Muokkaa

Jaa


About access levels

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

Access levels in Azure DevOps control which web portal features are available or not. Access levels supplement security groups, which allow or deny specific tasks. Administrators ensure that their user base has access to the features they need and only pay for those specific features. It’s an efficient way to manage costs while providing the necessary functionality to users. For more information, see Stakeholder access quick reference and Manage users and access.

Important

Select a version from Azure DevOps Content Version selector.

Select the version of this article that corresponds to your platform and version. The version selector is above the table of contents. Look up your Azure DevOps platform and version.

When you add a user or group to a team or project, they automatically gain access to the features associated with the default access level and security group. For most users, assigning them to the Basic access level and the Contributors security group provides access to most features. For a simplified overview of the permissions assigned to the most common groups Readers, Contributors, and Project Administrators, see Default permissions.

Supported access levels

Assign users or groups of users to one of the following access levels:

  • Basic: Provides access to most features. Assign to users with a Visual Studio Professional subscription, an Azure DevOps Server CAL, and to users for whom you're paying for Basic access in an organization.
  • Basic + Test Plans: Provides access to all features included in Basic and Azure Test Plans. Assign to users with a Visual Studio Test Professional or MSDN Platforms subscription, and to users for whom you're paying for Basic + Test Plans access in an organization.
  • Stakeholder: Can assign to unlimited users for free. Provides partial access to private projects and mostly full access to public projects. Assign to users with no license or subscriptions who need access to a limited set of features.
  • Visual Studio Subscriber: Assign to users who already have a Visual Studio subscription. The system automatically recognizes the user's subscription—Visual Studio Enterprise, Visual Studio Professional, Visual Studio Test Professional, or MSDN Platform—and enables any other features included in their subscription level. If you assign Basic or Stakeholder, they also receive their Visual Studio subscription benefits upon sign-in.

Tip

As a best practice when adding new users, we recommend assigning the Visual Studio Subscriber level when appropriate (as opposed to Basic) to prevent being charged the Basic rate before the user signs in for the first time.

  • Stakeholder: Provides partial access, can assign to unlimited users for free. Assign to users with no license or subscriptions who need access to a limited set of features.
  • Basic: Provides access to most features. Assign to users with an Azure DevOps Server CAL, with a Visual Studio Professional subscription, and to users for whom you're paying for Basic access in an organization.
  • Basic + Test Plans: Provides access for users who have a monthly Test Manager subscription, Visual Studio Test Professional, or MSDN Platforms subscription.
  • VS Enterprise: Provides access to premium features. Assign to users with a subscription to Visual Studio Enterprise.

The following table indicates those features available for each supported access level. Visual Studio Test Professional and MSDN Platform subscriptions grant access to the same features as Visual Studio Enterprise.


Feature

Stakeholder

Basic &
Visual Studio Professional

Basic + Test Plans &
Visual Studio Enterprise


Feature

Stakeholder

Basic &
Visual Studio Professional

Basic + Test Plans &
Visual Studio Enterprise


Administer organization
Can configure resources when also added to a security group or role: team administrator, Project Administrator, or Project Collection Administrator.

✔️

✔️

✔️


Advanced backlog and sprint planning tools
Includes full access to all backlog and sprint planning tools.

✔️

✔️


✔️

✔️


Advanced portfolio management
Includes full access to define features and epics from a portfolio backlog or board.

✔️

✔️


Agile boards
Stakeholders get limited access to boards and Taskboards. Stakeholders use drag-and-drop to create and change work items, but only change the State field on cards. They only view the sprint capacity settings.

✔️

✔️

✔️


Agile boards
Stakeholders get limited access to boards and Taskboards. Stakeholders can't add work items, drag-and-drop cards to update status, update fields displayed on cards, nor view or set capacity.

✔️

✔️

✔️


Agile Portfolio Management
Includes limited access to portfolio backlogs and boards. Stakeholders can't change the backlog priority order, can't assign items to an iteration, use the mapping pane, or exercise forecasting.

✔️

✔️

✔️

Artifacts
Includes full access to all Azure Artifacts features, up to 2-GiB free storage.

