| title | titleSuffix | description | ms.subservice | ms.assetid | ms.topic | ms.author | author | monikerRange | ms.date |
|---|---|---|---|---|---|---|---|---|---|
About access levels |
Azure DevOps |
Understand how access levels control the features and functions of Azure DevOps. Learn about assigning and changing access levels for users and groups. |
azure-devops-security |
E2C63C7B-6273-41D7-BD14-BFB340DF8D65 |
conceptual |
chcomley |
chcomley |
<= azure-devops |
05/23/2024 |
[!INCLUDE version-lt-eq-azure-devops]
Access levels in Azure DevOps control which web portal features are available or not. Access levels supplement security groups, which allow or deny specific tasks. Administrators ensure that their user base has access to the features they need and only pay for those specific features. It’s an efficient way to manage costs while providing the necessary functionality to users. For more information, see Stakeholder access quick reference and Manage users and access.
[!INCLUDE temp]
When you add a user or group to a team or project, they automatically gain access to the features associated with the default access level and security group. For most users, assigning them to the Basic access level and the Contributors security group provides access to most features. For a simplified overview of the permissions assigned to the most common groups Readers, Contributors, and Project Administrators, see Default permissions.
Assign users or groups of users to one of the following access levels:
::: moniker range="azure-devops"
- Basic: Provides access to most features. Assign to users with a Visual Studio Professional subscription, an Azure DevOps Server CAL, and to users for whom you're paying for Basic access in an organization.
- Basic + Test Plans: Provides access to all features included in Basic and Azure Test Plans. Assign to users with a Visual Studio Test Professional or MSDN Platforms subscription, and to users for whom you're paying for Basic + Test Plans access in an organization.
- Stakeholder: Can assign to unlimited users for free. Provides partial access to private projects and mostly full access to public projects. Assign to users with no license or subscriptions who need access to a limited set of features.
- Visual Studio Subscriber: Assign to users who already have a Visual Studio subscription. The system automatically recognizes the user's subscription—Visual Studio Enterprise, Visual Studio Professional, Visual Studio Test Professional, or MSDN Platform—and enables any other features included in their subscription level. If you assign Basic or Stakeholder, they also receive their Visual Studio subscription benefits upon sign-in.
Tip
As a best practice when adding new users, we recommend assigning the Visual Studio Subscriber level when appropriate (as opposed to Basic) to prevent being charged the Basic rate before the user signs in for the first time.
::: moniker-end
::: moniker range=">= azure-devops-2019 < azure-devops"
- Stakeholder: Provides partial access, can assign to unlimited users for free. Assign to users with no license or subscriptions who need access to a limited set of features.
- Basic: Provides access to most features. Assign to users with an Azure DevOps Server CAL, with a Visual Studio Professional subscription, and to users for whom you're paying for Basic access in an organization.
- Basic + Test Plans: Provides access for users who have a monthly Test Manager subscription, Visual Studio Test Professional, or MSDN Platforms subscription.
- VS Enterprise: Provides access to premium features. Assign to users with a subscription to Visual Studio Enterprise.
::: moniker-end
The following table indicates those features available for each supported access level. Visual Studio Test Professional and MSDN Platform subscriptions grant access to the same features as Visual Studio Enterprise.
::: moniker range="azure-devops"
:::row:::
:::column span="3":::
Feature
:::column-end:::
:::column span="1":::
Stakeholder
:::column-end:::
:::column span="1":::
Basic &
Visual Studio Professional
:::column-end:::
:::column span="1":::
Basic + Test Plans &
Visual Studio Enterprise
:::column-end:::
:::row-end:::
::: moniker-end
::: moniker range=">= azure-devops-2019 < azure-devops"
:::row:::
:::column span="3":::
Feature
:::column-end:::
:::column span="1":::
Stakeholder
:::column-end:::
:::column span="1":::
Basic &
Visual Studio Professional
:::column-end:::
:::column span="1":::
Basic + Test Plans &
Visual Studio Enterprise
:::column-end:::
:::row-end:::
::: moniker-end
:::row:::
:::column span="3":::
Administer organization
Can configure resources when also added to a security group or role: team administrator, Project Administrator, or Project Collection Administrator.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Advanced backlog and sprint planning tools
Includes full access to all backlog and sprint planning tools.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Advanced home page
Includes access to projects, work items, and pull requests defined across projects you work in.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Advanced portfolio management
Includes full access to define features and epics from a portfolio backlog or board.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
::: moniker range=">= azure-devops-2020"
:::row:::
:::column span="3":::
Agile boards
Stakeholders get limited access to boards and Taskboards. Stakeholders use drag-and-drop to create and change work items, but only change the State field on cards. They only view the sprint capacity settings.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
::: moniker-end
::: moniker range="< azure-devops-2020"
:::row:::
:::column span="3":::
Agile boards
Stakeholders get limited access to boards and Taskboards. Stakeholders can't add work items, drag-and-drop cards to update status, update fields displayed on cards, nor view or set capacity.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
::: moniker-end
:::row:::
:::column span="3":::
Agile Portfolio Management
Includes limited access to portfolio backlogs and boards. Stakeholders can't change the backlog priority order, can't assign items to an iteration, use the mapping pane, or exercise forecasting.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Artifacts
Includes full access to all Azure Artifacts features, up to 2-GiB free storage.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Author Release Pipelines and Manage Releases
Includes defining release pipelines, multi-stage continuous deployment (CD) pipelines, and using approvals and gates to control deployments.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Basic backlog and sprint planning tools
Includes limited access to add and modify items on backlogs and sprint backlogs and Taskboards. Stakeholders can't assign items to an iteration, use the mapping pane, or forecasting.
