Permissions and access for work tracking

Azure DevOps Services | Azure DevOps Server 2019 | TFS 2018 | TFS 2017 | TFS 2015 | TFS 2013

As a member of an Azure DevOps project, you can use most of the features to track work. Limitations to select features are based on the access level and security group to which a user is assigned. The Basic access level and higher supports full access to all Azure Boards features. Stakeholder access level provides partial support to select features, allowing users to view and modify work items, but not use all features. The built-in security groups—Readers, Contributors, and Project Administrators— and team administrator role grant permissions to specific features.

As a member of an Azure DevOps project, you can use most of the features to track work. Limitations to select features are based on the access level and security group to which a user is assigned. The Basic access level and higher supports full access to all features under the Work hub. Stakeholder access level provides partial support to select features, allowing users to view and modify work items, but not use all features. The built-in security groups—Readers, Contributors, and Project Administrators— and team administrator role grant permissions to specific features.

In the tables provided in this article, a  checkmark indicates that the corresponding access level or security group has access to a feature by default.

Note

Team administrators can configure settings for their team's tools. Organization owners and members of the Project Administrators group can configure settings for all teams. To be added as an administrator, see Add team administrators or Add administrators, set permissions at the project-level or project collection-level.

For a comparison chart of Stakeholder versus Basic access, see the Feature matrix. To assign or change an access level, see Add users and assign licenses. If you need to grant specific users select permissions, you can do so.

General work item feature access

You can use work items to track anything you need to track. To learn more, see Understand how work items are used to track issues, tasks, and epics.

Task Stakeholders Readers Contributors Team admins
View/open work items checkmark checkmark checkmark checkmark
Add work items, add tags to work items
(Stakeholders can assign existing tags to work items, but can't add new tags)
checkmark checkmark checkmark
Change work item type checkmark checkmark checkmark
Move work item to another project checkmark checkmark
Email work items checkmark checkmark checkmark
Apply a work item template checkmark checkmark checkmark
Delete work items (able to restore from the Recycle bin) checkmark checkmark
Permanently delete work items checkmark
Provide feedback (through the Microsoft Feedback client) checkmark checkmark checkmark checkmark
Request feedback checkmark checkmark

Note

You can change the work item type or move work items to another project within a project collection. These features require that the data warehouse is disabled. With the data warehouse disabled, you can use the Analytics Service to support your reporting needs. To learn more about disabling the data warehouse, see Disable the data warehouse and cube.

Task Stakeholders Readers Contributors Team admins
View/open work items checkmark checkmark checkmark checkmark
Add work items, add tags to work items
(Stakeholders can assign existing tags to work items, but can't add new tags)
checkmark checkmark checkmark
Email work items checkmark checkmark checkmark
Apply a work item template checkmark checkmark checkmark
Delete work items (able to restore from the Recycle bin) checkmark checkmark
Permanently delete work items checkmark
Provide feedback (through the Microsoft Feedback client) checkmark checkmark checkmark checkmark
Request feedback checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View/open work items checkmark checkmark checkmark checkmark
Add work items, add tags to work items
(Stakeholders can assign existing tags to work items, but can't add new tags)
checkmark checkmark checkmark
Email work items checkmark checkmark checkmark
Delete work items (able to restore from the Recycle bin) checkmark checkmark
Permanently delete work items checkmark
Provide feedback (through the Microsoft Feedback client) checkmark checkmark checkmark checkmark
Request feedback checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View/open work items checkmark checkmark checkmark checkmark
Add work items, add tags to work items
(Stakeholders can assign existing tags to work items, but can't add new tags)
checkmark checkmark checkmark
Email work items checkmark checkmark checkmark
Permanently delete work items checkmark
Provide feedback (through the Microsoft Feedback client) checkmark checkmark checkmark checkmark
Request feedback checkmark checkmark

Boards feature access

You use Boards to implement Kanban methods. Boards present work items as cards and support quick status updates through drag-and-drop.