✔️

✔️

✔️


✔️

✔️

✔️

Basic backlog and sprint planning tools
Includes limited access to add and modify items on backlogs and sprint backlogs and Taskboards. Stakeholders can't assign items to an iteration, use the mapping pane, or forecasting.

✔️

✔️

Build
Includes full access to all features to manage continuous integration and continuous delivery of software.

✔️

✔️

✔️

Chart Authoring
Can create work tracking query charts.

✔️

✔️


Chart Viewing
Can only view work tracking query charts. Stakeholders can't view query charts from the Queries page. They can view them when added to a dashboard.

✔️

✔️


Code
Includes full access to all features to manage code using Git repositories or using Team Foundation Version Control (TFVC) Team Foundation Version Control (TFVC).

✔️

✔️


Delivery Plans
Includes full access to add and view Delivery plans.

✔️

✔️


Delivery Plans
Includes full access to add and view Delivery plans.

✔️

✔️


Request and Manage Feedback Includes full access to request and manage feedback on working software.

✔️

✔️


Standard Features
Includes working across projects, View dashboards, View wikis, and Manage personal notifications. Stakeholders can't view Markdown README files defined for repositories and can only read wiki pages.

✔️

✔️

✔️


Test services in build and release
Includes running unit tests with your builds, reviewing, and analyzing test results.

✔️

✔️


✔️


Test Execution and Test Analysis
Includes running manual, tracking test status, and automated tests.

✔️

✔️


Test summary access to Stakeholder license
Includes requesting Stakeholder feedback using the Test & Feedback extension.

✔️

✔️

✔️


View My Work Items
Access to add and modify work items, follow work items, view and create queries, and submit, view, and change feedback responses. Stakeholders can only assign existing tags to work items (can't add new tags) and can only save queries under My Queries (can't save under Shared Queries).

✔️

✔️

✔️


View Releases and Manage Approvals
Includes viewing releases and approving releases.

✔️

✔️

✔️


Visual Studio subscription access

Visual Studio subscribers get Visual Studio subscription features as a subscriber benefit. When you add those users, be sure to assign them the Visual Studio subscription access level.

The system automatically recognizes their subscription and enables any other features included, based on their subscription level.

VS Enterprise access

Visual Studio Enterprise subscribers get VS Enterprise access as a subscriber benefit. When you add those users, be sure to assign them the VS Enterprise access level.

With Visual Studio Enterprise (VS Enterprise) access, users gain access to any fee-based, Marketplace extension published by Microsoft that is included for active Visual Studio Enterprise subscribers.

Advanced access gives users all the Basic features, plus web-based test case management tools. You can buy monthly access or add users who already have a Visual Studio Test Professional with MSDN or MSDN Platforms subscription.

Programmatic mapping of access levels

You can manage access levels programmatically using the az devops user add (Azure DevOps Services only) or the User Entitlement - Add REST API. The following table provides a mapping of the access level selected through the user interface and the AccountLicenseType, licensingSource, and msdnLicenseType parameters.

Access level (user interface)
licenseDisplayName
accountLicenseType licensingSource msdnLicenseType
Basic express account none
Basic + Test Plans advanced account none
Visual Studio Subscriber none msdn eligible
Stakeholder stakeholder account none
Visual Studio Enterprise subscription none msdn enterprise

Note

The earlyAdopter accountLicenseType is an internal value used solely by Microsoft.

You can manage access levels programmatically using the User Entitlement - Add REST API. The following table provides a mapping of the access level selected through the user interface and the AccountLicenseType, licensingSource, and msdnLicenseType parameters.

Access level (user interface)
licenseDisplayName
accountLicenseType licensingSource msdnLicenseType
Basic express account none
Basic + Test Plans advanced account none
Visual Studio Subscriber none msdn eligible
Stakeholder stakeholder account none
VS Enterprise none msdn enterprise

What features are available to users who added to two different access levels?

If a user belongs to a group that has Basic access and another group that has VS Enterprise access, the user has access to all features available through VS Enterprise, which is a superset of Basic.

Service account access

Azure DevOps service accounts added to the default access level. If you make Stakeholder the default access level, you must add the service accounts to Basic or Advanced/VS Enterprise access.

Service accounts don't require a CAL or other purchase.