Forbidden(403) response when attempting to upload new task version in TFS 2017

[zannett]

While attempting to upload a new version of an existing task to an on-premise installation of TFS 2017 (Version 15.117.27414.0), I receive the following error:

error: Error: Failed Request: Forbidden(403) - You cannot install this extension because it includes a build task, and you do not have sufficient permissions. To proceed, you must be an administrator of All Pools. For more information, see https://go.microsoft.com/fwlink/?linkid=848939.

I have verified that I am listed as an administrator for All Pools.

Any additional suggestions?

[zannett]

The only way I was able to get around the issue was to have my TFS admin add me to the 'Project Collection Administrators' group. That being said, I don't believe that should be necessary to upload a new task or make updates to existing tasks based on the provided documentation.

[Larsjep]

We have the same problem. It works if the users are in 'Project Collection Administrators' but we would rather not have to give these permissions to users working with build tasks.

[divetta]

I have the same problem here and I have the same concern that @Larsjep !

[joshjohanning]

​+1 - I'm running into a situation where the user was a project collection admin and receiving the same error message: You cannot install this extension because it includes a build task, and you do not have sufficient permissions. To proceed, you must be an administrator of All Pools.

The resolution, in my case, was to grant the user a Basic license. They were only a stakeholder before. Perhaps something could be added to the error message to capture this.

[tfabraham]

I tried many combinations of things suggested here and elsewhere, but didn't want to put my release service account in Project Collection Administrators. All attempts failed.

What worked was adding the release service account to the 'Project Collection Build Service Accounts' group. It is not an 'All Pools' or 'Project Collection' admin.