Set TFVC repository permissions
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
Visual Studio 2019 | Visual Studio 2022
You can manage access to a Team Foundation Version Control (TFVC) repository to lock down who can contribute to your source code. There's only one TFVC repository per project. For guidance on who to give greater permission levels, see Manage access using permissions.
Prerequisites
| Category | Requirements |
|---|---|
| Project access | Member of the Azure DevOps project where the TFVC repository is located. |
| Permissions | Member of the Project Administrators group or Manage permissions set to Allow for the TFVC repository. |
| Access levels | To contribute to source code: At least Basic access. Stakeholder access for private projects provides no access to source code. Stakeholder access for public projects provides the same access as Contributors and Basic. For more information, see About access levels. |
| Category | Requirements |
|---|---|
| Project access | Member of the Azure DevOps project where the TFVC repository is located. |
| Permissions | Member of the Project Administrators group or Manage permissions set to Allow for the TFVC repository. |
| Access levels | To contribute to source code: At least Basic access. Stakeholder access for private projects provides no access to source code. For more information, see About access levels. |
Default repository permissions
By default, members of the project Contributors group have permissions to contribute to a repository. For a description of each security group and permission level, see Security groups, service accounts, and permissions in Azure DevOps.
Note
Tasks such as create, delete, or rename a TFVC repository are not supported. Once a TFVC repository is created you can't delete it. Also, you can only have one TFVC repository per project. This is different from Git repositories which allow for adding, renaming, and deleting multiple repositories.
Permission
Readers
Contributors
Build Admins
Project Admins
Check in, Label, Lock, Merge, Pend a change in a server workspace, Read
Read only
✔️
✔️
✔️
Administer labels, Manage branches, Manage permissions, Revise other users' changes, Undo other users' changes, Unlock other users' changes
✔️
Set TFVC repository security permissions
To set permissions for a custom security group, ensure that the group is already defined. For more information, see Change project-level permissions for more information.
In the Azure DevOps web portal for the project where you want to set permissions, select Project settings. To choose another project, see Switch project, repository, team.
Select Repositories.
Select the TFVC repository labeled with the name of the project.
Choose the user or security group you want to change permissions for.
To set permissions for a specific user or group, enter their name in the identity box and select their identity.
Make the changes to the permission set.
When you're done, navigate away from the page. The permission changes are automatically saved for the selected user or group.
If you add a user or group and don't change any of their permissions, the user or group you added no longer appears after you refresh the permissions page.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Microsoft Entra ID or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
To set the permissions for the TFVC repository for a project:
In the Azure DevOps web portal for the project where you want to set permissions, select Project Settings.
Select Repositories.
Select the TFVC repository.
Choose the security group whose permissions you want to manage, in this case the Contributors group.
Select the permission for Manage branch.
To see the full image, click the image to expand. Choose the
close icon to close.
Note
You may not be able to find a user from a permissions page or identity field if the user hasn't been added to the project—either by adding it to a security group or to a project team. Also, when a user is added to Microsoft Entra ID or Active Directory, there can be a delay between the time they are added to the project and when they are searchable from an identity field. The delay can be between 5 minutes to 7 days.
If you add a user or group and don't change any of their permissions, the user or group you added no longer appears after you refresh the permissions page.
Save your changes.
