How to forcefully take over a repo in Azure Devops - azure-devops

I'm in a very frustrating situation where we are trying to clean out a large amount of data in a TFVC repo on an Azure Devops Server installation. I am a domain admin, I am the SQL server admin, and an admin anywhere I can find throughout Devops.
Yet, I had multiple issues trying to delete the top level folders out of the repo due to needing Read or Commit permissions. So, I managed to navigate through all the different levels of folders and identify a few folders/files where inheritance was turned off and I didn't have permission, so I added myself, and voila was able to delete the folder/file.
However, I have one folder left that refuses to let me delete it. It tells me I need Commit permissions on the folder. There are no other folders/files under this folder that are visible.
I've searched high and low for anything that would let me "take ownership" or some how override these permissions that are possibly buried under this folder somewhere. I suspect maybe there is a deny or broken inheritance under this folder that prevents me from even seeing the data.
Is there anyway to gain access to this and delete this folder?

Related

Which GitHub Fine grained access permissions are needed to upload a release to a different repository?

I'm managing a GitHub organisation, with multiple repositories running actions on release tags that generate a release for the repo.
I've started modifying the actions to upload the releases to a common Release repo to keep them all in one place, with the ncipollo/release-action github action, using a Basic token with the "repo" permission to upload.
I like to start using fine grained permissions instead but haven't been able to figure out the permissions needed. Have tried with:
Read access to metadata
Read and Write access to deployments
but that fails.
Anyone know the correct permissions to use? Thanks.
nb. All repositories are private
Tried using the "Read and Write access to deployments" permission, but the upload fails.
And of course, I sorted out the issue shortly after posting...
The correct permission to use is "Contents" which covers "Repository contents, commits, branches, downloads, releases, and merges."

Is there a way to verify contents of jenkins files across all of an organizations repos...aside from going one by one and manually checking them?

Is there a way to verify contents of jenkins files across all of an organizations repos...aside from going one by one and manually checking them?
I have not found a way to do this automatically yet.

How to make a GitHub App ask for permissions per installation?

I have written a GitHub app that requests permissions for all repository contents.
The app basically reads a spec file that I created in order to do some custom logic.
The spec file can be located in any folder that the installer wants and therefore I ask for the elevated permissions.
For security reasons, I need the Github App to only have permissions to the specific file and not the entire repository contents.
Let's say I have 2 installations:
Installation one will request permissions just to some/path/to/folder/service.yml
Installation two will request permissions just to service.yml
I couldn't find any way to do so, not in the api of the installer, and not at the GitHub app level.
I thought about some workarounds using symlinks but it does not satisfy the requirement.

CI/CD Pipeline Azure Devops - removed folder permissons

Every time I publish my project my folder permissons get removed. My project requires IIS APPPOOL\appPoolName and IUSR to have specific access right to specific folders.
Whats the best way to apply the folder permissons after the artifact has been published?
Not sure if totally get your point. You can use location elements in the web.config file, there is a lot of information on the web about that - this gives you a start: HOW TO: Control Authorization Permissions in an ASP.NET Application
Besides, for folder NTFS permissions here rather than web security permissions. You could also add a custom target to Visual Studio's web publishing pipeline. For detail ways please take a look at what Sayed Ibrahim Hashimi does here.

How to manage workspaces of the entire team in Visual Studio Team Services Online?

We have this VSTS online account, and we want to see a list of all mapped workspaces of all users in one place.
We know that we can go to each developer's PC and use tf.exe workspaces to get the list of workspaces on that machine.
But we need to do it without going to each developer's PC. The reason we need this is that we suspect some team members use their credentials and map a workspace on a machine outside our company's environment, without our permission.
Is there a way to see all mapped workspaces in one central place?
The easiest way is to use something like Attrice TFS Sidekicks. It should work with VSTS, even if it doesn't say it does.
However, the more permanent solution is to set up conditional access in your Azure AD. That allows you to add restrictions so that your users cannot log in from outside your network.
(I know it's an old post, but researching for my own purposes...)
Extrapolating off of how to remove TFS workspace mapping for another user
The following worked for me:
>tf.exe workspaces /collection:https://contoso.visualstudio.com/ /owner:*