Set TFVC repository permissions
Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2013
You grant or restrict access to a TFVC repository to lock down who can contribute to your source code. There is only one TFVC repository per project.
For guidance on who to provide greater permission levels, see Grant or restrict access using permissions.
Prerequisites
- You must have a project. If you don't have a project yet, create one in Azure DevOps or set one up in an on-premises TFS.
- You must be a member of the Project Administrators Group or have your Manage permissions set to Allow for the TFVC repository.
To contribute to the source code, you must be granted Basic access level or greater. Users granted Stakeholder access for private projects have no access to source code. Users granted Stakeholder access for public projects have the same access as Contributors and those granted Basic access. To learn more, see About access levels.
To contribute to the source code, you must be granted Basic access level or greater. Users granted Stakeholder access have no access to source code. To learn more, see About access levels.
Default repository permissions
By default, members of the project Contributors group have permissions to contribute to a repository. For a description of each security group and permission level, see Permissions and group reference.
Note
Tasks such as create, delete, or rename a TFVC repository are not supported. Once a TFVC repository is created you can't delete it. Also, you can only have one TFVC repository per project. This is different from Git repositories which allow for adding, renaming, and deleting multiple repositories.
Permission
Readers
Contributors
Build Admins
Project Admins
Check in, Label, Lock, Merge, Pend a change in a server workspace, Read
Read only
✔️
✔️
✔️
Administer labels, Manage branches, Manage permissions, Revise other users' changes, Undo other users' changes, Unlock other users' changes
✔️
Open TFVC repository Security
To set permissions for a custom security group, you must have defined that group previously. See Set permissions at the project- or collection-level
Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.
Open Project settings>Repositories.
For example, Choose (1) Project settings, (2) Repositories, and then (3) the TFVC repository labeled with the name of the project.
Next, choose the user or security group you want to change permissions.
To set permissions for a specific user or group, enter their name in the identity box and select their identity.
Then make the changes to the permission set.
When done, navigate away from the page. The permission changes are automatically saved for the selected group.
If you add a user or group, and don't change any permissions for that user or group, then upon refresh of the permissions page, the user or group you added no longer appears.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Azure Active Directory or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
To set the set the permissions for the TFVC repository for a project, choose TFVC Repository and then choose the security group whose permissions you want to manage.
For example, here we choose (1) Project Settings, (2) Repositories, (3) the TFVC repository, (4) the Contributors group, and then (5) the permission for Manage branch.
To see the full image, click the image to expand. Choose the
close icon to close.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Azure Active Directory or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
If you add a user or group, and don't change any permissions for that user or group, then upon refresh of the permissions page, the user or group you added no longer appears.
Save your changes.
From the web portal, open the admin context by choosing the
Settings and choose Version Control.Choose the TFVC repository for the project and then choose the security group whose permissions you want to manage.
Change the permission setting to Allow or Deny.
For example, here we change the Manage branch permission to Allow for all members of the Contributors group.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Azure Active Directory or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
Save your changes.