Provide Stakeholders access to edit build and release pipelines
Azure DevOps Services
To provide Stakeholders permissions to create, edit, and manage build and release pipelines, you can enable the Free access to Pipelines for Stakeholders account-level preview feature. This feature essentially enables an unlimited number of free users to manage and configure pipelines in your projects.
Important
The Free access to Pipelines for Stakeholders preview feature is turned on by default for all organizations created after July, 7th 2018. It is only available from Azure DevOps Services.
Without this feature enabled, stakeholders can only view and approve releases.
Turn on Free access to Pipelines for Stakeholders
To enable the Free access to Pipelines for Stakeholders feature, see Manage or enable features. You can only enable it at the account level.
When the feature is turned on, all Stakeholders in your account have full access to Pipelines and it's associated features. This includes the ability to view, create, and delete automated test runs. For a complete list of associated features and tasks, see Build and release permissions and roles.
Stakeholders are still subject to the permissions set for their security group. For example, if they are in the Project Readers security group they have Read-only access to Build and Release. If you need more fine grained control over what features Stakeholders can access, you can create a custom security group and set more fine grained permissions to certain groups of users as described in the next section.
Limit access to select Stakeholders to CI/CD features
After turning on the Free access to Pipelines for Stakeholders preview feature, you can limit access to select features or tasks by setting permissions. The general steps are:
- Create a custom, project-level, security group in Azure DevOps.
- Add users to this group
- Set permissions to Deny or Not set for those CI/CD features you want to limit access to. You can set permissions for these CI/CD artifacts:
- All build pipelines or select build pipelines
- All release pipelines or select release pipelines
- Task groups
- Add the security group to a Library security role for these artifacts:
- Variable groups
- Secure files
- Deployment groups
Create a custom security group
Create a custom security group at the project-level or the collection-level. The method for creating a custom security group is the same, no matter at what level you add it.
Tip
You only need to create a project-level security group if you are going to limit CI/CD tasks at the project level.
To create a project-level security group, open the web portal and choose the project where you want to add users or groups.
Note
To enable the Project Permissions Settings Page user interface that is in preview, see Enable preview features.
Choose Project settings, and then Permissions.
Choose New group to open the dialog for adding a group.
Enter a name for the group, add users or groups, and optionally a description. Choose Create.
Add members to the custom security group
To add members to the group, choose the security group, choose Members, and then choose Add.
Type the name of the user account into the text box. You can enter several identities into the text box, separated by commas. Specify individual emails, groups defined in an existing Azure Active Directory or existing Azure DevOps groups. The system automatically searches for matches. Choose the matches that meet your requirements.
Choose Save.
To remove a user account from the group, select the checkbox of the account and choose Remove.
Confirm your removal by choosing Remove in the dialog that appears.
Set permissions for build pipelines
Open the Security dialog for all or a select build pipeline.
To set the permissions for all build pipelines, choose Pipelines>Builds, choose the
folder icon, and then, with All build pipelines selected, choose the 
actions icon and select Security.
To set the permissions for a specific build pipeline, open the
actions icon for the specific build and choose Security.
Add and set permissions for the custom security group
Enter the name of the group you want to add to the Permissions dialog. For example, here we enter Stakeholder Access group to the Permissions dialog.
Set the permissions you want for the group and then close the dialog. Change the permission settings to Deny for those permissions you want to limit access to.
There is no Save button.
Set permissions for release definitions
You can follow the steps provided in the previous two procedures to set permissions for release definitions.
Open the Security dialog for all or a select release pipeline.
To set the permissions for a specific release pipeline, open the
actions icon menu for the build and choose Security.Enter the custom security group, such as Stakeholder Access, to the search box on the Permissions page.
Change the permission settings to Deny for those permissions you want to limit access to.
Set the permissions you want for the group and then close the dialog. Change the permission settings to Deny for those permissions you want to limit access to.
There is no Save button.
Limit access to Library resources
To prevent Stakeholders from editing Library resources, add your custom security group to the Library reader role. To learn how, see Manage Library roles for variable groups, secure files, and deployment groups.
Limit access to task group
To prevent Stakeholders from editing task groups, add your custom security group to the task group permissions and set all permissions to Deny. To learn how, see Manage Library roles for variable groups, secure files, and deployment groups.
Related articles
Feedback
Submit and view feedback for