| title | Manage Permissions for Wikis, READMEs, and Collaboration Tools |
|---|---|
| titleSuffix | Azure DevOps |
| description | Learn how to set permissions to grant or secure access to wikis, README files, notifications, and other collaboration tools in Azure DevOps. |
| ms.subservice | azure-devops-wiki |
| ms.custom | wiki, devdivchpfy22 |
| ms.topic | concept-article |
| ms.author | chcomley |
| author | chcomley |
| ai-usage | ai-assisted |
| ms.date | 07/16/2025 |
| monikerRange | <=azure-devops |
[!INCLUDE version-lt-eq-azure-devops]
This article describes how to set and manage permissions for collaboration tools in Azure DevOps, including team project wikis, project README files, notifications, and feedback. These tools help teams collaborate effectively while maintaining appropriate security controls.
Wiki permissions are managed through the underlying Git repository security settings. By default, all members of the Contributors group have permission to read and edit wiki pages. Project Administrators can modify these permissions to control who can read, edit, or manage wiki content.
| Requirement | Description |
|---|---|
| Permissions | Project Administrator permissions or Manage permissions permission for the wiki repository |
| Project access | Access to the project where the wiki is located |
Wiki permissions are controlled through the underlying Git repository that stores the wiki content. There are two types of wikis in Azure DevOps:
- Project wiki (provisioned wiki): Stored in a dedicated Git repository (typically named
<ProjectName>.wiki) - Code wiki (published wiki): Based on files in an existing Git repository
Each type uses the same Git repository permission model but might have different repository locations.
The following table shows default permissions for collaboration tools including wikis, READMEs, notifications, and feedback:
| Task | Stakeholders | Readers | Contributors | Team Administrators | Organization owner/Project Administrator |
|---|---|---|---|---|---|
| Set personal notifications or alerts | ✔️ | ✔️ | ✔️ | ✔️ | |
| Set team notifications or alerts | ✔️ | ✔️ | |||
| Set project-level notifications or alerts | ✔️ | ||||
| READMEs | See Note 1 | ✔️ | ✔️ | ✔️ | ✔️ |
| View project wikis | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| View code wikis | ✔️ | ✔️ | ✔️ | ✔️ | |
| Provision or create a wiki | ✔️ | ||||
| Publish code as wiki | ✔️ | See Note 2 | See Note 2 | ||
| View the project page | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Edit the project page | ✔️ | ||||
| Navigate using the project pages | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Request feedback | ✔️ | ✔️ | ✔️ | ✔️ | |
| Provide feedback | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Powerful code search | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Powerful work tracking search | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Notes:
- Stakeholders can view project READMEs, but not READMEs defined for a repository.
- Project Administrators or Team Administrators with contribute permission can publish code as wiki. Project Administrators have this permission by default.
Project wikis (provisioned wikis) are stored in a dedicated Git repository. You can manage permissions for these wikis through the repository security settings.
-
Sign in to your organization (
https://dev.azure.com/{organization}) and go to your project. -
Select Project settings.
-
Under Repos, select Repositories.
-
Select the wiki repository. A project wiki is typically named
{ProjectName}.wiki. -
Select the Security tab.
-
Review the current permissions for users and groups. The permissions list shows:
- Users and groups: Individual users, Azure DevOps groups, and Microsoft Entra ID groups
- Permission levels: Explicit permissions like Allow, Deny, or inherited permissions
- Permission types: Read, Contribute, Force push, Manage permissions, etc.
The following repository permissions control wiki access:
| Permission | Description | Wiki access |
|---|---|---|
| Read | View repository content | View wiki pages and history |
| Contribute | Read, create, and modify content | Create and edit wiki pages |
| Force push | Rewrite repository history | Force push wiki changes (advanced) |
| Manage permissions | Change repository security | Modify who can access the wiki |
| Create branch | Create new branches | Create wiki branches (advanced) |
Tip
For most wiki scenarios, you only need to manage Read and Contribute permissions. Users with Contribute permission can create, edit, and delete wiki pages.
-
In the wiki repository Security tab, select Add (the plus icon) in the users/groups section.
