Edit

Share via

Change project-level permissions

Azure DevOps Services | Azure DevOps Server | Azure DevOps Server 2022 | Azure DevOps Server 2020

Many permissions are managed at the project level. You can grant project-level capabilities by adding users or groups to the built-in Project Administrators group, or by assigning specific project permissions to a custom security group or an individual user.

Consider adding users to Project Administrators when they need to add or manage teams, area and iteration paths, repositories, service hooks, or service connections.

What you'll learn:

  • How to add members to the Project Administrators group.
  • How to change project-level permissions for a group or user.
  • Notes about tagging permissions, Microsoft Entra groups, and Stakeholder access limits.

Project-level permissions

The following table lists the permissions assigned at the project-level. All these permissions are granted to members of the Project Administrators group, except for the Delete shared Analytics views and Edit shared Analytics views permissions. For a description of each permission, see Permissions and groups reference, Groups.

Note

Permissions associated with Analytics require that the Inherited process model is selected for an on-premises project collection.

General

  • Delete team project
  • Edit project-level information
  • Manage project properties
  • Rename team project
  • Suppress notifications for work item updates
  • Update project visibility
  • View project-level information
  • Delete team project
  • Edit project-level information
  • Manage project properties
  • Rename team project
  • Suppress notifications for work item updates
  • View project-level information

Boards

  • Bypass rules on work item updates
  • Change process of team project
  • Create tag definition
  • Delete and restore work items
  • Move work items out of this project
  • Permanently delete work items

Analytics

  • Delete shared Analytics views
  • Edit shared Analytics views
  • View analytics

Test Plans

  • Create test runs
  • Delete test runs
  • Manage test configurations
  • Manage test environments
  • View test runs

Note

The permission that allows adding or removing project-level security groups (and managing their membership) is granted to all members of the Project Administrators group. This capability is not exposed as a separate permission in the user interface.

Tagging permission behavior (Create tag definition)

By default, the Contributors group is granted the Create tag definition permission. Although this permission appears at the project level in the UI, tagging is implemented as a collection-level capability. When you modify tagging permissions using command-line tools, provide the project GUID to scope the change to a single project; otherwise your change applies to the entire collection. For more information, see Security groups, service accounts, and permissions — Work item tags.

Prerequisites

Category Requirements
Permissions Member of the Project Administrators group. If you created the organization or collection, you're automatically a member.
Directory services If you plan to add directory groups, ensure Microsoft Entra ID (Azure AD) groups are available and synced to Azure DevOps. See Add AD/Azure AD built-in security groups.

Note

Users with Stakeholder access have limited feature access even if specific permissions are granted. See Stakeholder access quick reference.

Add members to the Project Administrators group

You can add users or directory groups (for example, Microsoft Entra ID groups) to the built-in Project Administrators group. To add a custom security group to a project, first create the group as described in Use security groups to manage users and groups.

Cloud (Azure DevOps Services)

Note

To enable the Project Permissions Settings preview page, see Enable preview features.

  1. Sign in to your organization: https://dev.azure.com/{yourorganization}.

  2. Select Project settings > Permissions.

    Permissions section in Project settings.

  3. Choose the Project Administrators group > Members > Add.

    Add member in Permissions.

  4. Enter the user account or security group name in the Add users and/or groups box, select one or more matches, and then select Save.

    Add users and group dialog.

On-premises / older UI

  1. Sign in to your organization: https://dev.azure.com/{yourorganization}.

  2. Select Project settings > Security.

    Project settings, Security.

  3. Select Project Administrators > Members > Add.

    Project Settings, Security, Add member.

  4. Enter one or more user or group names, choose matches, and select Save changes. Refresh the page to see updates.

    Add users dialog, on-premises.

Change permissions for a group

You can modify project-level permissions for any project-associated group (except the built-in Project Administrators group). Each team added to a project is exposed as a project-level group and can be granted specific permissions.

Cloud (Azure DevOps Services)

Note

To enable the Project Permissions Settings preview page, see Enable preview features.

  1. Open Project settings > Permissions.

  2. Choose the group (for example, Contributors).

  3. Toggle permission assignments (Allow / Deny / Inherit). Changes are saved automatically.

    Contributors group permissions.

Tip

Adding a user to Contributors grants the ability to add and modify work items. To limit that capability by area, scope permissions at the Area Path level — see Modify work items under an area or iteration path.

On-premises / older UI

  1. Open Project settings > Security.

  2. Choose the group, update permission assignments, and select Save changes.

    Contributors group permissions, on-premises.

For a description of each permission, see Permissions and groups reference — project-level permissions.

Note

You cannot change the permission settings for the built-in Project Administrators group. This is by design.

Change permissions for a user

You can change project-level permissions for an individual user. Permission inheritance still applies — check the user's group memberships when evaluating effective permissions.

Cloud (Azure DevOps Services)

  1. Open Project settings > Permissions.

  2. Select Users, pick the user, and update permission assignments. Changes are saved automatically.

    Users tab, select a user.

  3. Make the required permission changes (for example, Edit project-level information), then close the dialog.

    Change permission for selected user.

On-premises / older UI

  1. Open Project settings > Security.

  2. Use Filter users and groups to find a user, change permissions, and select Save changes.

    Change permission for user, on-premises.

Enable AI assistance for Azure DevOps

For enhanced productivity across your Azure DevOps workflow, use the Azure DevOps MCP Server to enable AI assistance with your project data. Get intelligent insights for daily standups, sprint planning, code reviews, project reporting, pull request analysis, and work item management—all through natural language queries to your AI assistant. For more information and installation instructions, see the Azure DevOps MCP Server overview.

Next step

Manage projects

Related content