Git permissions prior to TFS 2017 Update 1

Last Update: 3/6/2017

In TFS 2017 Update 1 (and VSTS), Git repository permissions have changed. For those customers using previous versions of TFS, here are the old permissions. Those using TFS 2017 Update 1 or VSTS should see the latest list of permissions.

These permissions appear only for a team project including a Git repository.

Set permissions across all Git repositories by making changes to the top-level Git repositories entry.

Individual repositories inherit permissions from the top-level Git Repositories entry.

Branches inherit permissions from assignments made at the repository level.

By default, the team project level and collection level Readers groups have only Read permissions.

Permission Description
Administer Can rename and delete the repository. If assigned to the top-level Git repositories entry, can add additional repositories.

At the branch level, users can set permissions for the branch and unlock the branch.
TFS 2013, TFS 2015: The Administer permission set on a individual Git repository does not grant the ability to rename or delete the repository. These tasks require Administer permissions at the top-level Git repositories entry.
Branch Creation Can create and publish branches in the repository.
Lack of this permission does not limit users from creating branches in their local repository; it merely prevents them from publishing local branches to the server.
When a user creates a new branch on the server, they have Administer, Contribute, and Force permissions for that branch by default.
Contribute At the repository level, can push their changes to branches in the repository. Does not override restrictions in place from branch policies.

At the branch level, can push their changes to the branch and lock the branch.
Note Management Can push and edit Git notes to the repository. They can also remove notes from items if they have the Force permission. See this topic for more details on notes.
Read Can clone, fetch, pull, and explore the contents of the repository.
Rewrite and destroy history (force push) Can force an update to a branch and delete a branch. A force update can overwrite commits added from any user.

Users with this permission can modify the commit history of a branch.
Tag Creation Can push tags to the repository, and can also edit or remove tags if they have the Force permission.