Azure DevOps Security Namespaces/Actions

• Default
  • AccountAdminSecurity
  • Analytics
  • AnalyticsViews
  • Boards
  • BoardsExternalIntegration
  • Collection
  • CrossProjectWidgetView
  • DashboardsPrivileges
  • DataProvider
  • EventSubscriber
  • EventSubscription
  • Favorites
  • Graph
  • Identity
  • IdentityPicker
  • Job
  • Location
  • Process
  • Project
  • ProjectAnalysisLanguageMetrics
  • Proxy
  • Registry
  • Security
  • Server
  • ServiceEndpoints
  • ServiceHooks
  • ServicingOrchestration
  • SettingEntries
  • Social
  • StrongBox
  • Tagging
  • TestManagement
  • UtilizationPermissions
  • ViewActivityPaneSecurity
  • WebPlatform
  • WorkItemsHub
  • WorkItemTracking
  • WorkItemTrackingConfiguration
• VersionControl
  • VersionControlItems
  • VersionControlItems2
  • VersionControlPrivileges
  • Workspaces
• Git
  • Git Repositories
• WorkItem
  • Plan
  • WorkItemQueryFolders
  • WorkItemTrackingAdministration
  • WorkItemTrackingProvision
• Build
  • Build
  • BuildAdministration
• ReleaseManagement
  • ReleaseManagement
• LabExecution
  • TeamLabSecurity
• Discussion
  • Discussion Threads
• DistributedTask
  • DistributedTask
  • Environment
  • Library
  • MetaTask
• Integration
  • CSS
  • Iteration
• Chat
  • Chat

Default

AccountAdminSecurity

Name	Display name
Create	Create account resource
Modify	Modify account resource
Read	Read account resource

Analytics

Name	Display name
Administer	Manage analytics permissions
ExecuteUnrestrictedQuery	Execute query without any restrictions on the query form
Read	View analytics
ReadEuii	Read EUII data
Stage	Push the data to staging area

AnalyticsViews

Name	Display name
Delete	Delete shared Analytics views
Edit	Edit shared Analytics views
Execute	Execute Analytics views
ManagePermissions	Manage
Read	View shared Analytics views

Boards

Name	Display name
ChangeMetadata	Change board metadata (name, columns, rows, settings, etc)
Create	Create a board
Delete	Delete the board
Manage	(blank)
MoveCard	Add, move or remove cards in the board
View	View the board

BoardsExternalIntegration

Name	Display name
Read	View boards external integrations
Write	Write boards external integrations

Collection

Name	Display name
CREATE_PROJECTS	Create new projects
DELETE_FIELD	Delete field from account
DIAGNOSTIC_TRACE	Alter trace settings
GENERIC_READ	View collection-level information
GENERIC_WRITE	Edit collection-level information
MANAGE_TEMPLATE	Manage process template
MANAGE_TEST_CONTROLLERS	Manage test controllers
SYNCHRONIZE_READ	View system synchronization information
TRIGGER_EVENT	Trigger events

CrossProjectWidgetView

Name	Display name
GenericRead	View instance-level information

DashboardsPrivileges

Name	Display name
Create	Create dashboard
Delete	Delete dashboard
Edit	Edit dashboard
ManagePermissions	ManagePermissions
MaterializeDashboards	Materialize Dashboards
Read	Read

DataProvider

Name	Display name
Read	View data provider entities

EventSubscriber

Name	Display name
GENERIC_READ	View
GENERIC_WRITE	Edit

EventSubscription

Name	Display name
CREATE_SOAP_SUBSCRIPTION	Create a SOAP subscription
GENERIC_READ	View
GENERIC_WRITE	Edit
UNSUBSCRIBE	Unsubscribe

Favorites

Name	Display name
GenericRead	View instance-level information
GenericWrite	Edit instance-level information

Graph

Name	Display name
ReadByPersonalIdentifier	Read by personal identifier
ReadByPublicIdentifier	Read by public identifier

