Permissions and access for work tracking

VSTS | TFS 2018 | TFS 2017 | TFS 2015 | TFS 2013

You can use the majority of work tracking functions and features that VSTS or TFS provides if you are added as a team member, which adds you to the Contributors group. The most common built-in groups include Readers, Contributors, and Project Administrators. These groups are assigned the default permissions for tracking work as listed below.

For a simplified view of permissions assigned to built-in groups, see Permissions and access. For a comprehensive list of all permissions and default groups, see the Permissions and groups reference.

In addition to permissions, access to premium features are controlled by either the Advanced or VS Enterprise access level. Contributors and administrators should be added to Basic access. Stakeholder access is available to support free access to a limited set of features by an unlimited set of stakeholders. For more details on Stakeholder access, jump to Stakeholder access.

The team administrator role supports configuration of team settings. To be added as a team administrator, see Add team administrators. Project administrators con configure settings at the project level. See Add administrators, set permissions at the project-level or project collection-level.

Default work tracking permissions and access

Task Stakeholders Readers Contributors Team Admins Account Owner/
Project Admins
View work items, including bugs, requirements, and tasks checkmark checkmark checkmark checkmark checkmark
Create and edit work items, follow a work item checkmark checkmark checkmark checkmark
Change work item type checkmark checkmark checkmark checkmark
Move or delete work items checkmark checkmark checkmark
Search and query work items, save work item queries checkmark Can't save queries checkmark checkmark checkmark
View backlogs, boards, and plans checkmark checkmark checkmark checkmark checkmark
Provide feedback checkmark checkmark checkmark checkmark checkmark
Request feedback checkmark checkmark checkmark
Agile tools (Kanban boards, backlogs, sprint planning, portfolio management) limited interactions view only checkmark checkmark checkmark
Configure Agile tools, set team defaults checkmark checkmark
Create new work item tags Can assign existing tags check mark check mark check mark
View, add, and configure Delivery Plans view only check mark check mark check mark
Customize project information (area paths, iteration paths, and work tracking processes) checkmark
Powerful semantic work tracking search checkmark checkmark checkmark

Test management permissions

Test plans, test suites, test cases and other test artifacts are specific work item types that support manual and exploratory testing. You set test permissions at the team project level from the admin context Security page.

Task Stakeholders Readers Contributors Account Owner/
Project Admins
Exploratory testing, view test runs checkmark checkmark checkmark
Exploratory testing, create and delete test runs checkmark checkmark
Provide feedback using the Test & Feedback extension checkmark checkmark checkmark checkmark
Request feedback using the Test & Feedback extension checkmark checkmark
Manage test configurations and test environments checkmark checkmark
Manage test plans and test suites checkmark checkmark
Test Manager (purchased separately) checkmark checkmark

Area permissions for web-based test case management and test execution control access to the following actions.

The Manage test suites permission enables users to:

  • Create and modify test suites
  • Add or remove test cases to/from test suites
  • Change test configurations associated with test suites
  • Modify the suite hierarchy by moving a test suite

The Manage test plans permission enables users to:

  • Create and modify test plans
  • Add or remove test suites to or from test plans
  • Change test plan properties such as build and test settings

Resources defined for the team project

You set project-level information permissions from the admin page for a team project. You set permissions for area and iteration paths under the admin context Work hub for their respective objects. These resources are defined for a team project which all valid users of the team project can view.

Task Stakeholders Readers Contributors Team Admins Account Owner/
Project Admins
View project-level information checkmark checkmark checkmark checkmark checkmark
Area node: Edit work items under the node



checkmark checkmark checkmark
Area nodes and Iteration nodes: Create, delete, edit child nodes





Edit project-level information





The Edit project-level information permission includes the ability to perform these tasks for the team project:

  • Create and modify areas and iterations
  • Edit check-in policies
  • Edit shared work item queries
  • Edit team project level permission ACLs
  • Create and modify global lists
  • Edit event subscriptions (email or SOAP) on team project level events.

Team administrator role and permissions

The following table summarizes a subset of the default permissions assigned to the team project Readers, Contributors and Project Administrators groups and the Team Administrator role. Team admin permissions extend only to the team for which they're an administrator. Project administrator permissions extend across all teams defined for the team project.

Permission Readers Contributors Team Administrators Project Administrators
Add a team administrator



checkmark checkmark
Add team members



checkmark checkmark
View shared work item queries

checkmark checkmark checkmark checkmark
Manage shared query and query folder permissions
(Contribute, Delete, Manage Permissions)




Add and edit dashboards



checkmark checkmark

Stakeholder access

Stakeholder access supports business owners and analysts and other team members who don't contribute to code, build, and test activities. They contribute by adding ideas to the backlog, adding context and information to work items, and reviewing status and progress. All members of an organization who don't use Visual Studio but want to contribute to work item tracking and monitor progress can be assigned as a stakeholder. To learn more about stakeholder access, see Work as a stakeholder.

For a comparison chart of stakeholder versus basic access, see the Feature Matrix.

For information about each access levels, see About access levels. To assign access levels, see:

Grant team members additional permissions

For teams to work autonomously, you may want to provide them with permissions that they don't have by default. Suggested tasks include providing team administrators or team leads permissions to:

By default, team members inherit the permissions afforded to members of the team project Contributors group. Members of this group can add and modify source code, create and delete test runs, and create and modify work items. They can collaborate on a Git team project or collaborate with other team members and check in work to the team's code base (TFVC).

Default permissions assigned to team contributors

If your on-premises TFS deployment includes reporting or SharePoint Products, add users to those resources. See Set SharePoint site permissions and Grant permissions to view or create SQL Server reports in TFS.