Permissions lookup guide for Azure DevOps
Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2013
Use this index to locate the topic on how to manage a specific permission. Most permissions are managed for an object, project, or collection. Other permissions are managed by adding users and groups to a role. To learn more, see Get started with permissions, access, and security groupsand About security roles, and Troubleshoot permissions.
Values in parenthesis indicate what level the permission is managed:
- Object: Permissions are managed at the object-level
- Project: Permissions are managed at the project level
- Collection: Permissions are managed at the organization or project collection level
- Role: Permissions are managed through a security role.
- Team: Permissions are managed via the team administrator role.
A
- Administer build permissions (Object)
- Administer build resource permissions (Collection)
- Administer release permissions (Object)
- Administer process permissions (Collection)
- Administer shelved changes (Collection)
- Administer task group permissions (Object)
- Administer shelved changes (Collection)
- Agent queues (Project, Role)
- Agent pools (Collection, Role)
- Alerts (Collection)
- Alerts (Team)
- Analytics Service (Project)
- Analytics views (Object)
- Area path (Object)
- Azure Artifacts
- Audit log
- Audit streams
B
- Branches, Git (Object)
- Branches, TFVC (Object)
- Build pipelines (Object)
- Build quality, manage (Object)
- Build queue, manage (Object)
- Build resources (Collection)
- Build permissions, manage (Object)
- Builds, manage (Object)
- Bypass branch policies (Object)
- Bypass rules on work item updates (Project)
C
- Change process of team project (Project)
- Change work item type (Project)
- Check ins, TFVC (Object)
- Collection-level information
- Configure Azure Boards (Team)
- Create a workspace (Collection)
- Create child nodes (Area Path, Object)
- Create child nodes (Iteration Path, Object)
- Create new projects (Collection)
- Create process (Collection)
- Create releases (Object)
- Create tag definition (Project)
- Create test runs (Project)
- Contribute (Query, Object)
- Customize process
D
- Dashboards, manage (Team)
- Delete audit streams (Collection)
- Delete (Query, Object)
- Delete and restore work items (Project)
- Delete build pipeline (Object)
- Delete builds (Object)
- Delete field from organization (Collection)
- Delete team project (Project)
- Delete test runs (Project)
- Delete release pipeline (Object)
- Delete release stage (Object)
- Delete releases (Object)
- Delete tag definition (Project)
- Delete task group(Object)
- Delete this node (Area Path, Object)
- Delete this node (Iteration Path, Object)
- Delete work items
- Delivery plans (Object)
- Deployment groups (Object, Role)
- Deployment pools (Collection, Role)
- Destroy builds (Object)
E
- Edit build definition (Object)
- Edit build quality (Object)
- Edit collection-level information (Collection)
- Edit build pipeline (Object)
- Edit instance-level information (Collection)
- Edit process (Collection)
- Edit project-level information (Project)
- Edit release pipeline (Object)
- Edit release state (Object)
- Edit shared Analytics views (Object)
- Edit shared Analytics views (Project)
- Edit task group (Object)
- Edit this node (Area Path, Object)
- Edit this node (Iteration Path, Object)
- Edit work items in this node (Area Path, Object)
- Enumerate tag definition (Project)
- Events (Collection)
- Extensions (Collection, Role)
F-L
- Feeds
- Field, delete (Collection)
- Git branch (Object)
- Inherited process (Object)
- Iteration paths (Object)
- Kanban board, customize (Team)
- Labels, TFVC (Object)
- Library (Object, Role)
- Locks, TFVC (Object)
M-N
O-P
Q-R
- Queue builds (Object)
- Query (Object)
- Query folder (Object)
- Read (Query, Object)
- Rename team project (Project)
- Release pipelines (Object)
- Repository, Git (Object)
- Retain (build) indefinitely (Object)
S
- Secure files (Object, Role)
- Service endpoints (Collection, Role)
- Service hooks
- Shelvesets, TFVC (Collection)
- Sprint, define (Object)
- Sprints, select (Team)
- Stop builds (Object)
- Suppress notifications for work item updates (Project)
T
- Tags, Git (Object)
- Tags, work items (Project)
- Task groups (Object)
- Team projects (Collection)
- Test artifacts, delete
- Test configurations (Project)
- Test controllers (Project)
- Test environments (Project)
- Test runs (Project)
- TFVC repositories (Object)
- Trace settings (Collection)
- Trigger events (Collection)
U-V-W
- Update build information (Object)
- Update build queue (Object)
- Update project visibility (Project)
- Update tag definition (Project)
- Use build resources (Collection)
- Variable groups (Object, Role)
- View analytics (Project)
- View audit log (Collection)
- View build resources (Collection)
- View builds (Object)
- View release pipeline (Object)
- View releases (Object)
- View instance-level information (Collection)
- View project-level information (Project)
- View shared Analytics views (Object)
- View system synchronization information (Collection)
- View test runs (Project)
- View work items in this node (Area Path, Object)
- View permissions for this node (Area Path, Object)
- View permissions for this node (Iteration Path, Object)
- Work items (Project)
- Workspaces (Collection)
- Object: Permissions are managed at the object-level
- Project: Permissions are managed at the project level
- Collection: Permissions are managed at the account or project collection level
- Role: Permissions are managed through a security role.