Identity

Name	Display name
CreateScope	Create identity scopes
Delete	Delete identity information
ManageMembership	Manage group membership
Read	View identity information
RestoreScope	Restore identity scopes
Write	Edit identity information

IdentityPicker

Name	Display name
ReadBasic	Read basic Identity Picker properties
ReadRestricted	Read restricted Identity Picker properties

Job

Name	Display name
Queue	Queue background jobs
Read	View background job information
Update	Manage background jobs

Location

Name	Display name
Read	Read service definitions and/or access mappings.
Write	Write service definitions and/or access mappings.

Process

Name	Display name
AdministerProcessPermissions	Administer process permissions
Create	Create process
Delete	Delete process
Edit	Edit process
ReadProcessPermissions	View Process

Project

Name	Display name
ADMINISTER_BUILD	Administer a build
AGILETOOLS_BACKLOG	Agile backlog management.
BYPASS_PROPERTY_CACHE	Bypass project property cache
BYPASS_RULES	Bypass rules on work item updates
CHANGE_PROCESS	Change process of team project.
Delete	Delete team project
DELETE_TEST_RESULTS	Delete test runs
EDIT_BUILD_STATUS	Edit build quality
GENERIC_READ	View project-level information
GENERIC_WRITE	Edit project-level information
MANAGE_PROPERTIES	Manage project properties
MANAGE_SYSTEM_PROPERTIES	Manage system project properties
MANAGE_TEST_CONFIGURATIONS	Manage test configurations
MANAGE_TEST_ENVIRONMENTS	Manage test environments
PUBLISH_TEST_RESULTS	Create test runs
RENAME	Rename team project
START_BUILD	Start a build
SUPPRESS_NOTIFICATIONS	Suppress notifications for work item updates
UPDATE_BUILD	Write to build operational store
UPDATE_VISIBILITY	Update project visibility
VIEW_TEST_RESULTS	View test runs
WORK_ITEM_DELETE	Delete and restore work items
WORK_ITEM_MOVE	Move work items out of this project
WORK_ITEM_PERMANENTLY_DELETE	Permanently delete work items

ProjectAnalysisLanguageMetrics

Name	Display name
Read	View Project Analysis language metrics data
Write	Write Project Analysis language metrics data

Proxy

Name	Display name
Manage	Manage proxies
Read	Read proxies

Registry

Name	Display name
Read	Read registry entries
Write	Write registry entries

Security

Name	Display name
Read	Read

Server

Name	Display name
GenericRead	View instance-level information
GenericWrite	Edit instance-level information
Impersonate	Make requests on behalf of others
TriggerEvent	Trigger events

ServiceEndpoints

Name	Display name
Administer	Administer Endpoint
Create	Create Endpoint
View	View Endpoint
ViewAuthorization	View Authorization

ServiceHooks

Name	Display name
DeleteSubscriptions	Delete Subscriptions
EditSubscriptions	Edit Subscription
PublishEvents	Publish Events
ViewSubscriptions	View Subscriptions

ServicingOrchestration

Name	Display name
Cancel	Cancel Servicing Orchestration jobs
Queue	Queue Servicing Orchestration jobs
Read	View Servicing Orchestration information

SettingEntries

Name	Display name
Read	Retrieve setting entries
Write	Write setting entries

Social

Name	Display name
GenericRead	View instance-level information
GenericWrite	Edit instance-level information

StrongBox

Name	Display name
AddItem	Add Items to the StrongBox Drawer.
Administer	Administer StrongBox Permissions.
AdministerDrawer	Administer permissions for the StrongBox Drawer.
CreateDrawer	Create a StrongBox Drawer.
DeleteDrawer	Delete as StrongBox Drawer.
DeleteItem	Delete Items from the StrongBox Drawer.
GetItem	Retrieve Items from the StrongBox Drawer.

