Azure DevOps provides a powerful and flexible security system that allows you to manage permissions and access for users and groups. By leveraging security groups, you can easily control who can access and perform various actions within your Azure DevOps organization and projects.

Understanding Security Groups in Azure DevOps

Security groups are the foundation for managing permissions and access in Azure DevOps. You can use both default and custom security groups to set permissions at different levels, including project, collection, and object-level. This allows you to tailor the access and permissions based on the specific needs of your organization and projects.

Some key ways Azure DevOps uses security groups include:

  • Determining Permissions: Security groups define the permissions allocated to a user or group, controlling what actions they can perform.
  • Controlling Access Levels: Security groups determine the level of access granted to a user or group, such as Stakeholder, Contributor, or Administrator.
  • Filtering Work Item Queries: Security group membership can be used to filter work item queries, ensuring users only see work items they have access to.
  • Notifying Group Members: Mentioning a project-level group in comments or notifications will send emails to the members of that group.
  • Assigning Role-Based Permissions: Security groups can be added to role-based permissions to grant access to specific functionality.
  • Setting Object-Level Permissions: Security groups can be used to set permissions on individual objects, such as work items, source code, and more.

Creating and Managing Security Groups

To effectively manage permissions and access in your Azure DevOps organization, you’ll need to create and maintain both default and custom security groups. Here’s how you can do that:

Create a Custom Security Group

  1. Open the Permissions page for either the project-level or organization-level.
  2. Select New Group to create a new security group.
  3. Enter a name for the group and optionally add members and a description.

Add Users or Groups to a Security Group

  1. Open the Permissions page and select the security group you want to manage.
  2. Go to the Members tab and choose Add to add users or groups to the group.
  3. Enter the names of the users or groups you want to add and select the matches that meet your requirements.

Change Permissions for a User or Group

Permissions can be defined at different levels in Azure DevOps, such as object-level, project-level, and collection-level. Review the relevant articles to open the dialog for the permissions you want to change.

Remove Users or Groups from a Security Group

  1. Locate the user or group you want to remove from the security group.
  2. Select the More options (⋯) menu and choose Remove.
  3. Confirm the removal of the group member.

Manage Group Settings

You can change the name, description, and image of a security group, as well as delete the group altogether. The specific steps vary slightly between the preview and current pages, so be sure to follow the appropriate instructions.

Conclusion

Mastering security group management in Azure DevOps is crucial for maintaining proper permissions and access control within your organization. By understanding how to create, add, remove, and manage security groups, you can ensure that the right users have the appropriate level of access to your projects and data. As your organization and teams evolve, keep revisiting your security group configurations to ensure they continue to meet your needs.