Similar to Github Cloud is there a way in Azure Devops to create internal repos wherein multiple users can have access to some repos which have certain documents without adding them as users or groups to such repos? If we make RepoA as internal it should be available to all users under an org without specifically adding them.
In Azure DevOps, for public projects, any user can get access your public project and check Git repo without signing in or added as a user in your org. You can also refer to this doc: Make your private project public - Azure DevOps Services Public Project | Microsoft Learn .
If for private projects in Azure DevOps, firstly, users must be granted access to the specified private project also as Basic access level in your org via navigating to Organization Settings -> Users -> Select the specified user -> Manage user to set users' access level.
Users be with Stakeholder access level, they will not be able to use Azure Repos for your private project.
Otherwise, to set permissions for a specific repository or some specific users, navigating to Project Settings -> Repositories -> Security to manage the permissions.
You can also refer to: About access levels - Azure DevOps | Microsoft Learn and Set Git repository permissions - Azure Repos | Microsoft Learn
Related
Need help on to find out Who added the users to Azure DevOps Organizations and who Provided the licensing (Basic or Basic+Testplan) to the users.
can some help how to find it?
I'm able to get the list of Azure DevOps users and Licensing what they have. But not able to find who added them to Organization and Who provided Basic licensing.
To add users to Azure DevOps organization, you must be a member of the Project Collection Administrators or Project Administrators group for the organization that you want to invite external users to. Refer to this doc.
For DevOps organization backed to an Azure Active Directory, you could check the auditing log in Organization Settings -> Auditing
Here is the Auditing events list available in Azure DevOps.
I followed the guide here https://docs.github.com/en/free-pro-team#latest/actions/learn-github-actions/sharing-workflows-with-your-organization.
I successfully created a GitHub Organization shared workflow and can access this shared workflow if I create a public repo under the organization or my account (I am a member of the organization).
However, if I create a private repo I do not see the shared workflow. I am using the free-tier for my membership account and organization, so I'm not sure if that is the issue. There was no documentation stating that was a requirement.
Only possible in GitHub Enterprise plan organizations:
to use templates to create workflows in private repositories, the organization must be part of an enterprise plan.
GitHub documentation
You can also create workflow templates in the .github repository and
share them with other users in your organization.
https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
You can also create workflow templates in the .github repository and
share them with other users in your organization.
We have a hosted GitHub Enterprise (GHE) account which needs to integrate with Azure Pipelines. I have installed the Azure Pipelines app from the GitHub Marketplace for our GHE account. The installation of the Azure Pipelines app asks to select an Azure DevOps project and GHE repo to setup the integration. This results in one pipeline being connected to a GHE repo.
But my question is, how to we setup other pipelines within Azure DevOps to use repos in GHE?
Nowhere in the Azure Pipelines interface can I find an option to select a GHE repo. Only public GitHub and GitHub Enterprise (on-prem) server repos. It seems that only the Azure Pipelines app setup wizard allows you to configure a pipeline with a GHE.
I can't imagine that we would have to initiate the setup wizard of the Azure Pipelines app every time we want to connect a pipeline to a GHE repo. That wouldn't even be possible, because most coworkers won't have the permissions to do that. What am I missing?
Remark: I realize that we could create a service connection in Azure DevOps using on a Personal Access Token or username+password. But that's tied to someone's personal account. If that person would leave, the connection is broken. Unless you create a service/dummy account, which doesn't seem very elegant.
If you use GitHub Enterprise, then you can integrate with Azure AD. Then based on group membership you can assign access to repositories with the help of Github Teams.
Then based on those permissions the repos to which somebody has access will be visible during the setup of the Azure DevOps pipeline.
Some useful resources:
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/github-tutorial
https://github.blog/2019-09-24-azure-active-directory-team-synchronization-now-available-with-enterprise-cloud/
https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/about-teams
https://enterprise.github.com/support
I found out the cause of the issue.
First of all, when you install the Azure Pipelines app from the GitHub marketplace, you first need to make sure that you select your GitHub organisation and not your personal account.
Secondly, during the installation you are taken to Azure DevOps to setup your project. Two different authorization pages will be shown; "Azure Pipelines by Microsoft would like to [...]" and the page for OAuth authorization. As can be seen in below image, there is a small grant button that's easily overlooked. You need to press that button before you press the large green that says "Authorize AzurePipelines"
I am now able to select my GitHub Enterprise repositories when I create a new pipeline in Azure DevOps. I simply choose GitHub as the source where my repository lives.
is a "Public" DevOps project accessible by
everyone on Azure DevOps
only by the organization members
all members of the Azure Active Directory that is linked to the organization.
What I want to achieve is 3. over 2. but not 1.
Thank you
A public project means "Anyone on the internet can view the project. Certain features like TFVC are not supported." which is the 1 in your list, this you can see when you create a new project in Azure DevOps service :
You can find more detailed informaion at the doc What is a public project?, it says "Users that aren't signed into the service have read-only access to public projects on Azure DevOps.".
What I want to achieve is 3. over 2. but not 1.
only by the organization members
all members of the Azure Active Directory that is linked to the organization.
What you are seeking for is a private project in fact, create a new private project and add the organization users to this project, or if your organization is connected to AAD then you can directly add anyone who's in the AAD to this project with no need to add them to your organization first.
This you can find more information at the doc Add members to your project.
It seems for public project to access, admin/project owner need to invite the required user.
Ref: https://learn.microsoft.com/en-us/azure/devops/organizations/public/invite-users-public?view=azure-devops
Public projects are not that public...
I have a setup on Devops where I want to give and external account (not part of the company) access to the repos. I thought that the Stakeholders would have at least read only access there but seems not.
I've invited a new user (external) with Access Level = Stakeholder, given access to the project X and made him a member of Project Contributors for the project.
So the question is, should Stakeholders here have access to the repos? is there a way for me to do this?
If you are using private repos for your project then stakeholders only have access to the following features:
Dashboards, Wiki, Boards, Project and Organization settings - Partial access
Repos, Test Plans - No access
Pipelines, Notifications, Semantic Search - Full access
If you are using public repos for your project then stakeholders only have access to the following features:
Dashboards, Wiki, Boards, Repos, Pipelines, Notifications, Semantic Search - Full access
Test Plans - No access
Project and Organization settings - Partial access
If you want details on Stakeholder access rights for each of the features, go here
I hope that helps.