Fellow Project Administrator Cannot Delete User Stories (But I can) - azure-devops

I have an Administrator in an Administrative group with the Boards Permissions all set to "Allow (inherited)".
He cannot delete a User Story he created.
We both inherit the permissions from the same "Project Administrators" group.
I can delete stories as expected, but he doesn't even have the option in the drop-down.
Any idea why that would be?
UPDATE: I had a co-worker who is also an administrator with the same permissions as the affected Admin, and they were able to create and delete stories. So now we've verified that 2/3 of the Admins tested with this setting are able to delete, but the other is not. The affected admin doesn't even have delete as an option when selecting "…" for an item.

I found the solution.
Under Organization Settings > Users, the user in question was listed as a Stakeholder.
I had to promote him to Basic.
This solved the problem, and it might not be discoverable as the cause of the problem if a Project admin is not also an Org admin.

Related

Azure DevOps Shared Query permission not inheriting from Project Administrator Group

I am in the project administrator group, since we have a requirement to set the shared query to read-only to Contributors, I toggled the permission for Contributors to Deny except for "Read"
When I try to create new shared query, it says:
TF401256: You do not have Write permission for query Shared Queries.
I clicked on the three dots and bring up the "Permission for Shared Queries" menu, searched my name and a few other people in the Project Administrator Group or Project Collection Administrator Group, it shows all "Deny" permission except for the "Read" for all of us.
When I hover over, it says our permission is being inherited through the {project}\Contributors, but we are in the Administrator group.
Why is that and How can I fix it? I cannot even overwrite the permission. It is stuck at being inherited from the Contributor group.
enter image description here
It seems you are in a different group(project administrator group and Contributors), check this doc:
In the Azure DevOps, for most groups and almost all permissions, Deny overrides Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user is not able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
This is why you get the error message. You could open project settings->Permissions->Search the permission group {project}\Contributors->click the tab Members and remove your account. Then you could create new shared query
Update1
Steps:
Open project settings->Teams->select the team->click the tab Settings->add Administrator, then we could move our account.
link to MS forum for this issue (or similar posted by other people):
https://developercommunity2.visualstudio.com/t/Project-administrator-cannot-save-shared/1339863
It just doesn't sound right to me that in order to have admin permission you cannot be in any team. That maybe workable for a test account but for an organization this workaround or restriction could mess things up a lot.

Azure DevOps - One "aad user" type cannot delete DevOps work items

A new person in our company cannot delete work items in DevOps. Their "Type" is listed as "aad user" under Teams and they are included in all the right groups, just like everyone else in the company, but they do not have the Delete option on a work item. This is annoying. It doesn't matter which work type.
What can we check, double-check and check again to make sure they're set up correctly?
Since the new users couldn't see the delete option, you could check the following points:
You could check if the users have the Basic Access level in Organization Settings -> Users .
Note: The Stakeholder Access level will have no access to delete work items
You need to check if the users are in the Contributors Group in Project Settings -> Permissions
To delete work items, you need to check if the users have the Delete and restore work items project-level permission in Project Settings -> Permissions.
For more detailed information, you could refer to this doc: Remove, delete, or restore work items.

What permissions does an Organisation Owner have in Azure DevOps?

We've been using Azure DevOps but I'm wondering what the Organisation Owner does? Do they have extra permissions in Azure DevOps or is it just a 'for info' type field so people know who to speak with about any DevOps queries / change requests with the setup.
Thinking ours may need to change but just looking to see what the impact is in changing that - i.e. what permissions would the existing person lose (and what would a new person gain) if that was to change to someone else.
Generally, there aren't extra permissions for the owner account, so, just feel free to change owner. For the new owner, he has the admin permission.
On the other hand, you may just add the new user to Project Collection administrators group, then this new user will has admin permission too.
From the docs
An administrator or organization Owner can give you access to select
features or functions, or change your permissions. In this article,
learn how to look up administrators or organization Owners.
and here are the rights or things that organization owner can do.
Generally, as an organization Owner, you are the administrator of your DevOps service and you have super permission. You can manage your project, includes:
Add users to your project
Grant or restrict permissions
Share your project vision and support collaboration
Remove unused services from the user interface
Set code, test, and other policies
Define area and iteration paths for work tracking
Customize work-tracking processes
Review and update notifications
Add teams to scale your organization
Install and manage extensions
Set up billing
Detailed information, you can refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/user-guide/project-admin-tutorial?view=azure-devops

Can't leave organization I'm not an admin of

I am a member of an organization I am not the admin of. I can't seem to find a way to leave.
I don't know who is the admin. It seems to be a long deceased project/organization where I was once added as a member. Now I can't get rid of it.
Go My profile, open the org which you are the member is and want to leave. Then you will see a button Leave in the right panel.
Click that, you will delete yourself from the organization will remove your permissions permanently and this don't need the admin's allow or contact with org's admin.

GitHub Enterprise Admin Function - Add Arbitrary User to Organization

Is it possible in GitHub enterprise to arbitrarily add a user to an organization if you are a site administrator. I am evaluating the software, but cannot seem to do this reliably. A site admin who is not themselves part of an organization cannot pull up the organizations dashboard, nor see which users are part of it, although they can view and contribute to the repositories within (in a round about way). I know that it is possible to impersonate a non-admin user, but you would have to know who already is a part of that organization to do this, which is hidden. There has to be a better way because what if some nefarious employee and removed everyone but themselves. The organization would effectively be orphaned.
Thank you
I think I have found where all the members are, under "Members & Teams", duh. I can usurp their account and make myself an owner if needed. Seems cumbersome though.
You most likely want ghe-org-admin-promote