Azure DevOps Security Namespaces/Actions
- Default
- AccountAdminSecurity
- Analytics
- AnalyticsViews
- Boards
- BoardsExternalIntegration
- Collection
- CrossProjectWidgetView
- DashboardsPrivileges
- DataProvider
- EventSubscriber
- EventSubscription
- Favorites
- Graph
- Identity
- IdentityPicker
- Job
- Location
- Process
- Project
- ProjectAnalysisLanguageMetrics
- Proxy
- Registry
- Security
- Server
- ServiceEndpoints
- ServiceHooks
- ServicingOrchestration
- SettingEntries
- Social
- StrongBox
- Tagging
- TestManagement
- UtilizationPermissions
- ViewActivityPaneSecurity
- WebPlatform
- WorkItemsHub
- WorkItemTracking
- WorkItemTrackingConfiguration
- VersionControl
- Git
- WorkItem
- Build
- ReleaseManagement
- LabExecution
- Discussion
- DistributedTask
- Integration
- Chat
Default
AccountAdminSecurity
Name | Display name |
---|---|
Create | Create account resource |
Modify | Modify account resource |
Read | Read account resource |
Analytics
Name | Display name |
---|---|
Administer | Manage analytics permissions |
ExecuteUnrestrictedQuery | Execute query without any restrictions on the query form |
Read | View analytics |
ReadEuii | Read EUII data |
Stage | Push the data to staging area |
AnalyticsViews
Name | Display name |
---|---|
Delete | Delete shared Analytics views |
Edit | Edit shared Analytics views |
Execute | Execute Analytics views |
ManagePermissions | Manage |
Read | View shared Analytics views |
Boards
Name | Display name |
---|---|
ChangeMetadata | Change board metadata (name, columns, rows, settings, etc) |
Create | Create a board |
Delete | Delete the board |
Manage | (blank) |
MoveCard | Add, move or remove cards in the board |
View | View the board |
BoardsExternalIntegration
Name | Display name |
---|---|
Read | View boards external integrations |
Write | Write boards external integrations |
Collection
Name | Display name |
---|---|
CREATE_PROJECTS | Create new projects |
DELETE_FIELD | Delete field from account |
DIAGNOSTIC_TRACE | Alter trace settings |
GENERIC_READ | View collection-level information |
GENERIC_WRITE | Edit collection-level information |
MANAGE_TEMPLATE | Manage process template |
MANAGE_TEST_CONTROLLERS | Manage test controllers |
SYNCHRONIZE_READ | View system synchronization information |
TRIGGER_EVENT | Trigger events |
CrossProjectWidgetView
Name | Display name |
---|---|
GenericRead | View instance-level information |
DashboardsPrivileges
Name | Display name |
---|---|
Create | Create dashboard |
Delete | Delete dashboard |
Edit | Edit dashboard |
ManagePermissions | ManagePermissions |
MaterializeDashboards | Materialize Dashboards |
Read | Read |
DataProvider
Name | Display name |
---|---|
Read | View data provider entities |
EventSubscriber
Name | Display name |
---|---|
GENERIC_READ | View |
GENERIC_WRITE | Edit |
EventSubscription
Name | Display name |
---|---|
CREATE_SOAP_SUBSCRIPTION | Create a SOAP subscription |
GENERIC_READ | View |
GENERIC_WRITE | Edit |
UNSUBSCRIBE | Unsubscribe |
Favorites
Name | Display name |
---|---|
GenericRead | View instance-level information |
GenericWrite | Edit instance-level information |
Graph
Name | Display name |
---|---|
ReadByPersonalIdentifier | Read by personal identifier |
ReadByPublicIdentifier | Read by public identifier |
Identity
Name | Display name |
---|---|
CreateScope | Create identity scopes |
Delete | Delete identity information |
ManageMembership | Manage group membership |
Read | View identity information |
RestoreScope | Restore identity scopes |
Write | Edit identity information |
IdentityPicker
Name | Display name |
---|---|
ReadBasic | Read basic Identity Picker properties |
ReadRestricted | Read restricted Identity Picker properties |
Job
Name | Display name |
---|---|
Queue | Queue background jobs |
Read | View background job information |
Update | Manage background jobs |
Location
Name | Display name |