Task Stakeholders Readers Contributors Team admins
View boards and open work items checkmark checkmark checkmark checkmark
Add work items to a board; update status, reorder, or reparent child tasks through drag-and-drop; update a field on a card checkmark checkmark
Add child tasks to a checklist checkmark checkmark checkmark
Assign to a sprint (from card menu) checkmark checkmark checkmark
Customize a board, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View boards and open work items checkmark checkmark checkmark checkmark
Add work items to a board; update status through drag-and-drop checkmark checkmark
Assign to a sprint checkmark checkmark checkmark
Customize a board, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark

Backlogs features access

Backlogs display work items as lists. A product backlog represents your project plan and a repository of all the information you need to track and share with your team. Portfolio backlogs allow you to group and organize your backlog into a hierarchy.

Task Stakeholders Readers Contributors Team admins
View backlogs and open work items checkmark checkmark checkmark checkmark
Add work items to a backlog
(Stakeholders can only add items to the bottom of the backlog)
checkmark checkmark checkmark
Use bulk edit features checkmark checkmark checkmark
Add child items to a backlog item; prioritize or reorder a backlog; parent items using the Mapping pane; Assign items to a sprint using the Planning pane checkmark checkmark
Customize a backlog, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View backlogs and open work items checkmark checkmark checkmark checkmark
Add work items to a backlog
(Stakeholders can only add items to the bottom of the backlog)
checkmark checkmark checkmark
Use bulk edit features checkmark checkmark checkmark
Add child items to a backlog item; prioritize or reorder a backlog; parent items using the Mapping pane checkmark checkmark
Customize a backlog, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark

Sprints feature access

You use sprint tools to implement Scrum methods. The Sprints set of tools provide filtered views of work items that a team has assigned to specific iteration paths or sprints.

Task Stakeholders Readers Contributors Team admins
View sprint backlogs, taskboards, and open work items checkmark checkmark checkmark checkmark
Add work items to a sprint backlog
(Stakeholders can add backlog items to the bottom of a sprint backlog)
checkmark checkmark checkmark
Add work items to a taskboard
(Stakeholders can add backlog items but not tasks)
checkmark checkmark
Prioritize/reorder a sprint backlog or taskboard; add child items to a backlog item; reassign items to a sprint using the Planning pane checkmark checkmark
View team capacity (work details) checkmark checkmark checkmark checkmark
Set team capacity checkmark checkmark
Use bulk edit features checkmark checkmark checkmark
Define sprints, set sprint dates checkmark
Customize a sprint backlog or taskboard, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View sprint backlogs, taskboards, and open work items checkmark checkmark checkmark checkmark
Add work items to a sprint backlog
(Stakeholders can add backlog items to the bottom of a sprint backlog)
checkmark checkmark checkmark
Add work items to a taskboard
(Stakeholders can add backlog items but not tasks)
checkmark checkmark
Prioritize/reorder a sprint backlog or taskboard; add child items to a backlog item; reassign items to another using drag-and-drop checkmark checkmark
View team capacity (work details) checkmark checkmark checkmark checkmark
Set team capacity checkmark checkmark
Use bulk edit features checkmark checkmark checkmark
Define sprints, set sprint dates checkmark
Customize a sprint backlog or taskboard, configure team settings
(Stakeholders assigned as a team administrator or Project Administrator can configure team settings)
checkmark checkmark

Queries are filtered lists of work items based on criteria that you define by using a query editor. Adhoc searches are powered by a semantic search engine.

Task Stakeholders Readers Contributors Project admins
View and run managed queries checkmark checkmark checkmark checkmark
Create and save managed My queries checkmark checkmark checkmark
Create and save managed Shared queries
(Stakeholders can't save Shared queries even if granted permissions)
checkmark
View query charts checkmark checkmark checkmark
Create query charts checkmark checkmark
Powerful semantic work-tracking search checkmark checkmark checkmark checkmark
Task Stakeholders Readers Contributors Team admins
View and run managed queries checkmark checkmark checkmark checkmark
Create and save managed queries
(Stakeholders can't save shared queries)
checkmark checkmark checkmark
View query charts checkmark checkmark checkmark
Create query charts checkmark checkmark

Delivery plans feature access

Delivery plans display work items as cards against a calendar view. This format can be an effective communication tool with managers, partners, and stakeholders for a team. Users granted Stakeholder access for private projects have no access to delivery plans, while users granted Stakeholder access for public projects has the same access as regular Contributors granted Basic access.

