![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 13%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
41 questions
Hi ,
Thanks for reaching out to Microsoft Q&A.
In Azure Devops, permissions for work items (including Test Plans, Test Suites, and Test Runs) are primarily controlled at the project level and inherited from the area path security settings. However, specific attachment-level permissions (such as restricting deletion while allowing uploads) are not explicitly available in the builtin permission settings.
Possible Workarounds to Restrict Deletion of Attachments in Test Runs
Here are some ways you can achieve this:
- Restrict "Manage Test Runs" Permission for Contributors
- Go to Project Settings > Permissions.
- Locate the Contributors group.
- Edit the permission "Manage test runs" and set it to Deny or Not Set.
- This will prevent contributors from modifying test runs, including adding or deleting attachments.
Limitation: This prevents users from managing test runs altogether, which may not be ideal if they still need to execute test cases.
- Use Work Item Rules (Workaround)
Azure DevOps allows work item rules to restrict certain actions. While these rules primarily apply to fields rather than attachments, you could:
- Set a state-based rule that prevents modifications when a test run reaches a certain state ("Completed").
- Use a custom rule in the Process settings to restrict modifications based on user roles.
Limitation: Does not explicitly block attachment deletion but can prevent modifications to completed test runs.
- Custom Policies via Azure DevOps REST API
If you need a fine grained solution, you can create an Azure Devops extension or use a Service Hook that:
- Monitors attachment deletion events via the Azure Devops REST API.
- Logs or prevents deletion using a script.
- Alerts admins when a deletion occurs.
Limitation: Requires development effort.
- Governance via Test Case Approval Process
If the goal is auditability, consider:
- Implementing an approval workflow where a test run (and its attachments) must be reviewed before changes are permitted.
- Restricting test case modifications to specific roles ("Test Leads" instead of "Contributors").
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.