---|---|
Read | Read service definitions and/or access mappings. |
Write | Write service definitions and/or access mappings. |
Process
Name | Display name |
---|---|
AdministerProcessPermissions | Administer process permissions |
Create | Create process |
Delete | Delete process |
Edit | Edit process |
ReadProcessPermissions | View Process |
Project
Name | Display name |
---|---|
ADMINISTER_BUILD | Administer a build |
AGILETOOLS_BACKLOG | Agile backlog management. |
BYPASS_PROPERTY_CACHE | Bypass project property cache |
BYPASS_RULES | Bypass rules on work item updates |
CHANGE_PROCESS | Change process of team project. |
Delete | Delete team project |
DELETE_TEST_RESULTS | Delete test runs |
EDIT_BUILD_STATUS | Edit build quality |
GENERIC_READ | View project-level information |
GENERIC_WRITE | Edit project-level information |
MANAGE_PROPERTIES | Manage project properties |
MANAGE_SYSTEM_PROPERTIES | Manage system project properties |
MANAGE_TEST_CONFIGURATIONS | Manage test configurations |
MANAGE_TEST_ENVIRONMENTS | Manage test environments |
PUBLISH_TEST_RESULTS | Create test runs |
RENAME | Rename team project |
START_BUILD | Start a build |
SUPPRESS_NOTIFICATIONS | Suppress notifications for work item updates |
UPDATE_BUILD | Write to build operational store |
UPDATE_VISIBILITY | Update project visibility |
VIEW_TEST_RESULTS | View test runs |
WORK_ITEM_DELETE | Delete and restore work items |
WORK_ITEM_MOVE | Move work items out of this project |
WORK_ITEM_PERMANENTLY_DELETE | Permanently delete work items |
ProjectAnalysisLanguageMetrics
Name | Display name |
---|---|
Read | View Project Analysis language metrics data |
Write | Write Project Analysis language metrics data |
Proxy
Name | Display name |
---|---|
Manage | Manage proxies |
Read | Read proxies |
Registry
Name | Display name |
---|---|
Read | Read registry entries |
Write | Write registry entries |
Security
Name | Display name |
---|---|
Read | Read |
Server
Name | Display name |
---|---|
GenericRead | View instance-level information |
GenericWrite | Edit instance-level information |
Impersonate | Make requests on behalf of others |
TriggerEvent | Trigger events |
ServiceEndpoints
Name | Display name |
---|---|
Administer | Administer Endpoint |
Create | Create Endpoint |
View | View Endpoint |
ViewAuthorization | View Authorization |
ServiceHooks
Name | Display name |
---|---|
DeleteSubscriptions | Delete Subscriptions |
EditSubscriptions | Edit Subscription |
PublishEvents | Publish Events |
ViewSubscriptions | View Subscriptions |
ServicingOrchestration
Name | Display name |
---|---|
Cancel | Cancel Servicing Orchestration jobs |
Queue | Queue Servicing Orchestration jobs |
Read | View Servicing Orchestration information |
SettingEntries
Name | Display name |
---|---|
Read | Retrieve setting entries |
Write | Write setting entries |
Social
Name | Display name |
---|---|
GenericRead | View instance-level information |
GenericWrite | Edit instance-level information |
StrongBox
Name | Display name |
---|---|
AddItem | Add Items to the StrongBox Drawer. |
Administer | Administer StrongBox Permissions. |
AdministerDrawer | Administer permissions for the StrongBox Drawer. |
CreateDrawer | Create a StrongBox Drawer. |
DeleteDrawer | Delete as StrongBox Drawer. |
DeleteItem | Delete Items from the StrongBox Drawer. |
GetItem | Retrieve Items from the StrongBox Drawer. |
Tagging
Name | Display name |
---|---|
Create | Create tag definition |
Delete | Delete tag definition |
Enumerate | Enumerate tag definitions |
Update | Update tag definition |
TestManagement
Name | Display name |
---|---|
Read | Read TestManagement |
UtilizationPermissions
Name | Display name |
---|---|
QueryUsageSummary | Query Others' Usage |
ViewActivityPaneSecurity
Name | Display name |
---|---|
Read | View only entities |
WebPlatform
Name | Display name |
---|---|
