> Commvault Cloud > DevOps Solutions > Azure DevOps > Configuring Backups > Using Hosted Infra

Personal Access Token Permissions and User Roles for Azure DevOps

You need personal access token (PAT) permissions and the necessary user roles to perform backups and restores for Azure DevOps.

User Roles

Context/Service

Operation

User roles (member of the organization)

All contexts

Backup
  • User must have the Project Readers role at the Project level

Artifacts

Backup
  • User must have the Project Contributor role or any other relevant role associated with the project level feed being backed up

If the destination project does not exist

Restore

  • User must have the Create New Projects permissions enabled

  • User will be set as the Project Administrator for the project created by the restore operation.

If the destination project exists, but the repository does not exist

Restore
  • User must have the Project Administrator role for the destination project

If the destination project and repository exists

Restore
  • User must have the Project Contributor role for the destination project

PAT Permissions

Service

Operation

Personal access token permissions

Minimal PAT permissions regardless of service selected

Backup
  • Read permissions at the Code scope

Restore

  • Read, Write, and Manage permissions at the Project and Team scope

  • Read, Write, and Manage permissions at the Code scope

Project Metadata

Backup

  • Read permission at the Work Items scope to fetch project process ID

  • Read permission at the Team Dashboard scope to fetch project dashboards

  • Read and Write permissions at the Wikis scope to fetch project wikis

  • Read permission at the Graph scope

Mandatory permissions, except if the backup contains only the Repos service.

Restore

  • Read, Write, and Manage permissions at the work items scope for project process ID

  • Read and Manage permissions at the work items scope for project dashboards

  • Read and Write permissions at the Wikis scope for project wikis

  • Read and Manage permissions at the Team Dashboard scope

  • Read and Manage permissions at the Graph scope

    Mandatory permissions, except if the backup contains only the Repos service.

Boards

Backup
  • Read permission at the Work Items scope

Restore
  • Read, Write, and Manage permissions at the work items scope

Pipelines

Backup

  • Read permission at the Variable Groups scope

  • Read permission at the Task Groups scope

  • Read and Manage permissions at the Deployment Groups scope

  • Read permission at the Release scope

  • Read and Manage permissions at the Environment scope

Restore

  • Read, Create, and Manage permissions at the Variable Groups scope

  • Read, Create, and Manage permissions at the Task Groups scope

  • Read and Manage permissions at the Deployment Groups scope

  • Read, Write, Execute, and Manage permissions at the Release scope

  • Read and Manage permissions at the Environment scope

Repos

Backup
  • Read permission at the Code scope

Restore

  • Read, Write, and Manage permissions at the Project and Team scope

  • Read, Write, and Manage permissions at the Code scope

Test Plans

Backup
  • Read permission at the Test Management scope

Restore
  • Read and Write permissions at the Test Management scope

Artifacts

Backup
  • Read permission at the Packaging scope

Restore
  • Read, write, and manage permissions at the Packaging scope

Loading...