Request an increase in permission levels

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019 | TFS 2018

To get access to certain tasks, you might need to request an increase to your permissions or be added to a security role. Typically, you'll do this upon receiving an information or error message indicating you have insufficient permissions. Such a message will indicate the permission levels you need.

Prior to requesting a change in permission levels, make sure you understand the basics by reviewing Get started with permissions, access, and security groups.

Common permissions to request

Most users added to the Contributors group are granted the permissions they need to perform most tasks. However, the following tasks require membership in the Project Administrators group or a change in permissions.

The following tasks require membership in the Project Collection Administrators group or a change in permissions at the collection-level or addition to a specific role.

  • Collection-level configurations
    • Create projects: Requires elevated permissions at the collection level.
    • Add, edit, or manage a process: Requires elevated permissions at the collection level or process-level permissions.
    • Install, uninstall, or disable extensions: Requires addition to the Manager role for extensions.

For an overview of built-in security groups and default permission assignments, see Default permissions and access.

Prerequisites

  • To view permissions, you must be a member of the Project Valid Users group. Users added to a project are automatically added to this security group. To learn more, see View permissions for yourself or others.
  • To look up an administrator for your project or project collection, you must be a member of the Project Valid Users group.

Note

Users added to the Project-Scoped Users group won't be able to access Organization Settings other than the Overview section if the Limit user visibility and collaboration to specific projects preview feature is enabled for the organization. For more information including important security-related call-outs, see Manage your organization, Limit user visibility for projects and more.

Review your permission assignments

Before you request a change to permission levels, review your permission assignments as described in View permissions for yourself or others.

Verify that your permission assignments are preventing you from accomplishing a task you need to perform.

Request a change to a permission level or role change

To request a change or increase in your permission levels, take the following actions:

  1. Identify the permissions you need and at what level. Permissions are set at the object, project, and project-collection level. Also, permissions are granted through various roles. To identify the level and permission you need, review the Permissions lookup guide.

  2. Identify a person in your organization who can grant you the permissions you need. For example:

  3. Contact the person you identified in step 2 and make your request. Make sure you specify the permission you want changed.

Refresh or re-evaluate your permissions

After your permission levels are changed, you may need to refresh your permissions for Azure DevOps to recognize the changes. This step is recommended when a change is made to your permission level, role level, or if you are added to a new or different Azure DevOps, Microsoft Entra ID, or Active Directory security group. When you are added to a new or different security group, your inherited permissions may change.

By refreshing your permissions, you cause Azure DevOps to re-evaluate your permission assignments. Otherwise, your permission assignments won't be refreshed until you sign-off, close your browser, and sign-in again.

To refresh your permissions, choose User settings, on the Permissions page, you can select Re-evaluate permissions. This function reevaluates your group memberships and permissions, and then any recent changes take effect immediately.

Reevaluate permissions control