Read | View web platform entities |
WorkItemsHub
Name | Display name |
---|---|
View | View work items hub |
WorkItemTracking
Name | Display name |
---|---|
CrossProjectRead | Cross Project Read Of WorkItemTracking Resources |
Read | Read WorkItemTracking |
ReadHistoricalWorkItemResources | (blank) |
ReadRules | Read rules only if permissions are avaliable |
TrackWorkItemActivity | Track work item read and write for a user |
WorkItemTrackingConfiguration
Name | Display name |
---|---|
Read | View work item tracking configuration |
VersionControl
VersionControlItems
Name | Display name |
---|---|
AdminProjectRights | Manage permissions |
Checkin | Check in |
CheckinOther | Check in other users' changes |
Label | Label |
LabelOther | Administer labels |
Lock | Lock |
ManageBranch | Manage branch |
Merge | Merge |
PendChange | Pend a change in a server workspace |
Read | Read |
ReviseOther | Revise other users' changes |
UndoOther | Undo other users' changes |
UnlockOther | Unlock other users' changes |
VersionControlItems2
Name | Display name |
---|---|
AdminProjectRights | Manage permissions |
Checkin | Check in |
CheckinOther | Check in other users' changes |
Label | Label |
LabelOther | Administer labels |
Lock | Lock |
ManageBranch | Manage branch |
Merge | Merge |
PendChange | Pend a change in a server workspace |
Read | Read |
ReviseOther | Revise other users' changes |
UndoOther | Undo other users' changes |
UnlockOther | Unlock other users' changes |
VersionControlPrivileges
Name | Display name |
---|---|
AdminConfiguration | Administer source control configurations |
AdminConnections | Administer source control connections |
AdminShelvesets | Administer shelved changes |
AdminWorkspaces | Administer workspaces |
CreateWorkspace | Create a workspace |
Workspaces
Name | Display name |
---|---|
Administer | Administer the workspace |
Checkin | Check in changes to the workspace |
Read | View workspace information |
Use | Use the workspace |
Git
Git Repositories
Name | Display name |
---|---|
Administer | Administer |
CreateBranch | Create branch |
CreateRepository | Create repository |
CreateTag | Create tag |
DeleteRepository | Delete repository |
EditPolicies | Edit policies |
ForcePush | Force push (rewrite history, delete branches and tags) |
GenericContribute | Contribute |
GenericRead | Read |
ManageNote | Manage notes |
ManagePermissions | Manage permissions |
PolicyExempt | Bypass policies when pushing |
PullRequestBypassPolicy | Bypass policies when completing pull requests |
PullRequestContribute | Contribute to pull requests |
RemoveOthersLocks | Remove others' locks |
RenameRepository | Rename repository |
WorkItem
Plan
Name | Display name |
---|---|
Delete | Delete |
Edit | Edit |
Manage | Manage |
View | View |
WorkItemQueryFolders
Name | Display name |
---|---|
Contribute | Contribute |
Delete | Delete |
FullControl | Full Control |
ManagePermissions | Manage permissions |
Read | Read |
RecordQueryExecutionInfo | Record query execution information |
WorkItemTrackingAdministration
Name | Display name |
---|---|
DestroyAttachments | Destroy attachments |
ManagePermissions | Manage permissions |
WorkItemTrackingProvision
Name | Display name |
---|---|
Administer | Administer |
ManageLinkTypes | Manage work item link types |
Build
Build
Name | Display name |
---|---|
AdministerBuildPermissions | Administer build permissions |
DeleteBuildDefinition | Delete build definition |
DeleteBuilds | Delete builds |
DestroyBuilds | Destroy builds |
EditBuildDefinition | Edit build definition |
EditBuildQuality | Edit build quality |
ManageBuildQualities | Manage build qualities |
ManageBuildQueue | Manage build queue |
OverrideBuildCheckInValidation | Override check-in validation by build |
QueueBuilds | Queue builds |
RetainIndefinitely | Retain indefinitely |
StopBuilds | Stop builds |
UpdateBuildInformation | Update build information |
