I am very new to managing Azure DevOps. I have two, what are for me related, questions.
When I create a team within a project - either the first default team or a later added team - what determines the users that are available for me to add to the team?
Within a single project, can I create a team that can see its own area path/board work items, but is not able to see the area paths/boards of other teams in the project? I have an outside firm working on the project and I want them to be able to see the work I assign to them, but not all the rest of the work assigned to internal members of the team. Can I do that within a single Azure DevOps project?
When creating a team, you specify the default level of access (I believe it's normally "Contributor").
Work item access can be limited based on area path.
Keep in mind that Azure DevOps permissions have an order of precedence:
"Allow" means "Allow unless explicitly denied"
"Not set" means "Deny unless explicitly allowed"
"Deny" means "Always deny"
So if you have a user in both Team A and Team B, and you set Team B to have a "Deny" permission for something, that means that the user who is a member of both teams will not be able to access it.
Related
My team is implementing Azure DevOps 2019 server on prem. There is a requirement to give all valid users permission to create shared queries in all projects. Is it possible to set permissions for shared queries at the collection level?
The permissions for shared queries are managed within the queries itself, and whilst the default permissions allow for the built in Project Administrators (and Project Collection Administrators) group to contribute shared queries, you probably don't want to move everyone into one of those groups.
Instead, you would have to go into each team project, go to the queries, and edit the security on the root:
]
You can then grant permissions by group (built in or custom):
(So above, I've changed the built in "contributors" group to allow them to Contribute to queries, which allows them to create new)
Depending on how many team projects you have or create, will depend how manageable the is as a workaround, but it is safer than making everyone an admin đ
Query is a project-level function, so if you want to access Shared Queries in Peoject B from Peoject A, it may not be possible.
To access Shared Queries, you need to be a member of the team that has permission to access the query, but the team is limited to the project, so shared queries cannot cross projects.
If you really want to share queries between projects, you can make a feature request here:
Developer Community
I use Azure DevOps to track work items and bugs for a project. I'd like to grant certain people external to the project a read-only view of work items that are related to them (eg. tagged Person X), but without having to grant them access to DevOps. I have been toying with the idea of setting up a flow in Power Apps to continuously update a shared excel spreadsheet based on work items in DevOps, but I fear I might be missing easier/better options. How would you provide a limited read-only view of a backlog to externals?
I'd like to grant certain people external to the project a read-only
view of work items that are related to them (eg. tagged Person X), but
without having to grant them access to DevOps.
For this issue , I am afraid that this is unachievable in azure devops. At present, there is no such permission setting in azure devops to restrict external people can only read work items with specified tag.
You could add your request for this feature on our UserVoice site , which is our main forum for product suggestions.After suggest raised, you can vote and add your comments for this feedback. The product team would provide the updates if they view it. Thank you for helping us build a better Azure DevOps.
My distributed team works in two different subscriptions, lets call them
sub1.visualstudio.com and sub2.visualstudio.com. It's not practical to add them as a team in our company account, as suggested here: Can I link a pull request to a work item in a different VSTS account?
Our repo is in sub1.visualstudio.com, but the other team keeps its work items in sub2.visualstudio.com
How can I associate a work item in sub2.visualstudio.com with my PR's in sub1.visualstudio.com?
Alternatively, Is there any way to mirror work items between two subscriptions with some kind of bot connector or something?
afaik, it is not possible to connect PR from one subscription to a WI in another. The only way to link them would be by adding an external hyperlink.
The are a few options to replicate your workitems. For example, one would be to use a Logic App in Azure which will be triggered automatically on update/create etc... The other way would be to use, for example azure-devops-migration-tools and create a schedule.
We currently have an Azure organisation, containing several projects and related boards etc, linked to a specific Azure Active directory and tenant id.
Does anyone know if there is a way I can move the organisation and all child objects to a new tenancy/Azure Active directory?
We need to do this as we wish to decommission the original active directory.
I've googled for solutions and can see that other people were waiting for Microsoft to provide a solution.
I've done the same using the following instructions: https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/change-azure-ad-connection?view=azure-devops
Trick here is not to use a Work or School Account.
Our team is currently using DevOps and are very pleased with how everything is working. We've setup Dashboards in each project that tracks work items and sprints and would like to do the same at the Organization Level. Is there a way to create a master overview of multiple projects in an organization?
Unfortunately we cannot create an organization level dashboard, it's not supported.
We can only create the Team Project level dashboards for teams, please see Add and manage dashboards for details.
However there's already a user voice submitted here to suggest the feature and it's in planned, but based on the response seems no plans to store a dashboard on organization overview. So you can vote it up and add your comments on the existing user voice or submit a new one to suggest the feature...
In our VSTS Feature
Timeline(https://learn.microsoft.com/en-us/vsts/release-notes/), you
see a feature called âDashboards â Create dashboard separate from a
teamâ under âReportingâ
This feature will allow you to create a Dashboard that has no
association with the team. This means you donât need to create a team,
to make a Dashboard. You can create any number of these Dashboards and
share them with who you want.
However, Dashboards will still be stored with a Team Project. So to
address your scenario (cross-team-project Dashboard), youâll just have
to pick a team project to store the dashboard.
We donât have immediate plans to store a dashboard outside a team
project.
Our team was dealing with the same problem as yours, and we decided to develop our own dashboard solution at the end.
After using it as an internal tool for several months, we recently made it available as a SaaS.
You may check it out on meercode.io for more information.
Your feedback will be greatly appreciated.
Behind the dashboard widgets are queries, and it is possible to execute those queries across multiple projects.
When you open the query editor, there is a checkbox:
"Query across projects" checkbox (imgur)
This way we created a project in Devops that only contains a dashboard that shows all work items in any project, assigned to or followed by the current user.
That and some nifty colored tiles =)