Task Stakeholders Readers Contributors Project admins
View delivery plans checkmark checkmark checkmark
Create, edit, or delete a delivery plan
(Contributors can only edit or delete plans that they create)
checkmark checkmark
Manage permissions for a delivery plan
(Contributors can only manage permissions for plans that they create)
checkmark

Test management feature access

Test plans, test suites, test cases and other test artifacts are specific work item types that support manual and exploratory testing. You set test permissions at the project level from the admin context Security page.

Task Stakeholders Readers Contributors Project Admins
Provide feedback using the Test & Feedback extension checkmark checkmark checkmark checkmark
Exploratory testing, view test runs checkmark checkmark checkmark
Manage test plans and test suites

Manage test configurations and test environments

checkmark checkmark

Exploratory testing, create and delete test runs

checkmark checkmark

Request feedback using the Test & Feedback extension

checkmark checkmark
Azure Test Plans (formerly Test Manager, purchased separately) checkmark checkmark

Area permissions for web-based test case management and test execution control access to the following actions.

The Manage test suites permission enables users to:

  • Create and modify test suites
  • Add or remove test cases to/from test suites
  • Change test configurations associated with test suites
  • Modify the suite hierarchy by moving a test suite

The Manage test plans permission enables users to:

  • Create and modify test plans
  • Add or remove test suites to or from test plans
  • Change test plan properties such as build and test settings

Resources defined for the project

You set project-level information permissions from Project Settings>Security. You set permissions for area and iteration paths under Project Settings>Boards. These resources are defined for a project which all valid users of the project can view.

Task Stakeholders Readers Contributors Team Admins Account Owner/
Project Admins
View project-level information checkmark checkmark checkmark checkmark checkmark
Area node: Edit work items under the node

  

  

checkmark checkmark checkmark
Area nodes and Iteration nodes: Create, delete, edit child nodes

  

  

  

  

checkmark
Edit project-level information

  

  

  

checkmark

The Edit project-level information permission includes the ability to perform these tasks for the project:

  • Create and modify areas and iterations
  • Edit check-in policies
  • Edit shared work item queries
  • Edit project level permission ACLs
  • Create and modify global lists
  • Edit event subscriptions (email or SOAP) on project level events.

Team administrator role and permissions

The following table summarizes a subset of the default permissions assigned to the project Readers, Contributors and Project Administrators groups and the Team Administrator role. Team admin permissions extend only to the team for which they're an administrator. Project Administrator permissions extend across all teams defined for the project.

Permission Readers Contributors Team Administrators Project Administrators
Add a team administrator

  

  

checkmark checkmark
Add team members

  

  

checkmark checkmark
View shared work item queries

checkmark checkmark checkmark checkmark
Manage shared query and query folder permissions
(Contribute, Delete, Manage Permissions)

  

  

  

checkmark
Add and edit dashboards

  

  

checkmark checkmark

Stakeholder access

Stakeholder access supports business owners and analysts and other team members who don't contribute to code, build, and test activities. They contribute by adding ideas to the backlog, adding context and information to work items, and reviewing status and progress. All members of an organization who don't use Visual Studio but want to contribute to work item tracking and monitor progress can be assigned as a stakeholder. To learn more about Stakeholder access, see Work as a stakeholder.

For a comparison chart of Stakeholder versus basic access, see the Feature Matrix.

For information about each access levels, see About access levels. To assign access levels, see:

Grant team members additional permissions

For teams to work autonomously, you may want to provide them with permissions that they don't have by default. Suggested tasks include providing team administrators or team leads permissions to:

By default, team members inherit the permissions afforded to members of the project Contributors group. Members of this group can add and modify source code, create and delete test runs, and create and modify work items. They can collaborate on a Git project or collaborate with other team members and check in work to the team's code base (TFVC).

Default permissions assigned to team contributors

If your on-premises deployment includes reporting, add users to those resources. See Grant permissions to view or create SQL Server reports in TFS.

If your on-premises TFS deployment includes reporting or SharePoint Products, add users to those resources. See Grant permissions to view or create SQL Server reports in TFS and Set SharePoint site permissions.