ViewBuildDefinition | View build definition |
ViewBuilds | View builds |
BuildAdministration
Name | Display name |
---|---|
AdministerBuildResourcePermissions | Administer build resource permissions |
ManageBuildResources | Manage build resources |
UseBuildResources | Use build resources |
ViewBuildResources | View build resources |
ReleaseManagement
ReleaseManagement
Name | Display name |
---|---|
AdministerReleasePermissions | Administer release permissions |
CreateReleases | Create releases |
DeleteReleaseDefinition | Delete release pipeline |
DeleteReleaseEnvironment | Delete release stage |
DeleteReleases | Delete releases |
DeploymentSummaryAcrossProjects | Deployment summary across projects |
EditReleaseDefinition | Edit release pipeline |
EditReleaseEnvironment | Edit release stage |
ExportReleaseDefinition | Export release definition |
ManageDeployments | Manage deployments |
ManageReleaseApprovers | Manage release approvers |
ManageReleases | Manage releases |
ManageReleaseSettings | Manage release settings |
ManageTaskHubExtension | Manage TaskHub Extension |
ViewCDWorkflowEditor | View CD work flow editor |
ViewExternalArtifactCommitsAndWorkItems | View external artifact commits and work items |
ViewLegacyUI | View legacy UI |
ViewReleaseDefinition | View release pipeline |
ViewReleases | View releases |
ViewTaskEditor | View task editor |
LabExecution
TeamLabSecurity
Name | Display name |
---|---|
Create | Create |
Delete | Delete |
DeleteLocation | DeleteLocation |
Edit | Edit |
ManageChildPermissions | ManageChildPermissions |
ManageLocation | ManageLocation |
ManagePermissions | ManagePermissions |
ManageSnapshots | ManageSnapshots |
ManageTestMachines | ManageTestMachines |
Pause | Pause |
Read | Read |
Start | Start |
Stop | Stop |
Write | Write |
Discussion
Discussion Threads
Name | Display name |
---|---|
Administer | Manage discussion permissions |
GenericContribute | Contribute to discussions |
GenericRead | View discussions |
Moderate | Moderate discussions |
DistributedTask
DistributedTask
Name | Display name |
---|---|
AdministerPermissions | Administer Permissions |
Create | Create |
Listen | Listen |
Manage | Manage |
Use | Use |
View | View |
Environment
Name | Display name |
---|---|
Administer | Administer Permissions |
Create | Create |
Manage | Manage |
Use | Use |
View | View |
Library
Name | Display name |
---|---|
Administer | Administer library item |
Create | Create library item |
Use | Use library item |
View | View library item |
ViewSecrets | View library item secrets |
MetaTask
Name | Display name |
---|---|
Administer | Administer task group permissions |
Delete | Delete task group |
Edit | Edit task group |
Integration
CSS
Name | Display name |
---|---|
CREATE_CHILDREN | Create child nodes |
Delete | Delete this node |
GENERIC_READ | View permissions for this node |
GENERIC_WRITE | Edit this node |
MANAGE_TEST_PLANS | Manage test plans |
MANAGE_TEST_SUITES | Manage test suites |
WORK_ITEM_READ | View work items in this node |
WORK_ITEM_WRITE | Edit work items in this node |
Iteration
Name | Display name |
---|---|
CREATE_CHILDREN | Create child nodes |
Delete | Delete this node |
GENERIC_READ | View permissions for this node |
GENERIC_WRITE | Edit this node |
Chat
Chat
Name | Display name |
---|---|
AddRemoveChatRoomMember | Add/Remove Chat Room Member |
CloseChatRoom | Close Chat Room |
CreateChatRoom | Create Chat Room |
DeleteChatRoom | Delete Chat Room |
DeleteChatRoomMessage | Delete Chat Room Message |
ManageChatPermissions | Manage Chat Permissions |
ReadChatRoomMessage | Read Chat Room Message |
ReadChatRoomMetadata | Read Chat Room Metadata |
ReadChatRoomTranscript | Read Chat Room Transcript |
UpdateChatRoomMessage | Update Chat Room Message |
UpdateChatRoomMetadata | Update Chat Room Metadata |
WriteChatRoomMessage | Write Chat Room Message |