-
Search for and select:
- Individual users by email address or display name
- Azure DevOps groups (for example, Contributors, Readers)
- Microsoft Entra ID groups if your organization is connected to Microsoft Entra ID
-
After adding the user or group, set their permissions:
- Set Read to Allow for view-only access
- Set Contribute to Allow for edit access
- Set permissions to Deny to explicitly block access
-
Select Save changes.
-
In the Security tab, find the user or group you want to modify.
-
Select the permission level (Allow, Deny, or Not set) to change it:
- Allow: Grants the permission explicitly
- Deny: Blocks the permission explicitly (overrides inherited permissions)
- Not set: Uses inherited permissions from parent groups
-
Changes are saved automatically.
-
In the Security tab, find the user or group you want to remove.
-
Select the user or group, then select Remove (trash icon).
-
Confirm the removal when prompted.
Note
Removing a user from repository permissions doesn't remove them from the project. It only removes their explicit permissions for this specific wiki repository.
Code wikis are based on files in an existing Git repository. Permissions for code wikis are managed through the source repository settings.
-
Go to Repos > Files in your project.
-
Select the repository that contains your published wiki content.
-
Select Settings > Security tab.
-
Manage permissions using the same process as project wikis, focusing on:
- Read: View wiki content
- Contribute: Edit wiki files
To give a user view-only access to the wiki:
- Add the user to the wiki repository security.
- Set Read to Allow.
- Ensure Contribute is Not set or Deny.
To give a user edit access to the wiki:
- Add the user to the wiki repository security.
- Set Read to Allow.
- Set Contribute to Allow.
To give a user full control over the wiki:
- Add the user to the wiki repository security.
- Set Read, Contribute, and Manage permissions to Allow.
To prevent a user from accessing the wiki:
-
Find the user in the wiki repository security.
-
Set Read to Deny.
The user's access is blocked even if they have permissions through group membership.
- Use groups instead of individual permissions: Add users to appropriate Azure DevOps groups (Contributors, Readers) rather than granting individual permissions.
- Follow principle of least privilege: Grant only the minimum permissions needed for users to complete their work.
- Regular permission reviews: Periodically review who has access to your wikis and remove unnecessary permissions.
- Use Microsoft Entra ID groups: If your organization uses Microsoft Entra ID, use Microsoft Entra ID groups for easier user management.
- Users inherit permissions from groups they belong to.
- Deny permissions override Allow permissions.
- Explicit permissions override inherited permissions.
- Project-level permissions don't automatically grant repository-level permissions.
Problem: User can't edit wiki pages
Solution:
- Verify the user has Contribute permission on the wiki repository
- Check if there are any Deny permissions blocking access
- Ensure the user has at least Basic access level in the project
Problem: User can't see the wiki
Solution:
- Verify the user has Read permission on the wiki repository
- Check if the wiki exists and is properly configured
- Ensure the user has project access
Problem: Changes to permissions don't take effect
Solution:
- Wait a few minutes for permissions to propagate
- Ask the user to refresh their browser or sign out and back in
- Verify permissions were saved correctly
Users with Stakeholder access have different wiki permissions depending on project visibility.
Project wikis (provisioned):
- Read access: Stakeholders can read wiki pages and view revisions
- Edit access: Stakeholders can't create, edit, reorder, or revert wiki pages
- Permissions: These limitations can't be changed through repository permissions
Code wikis (published):
- No access: Stakeholders can't read or edit published code wikis in private projects
Stakeholders have full read and write access to all wiki types in public projects.
For more information, see Stakeholder access quick reference.
Important
Wiki permissions apply to the entire wiki repository. You can't set permissions for individual wiki pages.
README files in repositories follow the same permission model as the repository they're contained in:
- Go to Repos > Files.
- Select the repository containing the README.
- Select Settings > Security.
- Manage permissions using the repository security settings.
Users need Read permission to view README files and Contribute permission to edit them.
Note
Stakeholders can view project READMEs but can't access READMEs defined for specific repositories in private projects.
To manage notifications and alerts:
- Personal notifications: See Manage personal notifications
- Team notifications: See Manage team notifications
Note
There are no UI permissions associated with managing notifications. Instead, you can manage them using the TFSSecurity command line tool.
For managing feedback permissions, see Set feedback permissions.