:::column-end:::
:::column span="1":::
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Build
Includes full access to all features to manage continuous integration and continuous delivery of software.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Chart Authoring
Can create work tracking query charts.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Chart Viewing
Can only view work tracking query charts. Stakeholders can't view query charts from the Queries page. They can view them when added to a dashboard.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Code
Includes full access to all features to manage code using Git repositories or using Team Foundation Version Control (TFVC) Team Foundation Version Control (TFVC).
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
::: moniker range="azure-devops"
:::row:::
:::column span="3":::
Delivery Plans
Includes full access to add and view Delivery plans.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
::: moniker-end
::: moniker range="< azure-devops"
:::row:::
:::column span="3":::
Delivery Plans
Includes full access to add and view Delivery plans.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
::: moniker-end
:::row:::
:::column span="3":::
Request and Manage Feedback
Includes full access to request and manage feedback on working software.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Standard Features
Includes working across projects, View dashboards, View wikis, and Manage personal notifications. Stakeholders can't view Markdown README files defined for repositories and can only read wiki pages.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
Test services in build and release
Includes running unit tests with your builds, reviewing, and analyzing test results.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Test Case Management
Includes adding test plans and test suites, creating manual test cases, deleting test artifacts, and testing different configurations.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1":::
:::row:::
:::column span="3":::
Test Execution and Test Analysis
Includes running manual, tracking test status, and automated tests.
:::column-end:::
:::column span="1":::
:::column-end::: :::column span="1"::: ✔️ :::column-end::: :::column span="1"::: ✔️ :::column-end::: :::row-end:::
:::row:::
:::column span="3":::
Test summary access to Stakeholder license
Includes requesting Stakeholder feedback using the Test & Feedback extension.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
View My Work Items
Access to add and modify work items, follow work items, view and create queries, and submit, view, and change feedback responses. Stakeholders can only assign existing tags to work items (can't add new tags) and can only save queries under My Queries (can't save under Shared Queries).
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
:::row:::
:::column span="3":::
View Releases and Manage Approvals
Includes viewing releases and approving releases.
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::column span="1":::
✔️
:::column-end:::
:::row-end:::
::: moniker range="azure-devops"
Visual Studio subscribers get Visual Studio subscription features as a subscriber benefit. When you add those users, be sure to assign them the Visual Studio subscription access level.
The system automatically recognizes their subscription and enables any other features included, based on their subscription level.
::: moniker-end
::: moniker range="< azure-devops"
Visual Studio Enterprise subscribers get VS Enterprise access as a subscriber benefit. When you add those users, be sure to assign them the VS Enterprise access level.
With Visual Studio Enterprise (VS Enterprise) access, users gain access to any fee-based, Marketplace extension published by Microsoft that is included for active Visual Studio Enterprise subscribers.
::: moniker-end
::: moniker range="< azure-devops"
Advanced access gives users all the Basic features, plus web-based test case management tools. You can buy monthly access or add users who already have a Visual Studio Test Professional with MSDN or MSDN Platforms subscription.
::: moniker-end
::: moniker range="azure-devops"
You can manage access levels programmatically using the az devops user add (Azure DevOps Services only) or the User Entitlement - Add REST API. The following table provides a mapping of the access level selected through the user interface and the AccountLicenseType, licensingSource, and msdnLicenseType parameters.
| Access level (user interface) licenseDisplayName |
accountLicenseType | licensingSource | msdnLicenseType |
|---|---|---|---|
| Basic | express | account | none |
| Basic + Test Plans | advanced | account | none |
| Visual Studio Subscriber | none | msdn | eligible |
| Stakeholder | stakeholder | account | none |
| Visual Studio Enterprise subscription | none | msdn | enterprise |
Note
The earlyAdopter accountLicenseType is an internal value used solely by Microsoft.
::: moniker-end
::: moniker range=">= azure-devops-2019 < azure-devops"
You can manage access levels programmatically using the User Entitlement - Add REST API. The following table provides a mapping of the access level selected through the user interface and the AccountLicenseType, licensingSource, and msdnLicenseType parameters.
| Access level (user interface) licenseDisplayName |
accountLicenseType | licensingSource | msdnLicenseType |
|---|---|---|---|
| Basic | express | account | none |
| Basic + Test Plans | advanced | account | none |
| Visual Studio Subscriber | none | msdn | eligible |
| Stakeholder | stakeholder | account | none |
| VS Enterprise | none | msdn | enterprise |
::: moniker-end
::: moniker range="< azure-devops"
If a user belongs to a group that has Basic access and another group that has VS Enterprise access, the user has access to all features available through VS Enterprise, which is a superset of Basic.
Azure DevOps service accounts added to the default access level. If you make Stakeholder the default access level, you must add the service accounts to Basic or Advanced/VS Enterprise access.
Service accounts don't require a CAL or other purchase.
::: moniker-end
::: moniker range="azure-devops"
- Stakeholder access quick reference
- Get started as a Stakeholder
- Export a list of users and their access levels
- Default permissions and access
::: moniker-end
::: moniker range="< azure-devops"
- Stakeholder access quick reference
- Change access levels
- Get started as a Stakeholder
- Compare features between plans
::: moniker-end