Azure-devops-docs: What is the difference between the Administrator, User, and Reader roles?

@Slooz Thank you for the question.

Roles are often ambiguous and can be defined differently depending on the task.

Please refer to deployment pool security roles and include additional questions below.

So if somebody manually triggers a deployment job, will the job only succeed if that person is a User or Administrator? Will the deployment job fail if the person that manually triggered it was a Reader?

Also, I opened this Issue specifically against the Environments documentation. I'm specifically asking about the Roles that you assign in the Security page for Environments. I don't think this is ambiguous. As far as I know, Environments are only used for one task, which is for deployment jobs.

This is different from the deployment pool security roles. There should be a separate section for environment security roles.

I'm specifically talking about the roles on this page:
https://dev.azure.com/{organization}/{project}/_environments/{environment}/security

• Administrator can administer permissions, manage, view and use an environment
• User can view the environment and use it in a pipeline.
• Reader can only view the environment.

The roles have no bearing on whether who is triggering the pipeline but during authoring whether they can consume the environment or not.

Thank you.

So to make sure I understand correctly, the difference between a User and a Reader is that a User can create a pipeline that uses the environment, while a Reader cannot create a pipeline that uses the environment?

User can create the pipeline that references an environment. It will prompt for authorization so that the pipeline can deploy to the environment. Once authorized, the reader can trigger the pipeline as well.