Does anybody know if it is possible to prevent a user of Azure DevOps from being able to see code on the web interface and force to checkout locally in order to see it. I am looking this feature in Team Foundation Server 2015 as well.
Does anybody know if it is possible to prevent a user of Azure DevOps from being able to see code on the web interface and force to checkout locally in order to see it.
To achieve this, we could set the access level of that specify user as stakeholder.
In this case, that user do not have permissions to see code on the web interface:
To checkout it locally, we could provide a PAT, which have permission access the repo to the user, so that that user could use git command line to checkout it:
git clone <repo>(https://<PAT>#dev.azure.com/<OrganizationName>/MyTestProject/_git/TestSample) <directory>
Besides, this method should also work for Team Foundation Server 2015.
Update:
is it posible to just restrict view of code on the web for a user with
a visual studio subscription, the porblem is that an stakeholder might
be very limited...
The answer is yes. Go to the Project Settings-> Repositories-> Add a specify user and set the Read permission as Deny:
Then we could not acess the code on the web UI:
Related
I want to know if it's possible to connect my github enterprise account of my organization to vs code, and if so how?
I know how to sign in with a normal github account on vs code but it doesn't work for github enterprise. I already looked up online but couldn't find any answers.
In the vs code settings there is an option called github enterprise: Uri. I put there the url of my github organization "github.organizationname.com" but I don't know what else I need to do.
Here's what worked for me on vs code 1.62.3.
Clone the GitHub Enterprise repo outside of vs code (ie, using git cli in a terminal or GitHub Desktop).
In vs code, open the folder containing the cloned repo.
And just like magic, it works. If you click on the source control tab in vs code, you can pull changes and make commits. Actually, it might not work quite yet if your cloned project doesn't have your personal access token saved. If you need to do that, you can find instructions in this answer to a different question
I have set it up in the vscode settings like so:
Then it asked for my personal access token. This is token can be created under "settings" -> "developer options"
see: https://docs.github.com/en/enterprise-server#3.4/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
It is possible to login using GitHub enterprise from VS Code without using personal access token or SSH keys. User can login by SSO if session already exist in browser else will need to sign in using their credentials. One of the ways to achieve this is to install Git Credential Manager. Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux.
Compared to Git's built-in credential helpers (Windows: wincred, macOS: osxkeychain, Linux: gnome-keyring/libsecret) which provides single-factor authentication support working on any HTTP-enabled Git repository, GCM provides multi-factor authentication support for Azure DevOps, Azure DevOps Server (formerly Team Foundation Server), GitHub, Bitbucket, and GitLab.
For installing GCM based on OS follow the given link:
https://github.com/GitCredentialManager/git-credential-manager
Once GCM is installed and you try to clone a repository you will be able to see Enterprise login page. This can be achieved by using other Git Oauth Authorized Apps such as GitHub CLI.
Another option is to access with you microsoft email and then , the Github enterprise signing option will be added in "Account" just click it and you now will have access to GithubEnterprise
Account bottom in green
more reference here is the link:
https://learn.microsoft.com/en-us/visualstudio/ide/work-with-github-accounts?view=vs-2022
In Azure devops is it possible to grant access (read-only) to a repo in a project without the user having access to the project containing the repo?
We want to use the repo basically as a file share with clients that shouldn't be able to see all our code/scripts/pipelines etc that exist in the parent project and other repos.
As stakeholder access on the project and Reader rights on the repo they had too much access to the project. Removing them from the project and creating a new group with limited repo rights they got to a forbidden, access denied screen which makes me think they have to have access to the project.
My testing is limited because of corporate environment I am unable to create additional users/emails and don't want to have to keep asking co-workers to test every change I could try.
Azure DevOps is designed to enable all valid users to view all objects defined in the system. You can restrict access to specific resources by setting the permission state to Deny.
So not quite sure if this specific requirement is achievable. The closest you could probably get to is this: Assign read-only rights to a single repository in Azure DevOps.
Here is a very similar idea on Developer Community from 2019: Restrict access to dev ops functionality for a guest user. One more resolved post: Restrict access to specific objects in DevOps.
If you think this implementing this suggestion can benefit others in the Community as well, do request it as a new feature on Developer Community for Azure DevOps.
Also go through the elaborate documentation available for configuring ADO granular security controls and check if changing individual permission at the project-level helps.
My Account(AAD) is Linked with 2 DevOps Organisation(personal organization & Business orgnaization)
I am unable to view Business orgnaization on DevOps Profile but able view personal organization.
I am able to access both via Url https://dev.azure.com/xxxCloud/.
I can't able to Connect DevOps Business Organisation with Visual Studio also.
Please try the following steps:
Please enter aka.ms/vssignout in browser and login to aka.ms/vsprofile again to see if the issue still exists.
If your organizations are in different AADs, please select the right directory in the dropdown list.
Please use other PCs to sign in and check if it works.
If you sign in this organization, can you see the projects in it? Please click specific projects in Web UI, or add project name in organization URL to get access to it.
Please ask your AAD admin to remove your MSA account from Azure Active directory and re-add you again to check if the issue still exists.
I have a couple project in Visual Studio Online (VSO), which I would like to move to my GitHub account. In VSO all projects are not publicly-readable. You must be authenticated using Microsoft Account (MA).
I tried to use the GitHub Importer (https://import.github.com/new) to do that. The importer asked me for read-only credentials to reach out to my project. Unfortunately, it cannot go through authentication event though I provide my MA credentials.
Is there anybody know how to import a project from Visual Studio Online to GitHub? Is it even possible?
Okay. I figured it out. You must enable the alternate authentication credentials as described in the following article. After that the importer starts doing its job:
https://web.archive.org/web/20161204015026/https://www.visualstudio.com/en-us/docs/integrate/get-started/auth/overview
If you're importing from Azure DevOps, don't use your account credentials while importing. Instead goto Azure Repos, select your repo which you are importing, then click on Clone and then click on Generate Credentials and then use those credentials in GitHub importer.
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.