delete team project
  • Edit project-level information
  • Manage project properties
  • Rename team project
  • Suppress notifications for work item updates
  • View project-level information
  • Delete team project
  • Edit project-level information
  • Manage project properties
  • Rename team project
  • View project-level information

Boards

  • Bypass rules on work item updates
  • Change process of team project
  • Create tag definition
  • Delete and restore work items
  • Move work items out of this project
  • Permanently delete work items
  • Bypass rules on work item updates
  • Change process of team project
  • Create tag definition
  • Delete and restore work items
  • Move work items out of this project
  • Permanently delete work items
  • Create tag definition
  • Delete and restore work items
  • Permanently delete work items

Analytics

  • Delete shared Analytics views
  • Edit shared Analytics views
  • View analytics

Test Plans

  • Create test runs
  • Delete test runs
  • Manage test configurations
  • Manage test environments
  • View test runs

Note

By default, Contributors are assigned the Create tag definition permission. Although the Create tag definition permission appears in the security settings at the project-level, tagging permissions are actually collection-level permissions that are scoped at the project level when they appear in the user interface. To scope tagging permissions to a single project when using a command-line tool, you must provide the GUID for the project as part of the command syntax. Otherwise, your change will apply to the entire collection. To learn more about work item tagging permissions, see Security groups, service accounts, and permissions, Work item tags.

Prerequisites

  • To manage permissions or groups at the project level, you must be a member of the Project Administrators security group. If you created the project, you are automatically added as a member of this group. To get added to this group, you need to request permissions from a member of the Project Administrators group. See Look up a project administrator.
  • If want to add security groups defined in Azure Active Directory or Active Directory, make sure those are first defined. To learn more, see Add AD/Azure AD users or groups to a built-in security group.

Note

Users granted Stakeholder access, aren't able to access select features even if granted permissions to those features. To learn more, see Permissions and access.

Add members to the Project Administrators group

You can add users who've been added to a project, organization, or collection to the Project Administrators group. To add a custom security group, first create the group as described in Add or remove users or groups, manage security groups.

Here we show how to add a user to the built-in Project Administrators group. The method is similar to adding an Azure Active Directory or Active Directory group.

Note

To enable the new user interface for the Project Permissions Settings Page, see Enable preview features.

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project settings and then Permissions.

    Choose Project settings, and then Permissions

  3. Choose Project Administrators group, Members, and then Add.

    Project Settings > Permissions, Add member

  4. Enter the name of the user account or custom security group into the text box and then select from the match that appears. You can enter several identities recognized by the system into the Add users and/or groups box. The system automatically searches for matches. Choose the matches that meet your choices.

    Add users and group dialog, preview page.

  5. Choose Save.

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project Settings and then Security.

    To see the full image, click to expand.

    Project Settings>Security

  3. Choose Project Administrators group, Members, and then Add.

    Project Settings>Security, Add member

  4. Enter the name of the user account into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog, on-premises.

    Note

    Users that have limited access, such as Stakeholders, won't be able to access select features even if granted permissions to those features. To learn more, see Permissions and access.

  5. Choose Save changes. Choose the refresh icon to see the additions.

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose the gear icon to open the administrative context.

    Open Project Settings, horizontal nav

  3. Choose Security, Project Administrators group, Members, and then Add.

    Project Settings>Security, Add member

  4. Enter the name of the user account into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog, TFS 2018 and earlier versions.

    Note

    Users that have limited access, such as Stakeholders, won't be able to access select features even if granted permissions to those features. To learn more, see Permissions and access.

  5. Choose Save changes. Choose the refresh icon to see the additions.

Change permissions for a group

You can change the project-level permissions for any project-level group. Each team added to a project is automatically added as a project-level group. To add security groups to a project, see Add or remove users or groups, manage security groups. To understand permission assignments and inheritance, see About permissions, Permission states.

Note

To enable the new user interface for the Project Permissions Settings Page, see Enable preview features.

  1. Open the Permissions page as described in the previous section, Add a user or group to the Project Administrators group.

    Note

    You can't change the permission settings for the Project Administrators group. This is by design.

  2. From the Permissions page, choose the group whose permissions you want to change.

    For example, here we choose the Contributors group, change their permissions for Delete and restore work items to Allow.

    Screenshot of Contributors group, permissions, preview page.

    Your changes are automatically saved.

    Tip

    In general, if you add a user to the Contributors group, they can add and modify work items. You can restrict permissions of users or user groups to add and modify work items based on the Area Path. For details, see Set permissions and access for work tracking, Modify work items under an area path.

  1. From the Security page, choose the group whose permissions you want to change.

    For example, here we grant permission to the Contributors group to delete and restore work items.

    Screenshot of Contributors group, permissions, on-premises versions.

    Tip

    In general, if you add a user to the Contributors group, they can add and modify work items. You can restrict permissions of users or user groups to add and modify work items based on the area path. For details, see Set permissions and access for work tracking, Modify work items under an area path.

    For a description of each permission, see Permissions and groups reference, project-level permissions.

    Note

    You can't change the permission settings for the Project Administrators group. This is by design.

  2. Choose Save changes.

Change permissions for a user

You can change the project-level permissions for a specific user. To understand permission assignments and inheritance, see About permissions, Permission states.

Note

To enable the new user interface for the Project Permissions Settings Page, see Enable preview features.

  1. Open the Permissions page as described in the previous section, Add a user or group to the Project Administrators group.

  2. From the Permissions page, choose Users, and then choose the user whose permissions you want to change.

    Screenshot of Users tab, choose a user.

  3. From the Permissions page, change the assignment for one or more permissions.

    For example, here we change the Edit project-level information for Christie Church.

    Screenshot of selected users, Permissions.

    Dismiss the dialog when done. Your changes are automatically saved.

  1. Open the Security page as described in the previous section, Add a user or group to the Project Administrators group.

  2. From the Security page, in the Filter users and groups text box, enter the name of the user whose permissions you want to change.

  3. Change change the assignment for one or more permissions.

    For example, here we change the Edit project-level information for Christie Church.

    Screenshot of selected user , change Edit project-level information permission level.

  4. Choose Save changes.

Next steps