Tagging

Name	Display name
Create	Create tag definition
Delete	Delete tag definition
Enumerate	Enumerate tag definitions
Update	Update tag definition

TestManagement

Name	Display name
Read	Read TestManagement

UtilizationPermissions

Name	Display name
QueryUsageSummary	Query Others' Usage

ViewActivityPaneSecurity

Name	Display name
Read	View only entities

WebPlatform

Name	Display name
Read	View web platform entities

WorkItemsHub

Name	Display name
View	View work items hub

WorkItemTracking

Name	Display name
CrossProjectRead	Cross Project Read Of WorkItemTracking Resources
Read	Read WorkItemTracking
ReadHistoricalWorkItemResources	(blank)
ReadRules	Read rules only if permissions are avaliable
TrackWorkItemActivity	Track work item read and write for a user

WorkItemTrackingConfiguration

Name	Display name
Read	View work item tracking configuration

VersionControl

VersionControlItems

Name	Display name
AdminProjectRights	Manage permissions
Checkin	Check in
CheckinOther	Check in other users' changes
Label	Label
LabelOther	Administer labels
Lock	Lock
ManageBranch	Manage branch
Merge	Merge
PendChange	Pend a change in a server workspace
Read	Read
ReviseOther	Revise other users' changes
UndoOther	Undo other users' changes
UnlockOther	Unlock other users' changes

VersionControlItems2

Name	Display name
AdminProjectRights	Manage permissions
Checkin	Check in
CheckinOther	Check in other users' changes
Label	Label
LabelOther	Administer labels
Lock	Lock
ManageBranch	Manage branch
Merge	Merge
PendChange	Pend a change in a server workspace
Read	Read
ReviseOther	Revise other users' changes
UndoOther	Undo other users' changes
UnlockOther	Unlock other users' changes

VersionControlPrivileges

Name	Display name
AdminConfiguration	Administer source control configurations
AdminConnections	Administer source control connections
AdminShelvesets	Administer shelved changes
AdminWorkspaces	Administer workspaces
CreateWorkspace	Create a workspace

Workspaces

Name	Display name
Administer	Administer the workspace
Checkin	Check in changes to the workspace
Read	View workspace information
Use	Use the workspace

Git

Git Repositories

Name	Display name
Administer	Administer
CreateBranch	Create branch
CreateRepository	Create repository
CreateTag	Create tag
DeleteRepository	Delete repository
EditPolicies	Edit policies
ForcePush	Force push (rewrite history, delete branches and tags)
GenericContribute	Contribute
GenericRead	Read
ManageNote	Manage notes
ManagePermissions	Manage permissions
PolicyExempt	Bypass policies when pushing
PullRequestBypassPolicy	Bypass policies when completing pull requests
PullRequestContribute	Contribute to pull requests
RemoveOthersLocks	Remove others' locks
RenameRepository	Rename repository

WorkItem

Plan

Name	Display name
Delete	Delete
Edit	Edit
Manage	Manage
View	View

WorkItemQueryFolders

Name	Display name
Contribute	Contribute
Delete	Delete
FullControl	Full Control
ManagePermissions	Manage permissions
Read	Read
RecordQueryExecutionInfo	Record query execution information

WorkItemTrackingAdministration

Name	Display name
DestroyAttachments	Destroy attachments
ManagePermissions	Manage permissions

WorkItemTrackingProvision

Name	Display name
Administer	Administer
ManageLinkTypes	Manage work item link types

Build

Build

Name	Display name
AdministerBuildPermissions	Administer build permissions
DeleteBuildDefinition	Delete build definition
DeleteBuilds	Delete builds
DestroyBuilds	Destroy builds
EditBuildDefinition	Edit build definition
EditBuildQuality	Edit build quality
ManageBuildQualities	Manage build qualities
ManageBuildQueue	Manage build queue
OverrideBuildCheckInValidation	Override check-in validation by build
QueueBuilds	Queue builds
RetainIndefinitely	Retain indefinitely
StopBuilds	Stop builds
UpdateBuildInformation	Update build information
ViewBuildDefinition	View build definition
ViewBuilds	View builds

