Add users to Azure Pipelines

Azure Pipelines | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2015

Permissions for build and release pipelines are primarily set at the object-level for a specific build or release, or for select tasks, at the collection level.

You can manage security for different types of resources such as variable groups, secure files, and deployment groups by adding users or groups to that role. Project administrator can grant or restrict access to project resources. If you want to allow a team member to edit pipelines, you must be a project administrator in order to do so.

Add users to your project

  1. Navigate to your project's summary page: https://dev.azure.com/{your-organization}/{your-project}

  2. Select the Invite button to add a user to your project, and then fill out the required fields. Select Add when you are done.

    Invite button

    Add users to your project

  3. The new user must accept the invitation before they can start creating or modifying pipelines.

Verify permissions for contributors

Note

A security best practice is to only grant permissions to required users or groups. The Contributors group may be too broad in a given project.

To verify the permissions for your project's contributors, make sure you are a member of the Build Administrators group or the Project Administrators group. See Set permissions at the project- or collection-level for more details.

  1. From within your project, select Pipelines > Pipelines. Select the All tab, and then select the more actions menu then Manage security.

    Manage pipeline security

  2. On the permissions dialog box, make sure the following Contributors permissions are set to Allow.

    Set up the contributors permissions

Set permissions for build pipelines

  1. From within your project, select Build and Release, and then select Builds to access your build pipelines.

    Access builds in TFS

  2. Select Security to set the permissions for all build pipelines.

    Access all builds security permissions

    To set permissions for a specific build pipeline, select the context menu for that build and select Security.

    Configure build permissions

  3. Choose the group you want to set permissions for, and then change the permission setting to grant or restrict access. In the following example, we change the contributors permission to allow editing build definitions.

    Contributors permissions - allow editing build definitions

  4. Select Save changes when you are done.

Set permissions for release pipelines

  1. From within your project, select Build and Release, and then select Releases to access your release pipelines.

    Access release pipelines TFS

  2. Select the context menu for All release definitions, and then select Security.

    All security releases

  3. Choose the group you want to set permissions for, and then change the permission setting to grant or restrict access. In the following example, we change the contributors permission to prohibit the deletion of release definitions.

    Configure permissions for release pipelines

  4. Select Save changes when you are done.

Manage Library roles for variable groups, secure files, and deployment groups

Permissions for variable groups, secure files, and deployment groups are managed by roles. Setting up permissions is similar for all the three different types. Variable groups and Secure files permissions are configured from Build and Release > Library while Deployment groups permissions are set from Build and Release > Deployment groups.

In the following example, we will configure permissions for variable groups.

  1. From within your project, select Build and Release, and then select Library then Variable groups.

    Library - variable groups

    If you want to manage the permissions for a specific variable group, select the ellipsis for that variable group and then select Security.

    Configure permission for one variable group

  2. Add the user or group and choose the role you want them to have.

    add user or group and set roles

  3. Select Add when you are done.

Manage task group permissions

Permissions for task groups are subject to a hierarchical model. You use task groups to encapsulate a sequence of tasks already defined in a build or a release pipeline into a single reusable task.

  1. From within your project, select Build and Release, and then select Task groups.

    access task groups permissions

    If you want to manage the permissions for a specific task group, select the ellipsis for that task group and then select Security.

  2. Add the user or group and then set the permissions you want them to have.

    Set up task groups permissions

  3. Select Save changes when you are done.

Manage permissions for build administrators group

  1. From within your project, select the gear icon button gear icon, and then select Collection settings.

  2. Select Security, and then select Project Collection Build Administrators. In this example, we want to allow the usage of build resources.

    Configure the build administrators group permissions

  3. Select Save changes when you are done.

Manage permissions for service connections

You can set up permissions for service connections or agent pools by adding users or groups to a specific role. You will need to be a member of the Project Administrator group to manage the permissions for these resources.

In the following example, we will add an Administrator to a service connection.

  1. From within your project, select the gear icon button gear icon, and then select Project settings.

  2. Select Services, and then select the service connection that you want to manage. Select Roles to add a new role.

    Select service roles

  3. Add the user or group and choose the role you want them to have.

    Add a new role

  4. Select Add when you are done.

Manage permissions for deployment pools

You can set up permissions for deployment pools by adding users or groups to a specific role. You will need to be a member of the Project Collection Administrator group to manage the pool's permissions.

In the following example, we will add an Administrator role to all deployment pools.

  1. From within your project, select the gear icon button gear icon, and then select Project settings.

  2. Select Deployment Pools, and then select Security to manage permissions for all deployment pools.

    Manage permissions for all deployment pools

  3. Add the user or group and choose the role you want them to have.

    Add an administrator to all deployment pools

  4. Select Add when you are done.