| title | About pipeline security roles |
|---|---|
| titleSuffix | Azure DevOps |
| description | Discover how security roles are utilized to manage specific pipeline permissions effectively. |
| ms.subservice | azure-devops-security |
| ms.author | chcomley |
| author | chcomley |
| ms.topic | conceptual |
| monikerRange | <= azure-devops |
| ai-usage | ai-assisted |
| ms.date | 08/21/2024 |
[!INCLUDE version-lt-eq-azure-devops]
Security for build and release pipelines, and task groups, is managed using task-based permissions. Several pipeline resources use role-based permissions, which can be assigned to users or groups. Each role defines the operations a user can perform.
Role-based permissions apply to all resources of a specific type within a project, organization, or collection. Individual resources inherit permissions from project-level settings, but you can turn off inheritance for specific artifacts if needed.
By default, all project contributors are members of the User role for each hosted queue. This role allows them to author and run build and release pipelines using hosted queues.
You can add users to security roles from the project-level admin context on the Agent Pools page. For information on adding and managing agent pools, see Agent pools.
[!INCLUDE temp]
Add users to the following security roles from the Organization settings > Agent Pools page. For information on adding and managing agent pools, see Agent pools.
[!INCLUDE temp]
Add users to the following roles from the Pipelines or Build and Release page. For information on adding and managing deployment groups, see Deployment groups.
[!INCLUDE temp]
Add users to the following roles from the Deployment Pools page. For information on creating and managing deployment pools, see Deployment groups.
[!INCLUDE temp]
Add users to a library role from Pipelines or Build and Release. For more information about using these library assets, see Variable groups and Secure files.
[!INCLUDE temp]
Add users to the following roles from the Services page. For information about creating and managing these resources, see Service connections for build and release.
[!INCLUDE temp]