Because we provide such an incredible amount of control when it comes to security in Visual Studio Team Services, it can sometimes be difficult to know which groups a user should be in. Security in Visual Studio Team Services is everywhere: at the account level, project level, in version control, agent pool, and agent queue level. You can even set security on an individual iteration or area. But there are times you just need to give someone permissions everywhere. I will never condone giving a user more rights than they need. However, when you hire an administrator for your account they do need permissions everywhere. The only person by default that has every permission is the owner of the account. There can only be one owner so how can I grant someone else all the permissions? You add them to the Team Foundation Administrators group. This is easier said than done. You can search all the areas I mentioned above and many others and you will only find the Team Foundation Administrators group as a member of other groups. So how do you add someone to this group?
First you need to find a group that Team Foundation Administrators is a member of, such as Project Collection Administrators.
- Log into your Visual Studio Team Services account
Stay at the account level. Do not browse to a project.
- Click the Manage Account gear icon in the upper right-hand corner
If the tool tip for the gear reads Manage Project, you are at the wrong level. Click Team Services in the upper left-hand corner to return to the account level.
- Click the Security tab
- Select Project Collection Administrators
- Click the Members link
Team Foundation Administrators should be listed.
Now that we have located the Team Foundation Administrators group, we can add members to it.
- Double-click Team Foundation Administrators
- Click Add…
- Search for a user or group
- Click Save Changes
The user or group you add will have permissions to do everything in your account.