Add users to Azure Pipelines

Azure Pipelines | Azure DevOps Server 2019 | TFS 2018 | TFS 2017 | TFS 2015

Note

In Microsoft Team Foundation Server (TFS) 2018 and previous versions, build and release pipelines are called definitions, service connections are called service endpoints, stages are called environments, and jobs are called phases.

If your teammates want to edit pipelines, then have an administrator add them to your project:

  1. Make sure you are a member of the Project Administrators group (learn more).

  2. Go to your project summary: https://dev.azure.com/{your-organization}/{your-project}

  3. Invite the teammates to join the project.

    Invite button

    Add users to project dialog box

  4. After the teammates accept the invitation, ask them to verify that they can create and edit pipelines.

Confirm that contributors have pipeline permissions

If you created your project after about October 2018, then the above procedure is probably sufficient. However, in some cases your team members might see errors or grayed-out controls when they try to work with pipelines. In these cases, make sure that your project contributors have the necessary permissions:

  1. Make sure you are a member of the Build Administrators group or the Project Administrators group (learn more).

  2. Open the build security dialog box.

    Security menu item for all builds

  3. On the permissions dialog box, make sure the following permissions are set to Allow.

    Permissions dialog box for all builds in the project

Permissions for build and release functions are primarily set at the object-level for a specific build or release, or for select tasks, at the collection level. For a simplified view of permissions assigned to built-in groups, see Permissions and access.

In addition to permission assignments, you manage security for several resources—such as variable groups, secure files, and deployment groups—by adding users or groups to a role. You grant or restrict permissions by setting the permission state to Allow or Deny, either for a security group or an individual user. For definitions of each build and release permission and role, see Build and release permissions.

Set permissions for build pipelines

  1. To set the permissions for all build pipelines, click the Security From the web portal Build-Release hub, Builds page

    Open the Security dialog for all build pipelines

    To set the permissions for a specific build pipeline, open the context menu for the build and click Security.

    Open the security dialog for a build pipeline
  2. Choose the group you want to set permissions for, and then change the permission setting to Allow or Deny.

    For example, here we change the permission for Edit build pipeline for the Contributors group to Allow.

    Security dialog for a build pipeline
  3. Save your changes.

Set permissions for release pipelines

  1. From the web portal Build-Release hub, Releases page, open the Security dialog for all release pipelines.

    Open the security dialog for a build pipeline

    If you want to manage the permissions for a specific release, then open the Security dialog for that release.

  2. Choose the group you want to set permissions for, and then change the permission setting to Allow or Deny.

    For example, here we deny access to several permissions for the Contributors group.

    Security dialog for a release pipeline
  3. Save your changes.

Manage Library roles for variable groups, secure files, and deployment groups

Permissions for variable groups, secure files, and deployment groups are managed by roles. For a description of the roles, see About security roles.

Note

Feature availability: These features are available on Azure Pipelines and TFS 2017 and later versions.

You can set the security for all artifacts for a project, as well as set the security for individual artifacts. The method is similar for all three artifact types. You set the security for variable groups and secure files from Azure Pipelines, Library page, and for deployment groups, from the Deployment groups page.

For example, here we show how to set the security for variable groups.

  1. Build-Release hub, Library page, open the Security dialog for all variable groups.

    Open the Security dialog for all variable groups

    If you want to manage the permissions for a specific variable group, then open the Security dialog for that group.

    Open the Security dialog for a specific variable group

  2. Add the user or group and choose the role you want them to have.

    For example, here we deny access to several permissions for the Contributors group.

    Add user to a Library role

  3. Click Add.

Manage task group permissions

Permissions for task groups are subject to a hierarchical model. You use task groups to encapsulate a sequence of tasks already defined in a build or a release pipeline into a single reusable task. You define and manage task groups in the Task groups tab of Azure Pipelines.

Note

Feature availability: These features are available on Azure Pipelines and TFS 2017 and later versions.

  1. From the web portal Build-Release hub, Task groups page, open the Security dialog for all task groups.

    Open the Security dialog for all task groups

    If you want to manage the permissions for a specific task group, then open the Security dialog for that group.

  2. Add the user or group and then set the permissions you want them to have.

    For example, here we add Raisa and set her permissions to Administer all task groups.

    Set task group permissions

  3. Click Add.

Set collection-level permissions to administer build resources

  1. From the web portal user context, open the admin context by clicking the gear icon gear Settings icon and choosing Organization settings or Collection settings.

  2. Click Security, and then choose the group whose permissions you want to modify.

    Here we choose the Build Administrators group and change the Use build resources permission. For a description of each permissions, see Permissions and groups reference, Collection-level permissions.

    Security dialog for Project Collection Build Administrators group
  3. Save your changes.

Manage permissions for agent pools and service connections

You manage the security for agent pools and service connections by adding users or groups to a role. The method is similar for both agent pools and service connections. You will need to be a member of the Project Administrator group to manage the security for these resources.

Note

Feature availability: These features are available on Azure Pipelines and TFS 2015 and later versions.

For example, here we show how to add a user to the Administrator role for a service connection.

  1. From the web portal, click the gear settings icon gear Settings icon to open the project settings admin context.

  2. Click Services, click the service connection that you want to manage, and then click Roles.

    Open the Roles tab for a service connection

  3. Add the user or group and choose the role you want them to have. For a description of each role, see About security roles.

    For example, here we add Raisa to the Administrator role.

    Add a user to the Administrator role

  4. Click Add.

Manage permissions for agent pools and deployment pools

You manage the security for agent pools and deployment pools by adding users or groups to a role. The method is similar for both types of pools.

Note

Feature availability: These features are available on Azure Pipelines and TFS 2018 and later versions.

You will need to be a member of the Project Collection Administrator group to manage the security for a pool. Once you've been added to the Administrator role, you can then manage the pool. For a description of each role, see About security roles.

  1. From the web portal, click the gear settings icon gear Settings icon and choose Organization settings or Collection settings to open the collection-level settings admin context.

  2. Click Deployment Pools, and then open the Security dialog for all deployment pools.

    Open the Roles tab for a service connection

    If you want to manage the permissions for a specific deployment group, then open the Security dialog for that group.

  3. Add the user or group and choose the role you want them to have.

    For example, here we add Raisa to the Administrator role.

    Add a user to the Administrator role

  4. Click Add.