Azure DevOps Service 2019 & Azure DevOps Server 2019 (edit)
https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops
- Stakeholder: Provides partial access, can be assigned to unlimited users for free. Assign to users with no license or subscriptions who need access to a limited set of features.
- Basic: Provides access to most features. Assign to users with a Visual Studio Professional subscription, an Azure DevOps Server CAL, and to users for whom you're paying for Basic access in an organization.
Default permissions and access for Azure DevOps
To use Azure DevOps features, users must be added to a security group with the appropriate permissions and granted access to the web portal. Limitations to select features are based on the access level and security group to which a user is assigned. The Basic access level and higher supports full access to all Azure Boards features. Stakeholder access level provides partial support to select features, allowing users to view and modify work items, but not use all features. Stakeholder access is available to support free access to a limited set of features by an unlimited set of stakeholders.
The most common built-in security groups—Readers, Contributors, and Project Administrators— and team administrator role grant permissions to specific features.
In general, use the following guidance when assign users to an access level and security group:
- Grant Basic access or higher and add to the Contributors security group full-time workers who contribute to the code base or manage projects.
- Grant Stakeholder access and add to the Contributors security group managers or users who don't actively contribute to the code base but want to check project status and provide direction, feedback, feature ideas, and business alignment to a team.
- Grant Stakeholder access and add to the Project Administrators security group users tasked with managing project resources. If they also need to contribute to the code base, then you must assign them Basic or higher-level access.
- Grant Stakeholder access and add to the Project Collection Administrators security group users tasked with managing organization or collection resources. If they also need to contribute to the code base, then you must assign them Basic or higher-level access.
Security in Azure DevOps (formerly called VSTS)
https://www.dotnetcurry.com/devops/1496/azure-devops-security
Azure DevOps organization once created is free forever up to 5 (Basic) users. The users can be with various Access Levels - Basic, Stakeholders and Visual Studio Subscription.
Figure 7: Access Levels in Azure DevOps
Stakeholder: it is similar to read-only view for Azure DevOps. We can add as many users with this access as required (no restriction to number of users). The users can view the project status, but cannot contribute to code. They can provide feedback for the project
Basic: these users can contribute to code and manage projects
Visual Studio Subscription: the users who already have Visual Studio subscription for Professional, Test Professional or Enterprise. These will get access as per their subscription.
