We use Azure DevOps for source control.
I would like some users to be able to create work items, but not be able to make changes to source code for a specific project. It is ok for these users to be able to view / read the code, I just don't want them to be able to change it.
I've looked at the permission settings for groups in Azure DevOps, and read the Microsoft definitions of the permissions here: https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page#project-level-permissions.
Is it possible in an Azure DevOps project to set up a group that allows some users to create work items but not edit source code?
1.Create a new Group for these users, add this group to the Project scope "Readers" group
2.Make sure these users are not member or group member in "Contributors" group
3.Set the permission for this group to edit work items for Area Path in Project Settings -> Project configuration -> Security -> find the group. Check the doc.
Related
We have an Azure DevOps environment(online dev.azure.com/aaaa). Here we have multiple projects. Each project has multiple users.
I would like to avoid users from project A being able to mention users from project B due to privacy.
Is this possible?
There is the concept of "project scoped users".
To limit the identity selection to just those users and groups added to a project, perform the following procedure for your organization and projects.
Enable the Limit user visibility and collaboration to specific projects preview feature for the organization.
Add the users to your project(s) as described in Add users to a project or team. Users added to a team are automatically added to the project and team group.
Open Organizations Settings>Security>Permissions and choose Project-Scoped Users. Choose the Members tab. Add all users and groups that you want to scope to the project(s) you've added them to.
In Azure DevOps, I want to restrict Project Admins to add and remove users from other built-in groups. Now I know I cannot change the Project Admin permissions in Azure DevOps(ADO) and they are all greyed out but I can add Azure Active Directory group and change the permissions and add all the project admins in that AAD group, but the problem is there is no visible permission I can change to restrict Project admins from adding and removing members. CONTRIBUTORS built ion group is already restricted. Can anyone advise what to change in the permissions to restrict them from adding and removing users from the groups?
As you have connected your AD in your organization you should go in organization settings under policies and deactivate allow team and project administrators to invite new users
I know it's late and you might have already found a solution. However, for any future readers, the way I handled that use case is with the help of custom TFS group called Administrators and leave default Project Administrators intact. Then you can add AD groups inside custom Administrators group and manage permissions for this group.
HTH.
A new person in our company cannot delete work items in DevOps. Their "Type" is listed as "aad user" under Teams and they are included in all the right groups, just like everyone else in the company, but they do not have the Delete option on a work item. This is annoying. It doesn't matter which work type.
What can we check, double-check and check again to make sure they're set up correctly?
Since the new users couldn't see the delete option, you could check the following points:
You could check if the users have the Basic Access level in Organization Settings -> Users .
Note: The Stakeholder Access level will have no access to delete work items
You need to check if the users are in the Contributors Group in Project Settings -> Permissions
To delete work items, you need to check if the users have the Delete and restore work items project-level permission in Project Settings -> Permissions.
For more detailed information, you could refer to this doc: Remove, delete, or restore work items.
In the Azure DevOps project I'm currently working on, I am unable to use the # mention feature and am not able to assign work items to other users because no users are ever found. I am aware that you should be able to search for other users if they don't initially show-up in the drop-down list, but searching always returns "No identities found".
Other members of my team that have elevated permissions than I do can use these features because they are able to search for any other user in the same Azure DevOps project. My project administrator gave-up trying to figure-out why these features won't work for me.
Is there a setting in the Azure DevOps Project Settings Permissions that enables or disables the ability to view other user names?
Here is an example of me trying to look-up my own name to assign a bug to myself without success:
And here is an example of me trying to #mention a user in a bug discussion section without success:
* Update *
When my project administrator gives me project administrator rights, I am able to #mention others. Obviously, that isn't the desired user level for a non admin like myself.
Is it possible to customize columns in Azure DevOps --> Organization Settings --> Users page. Currently we have Name, Extensions, Access Level, Last Access. I need to add another column to show whether the user have code read-only access or contributor access.
This page can't be customized as fas as i know. What you want can't be displayed on that site if you have more then one project anyway. If you want to see this organizationwide a better way would be to organize the users in "Organization settings -> Permissions" in groups for readers and contributors