Set branch permissions

VSTS | TFS 2018 | TFS 2017 Update 1


Set up permissions to control who can read and update the code in a branch on your Git repo. You can set permissions for individual users and groups, and inherit and override permissions as needed from your repo permissions.

Use the branches view to configure security

  1. Open the Branches view while viewing your repo on the web.

    Access the branches view on the web

  2. Locate the branch on the Branches view. You can search for your branch using the Search all branches box in the upper right.

  3. Open the context menu by selecting the ... icon next to the branch name. Select Branch security from the menu.

    Open the branch permissions page from the branches context menu

Add users or groups

Avoid trouble: You can only add permissions for users and groups already in your Team Project. Add new users and groups to your Team Project before setting branch permissions.

Add users or groups to your branch permissions by selecting Add, then choosing Add user or Add VSTS group. Enter the display name or their Microsoft Account, then select Save Changes.

Remove users or groups

Remove permissions for a user or group by selecting the user or VSTS group, then selecting Remove. The user or group will still exist in your Team Project and this change will not affect other permissions for the user or group.

Remove branch permissions for a user in VSTS or TFS

Set permissions

Control branch permission settings from the branch permission view. Users and groups with permissions set at the repo level will inherit those permissions by default.


These permissions have changed in TFS 2017 Update 1 and VSTS. If you are using an earlier version of TFS, see the previous list of permissions.

Permission Description
Contribute Users with this permission can push new commits to the branch and lock the branch.
Edit Policies Can edit branch policies.
Exempt from policy enforcement Users with this permission are exempt from the branch policy set for the branch.
Force Push (Rewrite History and Delete Branches) Can force push to a branch, which can rewrite history. This permission is also required to delete a branch.
Manage Permissions Can set permissions for the branch.
Remove Others' Locks Can remove locks set on branches by other users.