BuildAdministration

Name	Display name
AdministerBuildResourcePermissions	Administer build resource permissions
ManageBuildResources	Manage build resources
UseBuildResources	Use build resources
ViewBuildResources	View build resources

ReleaseManagement

ReleaseManagement

Name	Display name
AdministerReleasePermissions	Administer release permissions
CreateReleases	Create releases
DeleteReleaseDefinition	Delete release pipeline
DeleteReleaseEnvironment	Delete release stage
DeleteReleases	Delete releases
DeploymentSummaryAcrossProjects	Deployment summary across projects
EditReleaseDefinition	Edit release pipeline
EditReleaseEnvironment	Edit release stage
ExportReleaseDefinition	Export release definition
ManageDeployments	Manage deployments
ManageReleaseApprovers	Manage release approvers
ManageReleases	Manage releases
ManageReleaseSettings	Manage release settings
ManageTaskHubExtension	Manage TaskHub Extension
ViewCDWorkflowEditor	View CD work flow editor
ViewExternalArtifactCommitsAndWorkItems	View external artifact commits and work items
ViewLegacyUI	View legacy UI
ViewReleaseDefinition	View release pipeline
ViewReleases	View releases
ViewTaskEditor	View task editor

LabExecution

TeamLabSecurity

Name	Display name
Create	Create
Delete	Delete
DeleteLocation	DeleteLocation
Edit	Edit
ManageChildPermissions	ManageChildPermissions
ManageLocation	ManageLocation
ManagePermissions	ManagePermissions
ManageSnapshots	ManageSnapshots
ManageTestMachines	ManageTestMachines
Pause	Pause
Read	Read
Start	Start
Stop	Stop
Write	Write

Discussion

Discussion Threads

Name	Display name
Administer	Manage discussion permissions
GenericContribute	Contribute to discussions
GenericRead	View discussions
Moderate	Moderate discussions

DistributedTask

DistributedTask

Name	Display name
AdministerPermissions	Administer Permissions
Create	Create
Listen	Listen
Manage	Manage
Use	Use
View	View

Environment

Name	Display name
Administer	Administer Permissions
Create	Create
Manage	Manage
Use	Use
View	View

Library

Name	Display name
Administer	Administer library item
Create	Create library item
Use	Use library item
View	View library item
ViewSecrets	View library item secrets

MetaTask

Name	Display name
Administer	Administer task group permissions
Delete	Delete task group
Edit	Edit task group

Integration

CSS

Name	Display name
CREATE_CHILDREN	Create child nodes
Delete	Delete this node
GENERIC_READ	View permissions for this node
GENERIC_WRITE	Edit this node
MANAGE_TEST_PLANS	Manage test plans
MANAGE_TEST_SUITES	Manage test suites
WORK_ITEM_READ	View work items in this node
WORK_ITEM_WRITE	Edit work items in this node

Iteration

Name	Display name
CREATE_CHILDREN	Create child nodes
Delete	Delete this node
GENERIC_READ	View permissions for this node
GENERIC_WRITE	Edit this node

Chat

Chat

Name	Display name
AddRemoveChatRoomMember	Add/Remove Chat Room Member
CloseChatRoom	Close Chat Room
CreateChatRoom	Create Chat Room
DeleteChatRoom	Delete Chat Room
DeleteChatRoomMessage	Delete Chat Room Message
ManageChatPermissions	Manage Chat Permissions
ReadChatRoomMessage	Read Chat Room Message
ReadChatRoomMetadata	Read Chat Room Metadata
ReadChatRoomTranscript	Read Chat Room Transcript
UpdateChatRoomMessage	Update Chat Room Message
UpdateChatRoomMetadata	Update Chat Room Metadata
WriteChatRoomMessage	Write Chat Room Message