Personal Access Token Permissions and User Roles for Azure DevOps

Updated

On this page

Certain personal access token permissions and user roles are required to perform backups and restores for Azure DevOps.

Backups

Context

Personal access token permissions

User roles (member of the organization)

All contexts

Read permissions at the Code scope level

User must have the Project Readers role at the Project level

Restores

Context

Personal access token permissions

User roles (member of the organization)

If the destination project does not exist

  • Read, Write, and Manage permissions at the Project and Team scope level

  • Read, Write, and Manage permissions at the Code scope level

  • User must have the Create New Projects permissions enabled

  • User will be set as the Project Administrator for the project created by the restore operation.

If the destination project exists, but the repository does not exist

Read, Write, and Manage permissions at the Code scope level

User must have the Project Administrator role for the destination project

If the destination project and repository exists

Read and Write permissions at the Code scope level

User must have the Project Contributor role for the destination project