Managing Permissions in Azure Test Plans

This document outlines how to manage and understand permissions within Azure Test Plans, a key component of Azure DevOps for test case management, execution, and reporting.

Understanding Permission Levels

Permissions in Azure Test Plans are granular and can be managed at various levels, including Project, Team, Test Suite, and Test Plan. This allows for precise control over who can view, create, edit, delete, or execute tests.

Project Level Permissions

Project-level permissions are the broadest and affect all Test Plans and Test Suites within the project. These are typically managed by Project Administrators.

• Contributor: Can create and manage test plans and suites, execute tests.
• Reader: Can view test plans, suites, and results. Cannot make changes.
• Stakeholder: Limited access, typically for viewing dashboards and reports.

Team Level Permissions

Permissions can also be scoped to specific teams within a project. This is useful for organizations with multiple independent testing teams.

Test Plan and Test Suite Level Permissions

For more granular control, you can set permissions directly on individual Test Plans or Test Suites. This is often used for restricting access to sensitive or specific test suites.

Common Permission Scenarios

Granting Execution Rights

To allow a user or group to execute tests:

1. Navigate to the Test Plan or Suite.
2. Access the security settings (often found in the ellipsis menu or settings tab).
3. Add the user or group and grant them the "Execute tests" permission.

Restricting Editing Rights

To prevent users from modifying existing test plans or suites:

1. Locate the Test Plan or Suite.
2. Go to its security settings.
3. Ensure the user/group does not have "Edit plan" or "Edit suite" permissions. You might grant them "View" or "Execute" permissions instead.

Permission Matrix

The following table provides a general overview of common permissions and their impact. Note that exact wording and availability may vary slightly with Azure DevOps updates.

Permission Name	Description	Typical User Roles
View test plans	Allows viewing of test plans and their associated suites and test cases.	Developers, Testers, Stakeholders
Edit plan	Allows creation, editing, and deletion of Test Plans.	Test Managers, Project Administrators
Edit suite	Allows creation, editing, and deletion of Test Suites within a Test Plan.	Test Managers, Lead Testers
Execute tests	Allows users to run test cases and record results.	Testers, Developers
Manage test configurations	Allows modification of test configurations used for test runs.	Test Managers, Project Administrators
Manage test environments	Allows configuration and management of test environments.	Test Managers, Project Administrators
View test results	Allows viewing of historical test results and reports.	Developers, Testers, Managers, Stakeholders
Manage runs	Allows control over test runs, including cancellation and renaming.	Test Managers

Best Practices

• Principle of Least Privilege: Grant only the permissions necessary for a user or group to perform their role.
• Use Groups: Manage permissions through Azure AD groups or Azure DevOps security groups for easier administration.
• Regular Audits: Periodically review permissions to ensure they are still appropriate and remove access for users who no longer require it.
• Document Customizations: If you implement complex permission schemes, document them clearly for future reference.

Accessing Permissions Settings

Permissions for Test Plans and Test Suites are typically accessed via the Azure DevOps portal:

1. Navigate to your Azure DevOps project.
2. Go to Boards > Test Plans.
3. Select the Test Plan or Test Suite you wish to manage.
4. Look for a Security tab or an ellipsis (...) menu that provides access to security settings.

Project-level permissions can often be managed under Project Settings > Permissions.