- Server: Permissions are managed at the instance level for a server
- Team: Permissions are managed via the team administrator role.
A
B
- Branches, Git (Object)
- Branches, TFVC (Object)
- Build pipelines (Object)
- Build quality, manage (Object)
- Build queue, manage (Object)
- Build resources (Collection)
- Build permissions, manage (Object)
- Builds, manage (Object)
- Bypass branch policies (Object)
- Bypass rules on work item updates (Project)
C
- Change process of team project (Project)
- Change work item type (Project)
- Check ins, TFVC (Object)
- Collection-level information
- Configure Azure Boards (Team)
- Create a workspace (Collection)
- Create child nodes (Area Path, Object)
- Create child nodes (Iteration Path, Object)
- Create new projects (Collection)
- Create process (Collection)
- Create project collection (Server)
- Create releases (Object)
- Create tag definition (Project)
- Create test runs (Project)
- Contribute (Query, Object)
- Customize process
D
- Dashboards, manage (Team)
- Delete (Query, Object)
- Delete and restore work items (Project)
- Delete build pipeline (Object)
- Delete builds (Object)
- Delete field from organization (Collection)
- Delete project collection (Server)
- Delete release pipeline (Object)
- Delete release stage (Object)
- Delete releases (Object)
- Delete tag definition (Project)
- Delete task group(Object)
- Delete team project (Project)
- Delete test runs (Project)
- Delete this node (Area Path, Object)
- Delete this node (Iteration Path, Object)
- Delete work items
- Delivery plans (Object)
- Deployment groups (Object, Role)
- Deployment pools (Collection, Role)
- Destroy builds (Object)
E
- Edit build definition (Object)
- Edit build quality (Object)
- Edit collection-level information (Collection)
- Edit build pipeline (Object)
- Edit instance-level information (Collection)
- Edit instance level information (Server)
- Edit process (Collection)
- Edit project-level information (Project)
- Edit release pipeline (Object)
- Edit release state (Object)
- Edit shared Analytics views (Object)
- Edit shared Analytics views (Project)
- Edit task group (Object)
- Edit this node (Area Path, Object)
- Edit this node (Iteration Path, Object)
- Edit work items in this node (Area Path, Object)
- Enumerate tag definition (Project)
- Events (Collection)
- Extensions (Collection, Role)
F-L
- Feeds
- Field, delete (Collection)
- Git branch (Object)
- Inherited process (Object)
- Iteration paths (Object)
- Kanban board, customize (Team)
- Labels, TFVC (Object)
- Library (Object, Role)
- Locks, TFVC (Object)
M-N
O-P
Q-R
- Queue builds (Object)
- Query (Object)
- Query folder (Object)
- Read (Query, Object)
- Rename team project (Project)
- Release pipelines (Object)
- Repository, Git (Object)
- Retain (build) indefinitely (Object)
S
- Secure files (Object, Role)
- Service endpoints (Collection, Role)
- Service hooks
- Shelvesets, TFVC (Collection)
- Sprint, define (Object)
- Sprints, select (Team)
- Stop builds (Object)
- Suppress notifications for work item updates (Project)
T
- Tags, Git (Object)
- Tags, work items (Project)
- Task groups (Object)
- Team projects (Collection)
- Test artifacts, delete
- Test configurations (Project)
- Test controllers (Project)
- Test environments (Project)
- Test runs (Project)
- TFVC repositories (Object)
- Trace settings (Collection)
- Trigger events (Collection)
- Trigger events (Server)
U-V-W
- Object: Permissions are managed at the object-level
- Project: Permissions are managed at the project level
- Collection: Permissions are managed at the account or project collection level
- Role: Permissions are managed through a security role.
