Change project-level permissions
TFS 2017 | TFS 2015 | TFS 2013
Several permissions are set at the project level. You can grant these permissions by adding a user or group to the Project Administrators group. Or, you can grant select project-level permissions to a custom security group or to a user.
Consider adding users to the Project Administrators group when they are tasked with adding or managing teams, area and iteration paths, repositories, service hooks, and service end points.
See the following articles for related information:
- Request an increase in permission levels
- Add or remove users or groups, manage security groups
- Look up a project administrator
- Set object-level permissions
- Change permissions at the organization or collection-level
Project-level permissions
General
Boards
Test Plans
- Create test runs
- Delete test runs
- Manage test configurations
- Manage test environments
- View test runs
Note
By default, Contributors are assigned the Create tag definition permission. Although the Create tag definition permission appears in the security settings at the project-level, tagging permissions are actually collection-level permissions that are scoped at the project level when they appear in the user interface. To scope tagging permissions to a single project when using a command-line tool, you must provide the GUID for the project as part of the command syntax. Otherwise, your change will apply to the entire collection. To learn more about work item tagging permissions, see Security groups, service accounts, and permissions, Work item tags.
Prerequisites
- To manage permissions or groups at the project level, you must be a member of the Project Administrators security group. If you created the project, you are automatically added as a member of this group. To get added to this group, you need to request permissions from a member of the Project Administrators group. See Look up a project administrator.
- If want to add security groups defined in Azure Active Directory or Active Directory, make sure those are first defined. To learn more, see Add AD/Azure AD users or groups to a built-in security group.
Note
Users granted Stakeholder access, aren't able to access select features even if granted permissions to those features. To learn more, see Permissions and access.
Add members to the Project Administrators group
You can add users who've been added to a project, organization, or collection to the Project Administrators group. To add a custom security group, first create the group as described in Add or remove users or groups, manage security groups.
Here we show how to add a user to the built-in Project Administrators group. The method is similar to adding an Azure Active Directory or Active Directory group.
Change permissions for a group
You can change the project-level permissions for any project-level group. Each team added to a project is automatically added as a project-level group. To add security groups to a project, see Add or remove users or groups, manage security groups. To understand permission assignments and inheritance, see About permissions, Permission states.
Change permissions for a user
You can change the project-level permissions for a specific user. To understand permission assignments and inheritance, see About permissions, Permission states.