Permissions lookup guide for VSTS & TFS

VSTS | TFS 2018 | TFS 2017 | TFS 2015 | TFS 2013

Use this index to locate the topic on how to manage a specific permission. Most permissions are managed for an object, project, or collection. Other permissions are managed by adding users and groups to a role. To learn more, see About permissions and groups and About security roles.

Values in parenthesis indicate what level the permission is managed:

  • Object: Permissions are managed at the object-level
  • Project: Permissions are managed at the team project level
  • Collection: Permissions are managed at the account or project collection level
  • Role: Permissions are managed through a security role.
  • Team: Permissions are managed via the team administrator role.
A through D E through P Q through W
A
- Agent queues (Project, Role)
- Agent pools (Collection, Role)
- Alerts (Collection)
- Alerts (Team)
- Analytics Service (Project)
- Analytics views (Object)
- Area path (Object)
- Area paths (Team)

B
- Branches, Git (Object)
- Branches, TFVC (Object)
- Build definitions (Object)
- Build quality, manage (Object)
- Build queue, manage (Object)
- Build resources (Collection)
- Build permissions, manage (Object)
- Builds, manage (Object)

C
- Change work item type (Project)
- Check ins, TFVC (Object)
- Collection-level information
- Configure Agile tools (Team)
- Customize process

D
- Dashboards, manage (Team)
- Delete field from account
- Delete test artifacts
- Delete work items
- Delivery plans (Object)
- Deployment groups (Object, Role)
- Deployment pools (Collection, Role)
E
- Edit collection-level information (Collection)
- Edit process
- Edit team project-level information (Project)
- Events (Collection)
- Extensions (Collection, Role)

F thru L
- Feeds
- Field, delete (Collection)
- Git branch (Object)
- Inherited process (Object)
- Iteration paths (Object)
- Iteration paths (Team)
- Kanban board, customize (Team)
- Labels, TFVC (Object)
- Library (Object, Role)
- Locks, TFVC (Object)

M thru P
- Manage project properties (Project)
- Marketplace extensions (Collection, Role)
- Merge, TFVC (Object)
- Move or delete work items (Project)
- Notes, Git (Object)
- Notifications (Collection)
- Package Management
- Policies, Git branch (Object)
- Policies, Git repository (Object)
- Power BI (Analytics Service)
- Process (Collection)
- Project properties (Project)
- Project-level information
Q thru R
- Query (Object)
- Query folder (Object)
- Release definitions (Object)
- Repository, Git (Object)

S
- Secure files (Object, Role)
- Service endpoints (Collection, Role)
- Service hook
- Set team defaults (Team)
- Shelvesets, TFVC (Collection)
- Sprint, define (Object)
- Sprints, select (Team)
- Synchronization information (Collection)

T
- Tags, Git (Oject)
- Tags, work items (Project)
- Task groups (Object)
- Team projects (Collection)
- Team rooms (Team)
- Test configurations (Project)
- Test controllers (Project)
- Test environments (Project)
- Test runs (Project)
- TFVC repositories (Object)
- Trace settings (Collection)

V-W
- Variable groups (Object, Role)
- Work items (Project)
- Workspaces (Collection)
  • Object: Permissions are managed at the object-level
  • Project: Permissions are managed at the team project level
  • Collection: Permissions are managed at the account or project collection level
  • Role: Permissions are managed through a security role.
  • Server: Permissions are managed at the instance level for a TFS server
  • Team: Permissions are managed via the team administrator role.
A through D E through P Q through W
A
- Administer warehouse (Server)
- Agent queues (Project, Role)
- Agent pools (Collection, Role)
- Alerts (Collection)
- Alerts (Team)
- Area path (Object)
- Area paths (Team)

B
- Branches, Git (Object)
- Branches, TFVC (Object)
- Build definitions (Object)
- Build quality, manage (Object)
- Build queue, manage (Object)
- Build resources (Collection)
- Build permissions, manage (Object)
- Builds, manage (Object)

C
- Change work item type (Project)
- Check ins, TFVC (Object)
- Collection-level information
- Configure Agile tools (Team)
- Create team project collection (Server)
- Customize process

D
- Dashboards, manage (Team)
- Delete team project collection (Server)
- Delete test artifacts
- Delete work items
- Delivery plans (Object)
- Deployment groups (Object, Role)
- Deployment pools (Collection, Role)
E
- Edit collection-level information (Collection)
- Edit instance level information (Server)
- Edit process
- Edit team project-level information (Project)
- Events (Collection)
- Extensions (Collection, Role)

F thru L
- Feeds
- Field, delete (Collection)
- Git branch (Object)
- Inherited process (Object)
- Iteration paths (Object)
- Iteration paths (Team)
- Kanban board, customize (Team)
- Labels, TFVC (Object)
- Library (Object, Role)
- Locks, TFVC (Object)

M thru P
- Manage project properties (Project)
- Marketplace extensions (Collection, Role)
- Merge, TFVC (Object)
- Move or delete work items (Project)
- Notes, Git (Object)
- Notifications (Collection)
- Package Management
- Policies, Git branch (Object)
- Policies, Git repository (Object)
- Power BI (Analytics Service)
- Process (Collection)
- Project properties (Project)
- Project-level information
Q thru R
- Query (Object)
- Query folder (Object)
- Release definitions (Object)
- Repository, Git (Object)

S
- Secure files (Object, Role)
- Service endpoints (Collection, Role)
- Service hook
- Set team defaults (Team)
- Shelvesets, TFVC (Collection)
- Sprint, define (Object)
- Sprints, select (Team)
- Synchronization information (Collection)

T
- Tags, Git (Oject)
- Tags, work items (Project)
- Task groups (Object)
- Team projects (Collection)
- Team rooms (Team)
- Test configurations (Project)
- Test controllers (Project)
- Test environments (Project)
- Test runs (Project)
- TFVC repositories (Object)
- Trace settings (Collection)
- Trigger events (Server)

U-V-W
- Use full Web Access features (Server)
- Variable groups (Object, Role)
- Work items (Project)
- Workspaces (Collection)

Edit project-level information

The Edit project-level information permission is set through the Security admin page for a team project. It includes the ability to perform the following tasks for all team projects defined in the account or collection:

  • Create and modify areas and iterations
  • Edit check-in policies
  • Edit shared work item queries
  • Edit team project level permission ACL
  • Manage process templates
  • Customize a team project
  • Create and modify global lists
  • Edit event subscriptions or alerts for teams or team project events.

Edit instance-level or collection-level information

The Edit instance-level information (formerly Edit collection level information) permission is set through the Security admin page for an account or collection. It includes the ability to perform the following tasks for all team projects defined in the account or collection:

  • Add and administer teams and all team-related features
  • Create and modify areas and iterations
  • Edit check-in policies
  • Edit shared work item queries
  • Edit team project level and collection level permission ACLs
  • Manage process templates
  • Customize a team project or process
  • Create and modify global lists
  • Edit event subscriptions or alerts for teams, team projects, or collection level events.