- Server: Permissions are managed at the instance level for a server
- Team: Permissions are managed via the team administrator role.
A
- Administer build permissions (Object)
- Administer release permissions (Object)
- Administer task group permissions (Object)
- Administer warehouse (Server)
- Agent queues (Project, Role)
- Agent pools (Collection, Role)
- Alerts (Collection)
- Alerts (Team)
- Area path (Object)
- Azure Artifacts
B
- Branches, Git (Object)
- Branches, TFVC (Object)
- Build pipelines (Object)
- Build quality, manage (Object)
- Build queue, manage (Object)
- Build resources (Collection)
- Build permissions, manage (Object)
- Builds, manage (Object)
- Bypass branch policies (Object)
C
- Check ins, TFVC (Object)
- Collection-level information
- Configure Agile tools (Team)
- Create project collection (Server)
- Create releases (Object)
D
- Dashboards, manage (Team)
- Delete build pipeline (Object)
- Delete builds (Object)
- Delete field from account
- Delete project collection (Server)
- Delete release pipeline (Object)
- Delete release stage (Object)
- Delete releases (Object)
- Delete task group(Object)
- Delete test artifacts
- Delete work items
- Delivery plans (Object)
- Deployment groups (Object, Role)
- Deployment pools (Collection, Role)
- Destroy builds (Object)
E
- Edit build definition (Object)
- Edit build quality (Object)
- Edit collection-level information (Collection)
- Edit project-level information (Project)
- Edit release pipeline (Object)
- Edit release state (Object)
- Edit task group (Object)
- Events (Collection)
- Extensions (Collection, Role)
F-L
- Feeds
- Field, delete (Collection)
- Git branch (Object)
- Inherited process (Object)
- Iteration paths (Object)
- Kanban board, customize (Team)
- Labels, TFVC (Object)
- Library (Object, Role)
- Locks, TFVC (Object)
M-N
- Manage build qualities (Object)
- Manage deployments (Object)
- Manage project properties (Project)
- Manage release approvers (Object)
- Manage releases (Object)
- Marketplace extensions (Collection, Role)
- Merge, TFVC (Object)
- Notes, Git (Object)
- Notifications (Collection)
O-P
Q-R
- Queue builds (Object)
- Query (Object)
- Query folder (Object)
- Release pipelines (Object)
- Repository, Git (Object)
- Retain (build) indefinitely (Object)
S
- Secure files (Object, Role)
- Service endpoints (Collection, Role)
- Service hook
- Shelvesets, TFVC (Collection)
- Sprint, define (Object)
- Sprints, select (Team)
- Stop builds (Object)
- Suppress notifications work items (Project)
- Synchronization information (Collection)
T
- Tags, Git (Object)
- Tags, work items (Project)
- Task groups (Object)
- Team projects (Collection)
- Test configurations (Project)
- Test controllers (Project)
- Test environments (Project)
- Test runs (Project)
- TFVC repositories (Object)
- Trace settings (Collection)
- Trigger events (Server)
U-V-W
Edit project-level information
The Edit project-level information permission is set through the Security admin page for a project. It includes the ability to perform the following tasks for all projects defined in the organization or collection:
- Edit the project description
- Modify project services visibility
Note
The permission to add or remove project-level security groups and add and manage project-level group membership is assigned to all members of the Project Administrators group. It isn't controlled by a permissions surfaced within the user interface.
Edit instance-level or collection-level information
The Edit instance-level information (formerly Edit collection level information) permission is set through the Security admin page for an organization or collection. It includes the ability to perform the following tasks for all team projects defined in the account or collection:
- Add and administer teams and all team-related features
- Edit collection-level permissions for users and groups in the collection
- Add or remove collection-level security groups from the collection
- Implicitly allows the user to modify version control permissions
- Edit project level and collection level permission ACLs
- Edit event subscriptions or alerts for teams, projects, or collection level events.