Permission required so users can add Required Reviewer to Pull Requests - azure-devops

Members of my team sometimes need to add required Reviewers to their pull requests to ensure that a certain person actually performs the review.
We have a policy where a group of developers is automatically added to the pull request, which for 99% of the time is fine, but sometimes we need to add an extra person or 2.
There isn't a permission that is standing out explicitly showing which setting to use.
Any clues would be good

Looks like you are talking about this option. Some users are lacking it.
It's a new Pull Request Experience for Azure Repos. It should be the same permission to remove a required reviewer from Azure Devops
When you want to remove that required reviewer from the Automatically include code reviewers, you need to make sure someone who has the permissions to Edit policies (Project Administrators) to
Note: You need to check the Branch policies of the branch which you want to merge, for example, you merge from Dev to master, you need check the Branch policies of the master branch.
Then, after remove that required reviewer, you could go back to your pull request and click the X button:
So it should be the same let somebody to make required for reviewers. Try to assign them edit policy permission.
Hope this helps.

Related

Azure DevOps pull request forbid manipulation of required reviewers

Is there anyway in Azure DevOps to forbid people from adding/removing required reviewers when creating a Pull Request?
I have set up the policy "Automatically included reviewers" with a bunch of required reviewers.
But still anyone who create a PR can easily add someone else in the required reviewer list or remove anybody from the automatically included required reviewer.
I want anyone to create a PR but not add/remove any required reviewer.
Apparently this is not possible, and they don't seem to consider it a bug. See this feedback item. I think it is ridiculous that they don't consider this a bug. When you set a branch policy stating: Pull requests to this branch van only be completed when these reviewers have reviewed it, only people having the permission Bypass policies when completing pull requests should be able to complete the pull request without adhering to the policies, which includes the required reviewers policy.
I've added a new feedback item to stress this. Feel free to update this feedback item, however history tells me they will either acknowledge the issue and never fix it, or still deny it is a bug.
We probably will we have to learn to live with this bug
If a required reviewer is added via Automatically included reviewers, the reviewer can't be removed:
For reviewers added manually or via the API there's no way to forbid it as far as I know.
The following feature requests implicitly confirms this:
https://developercommunity.visualstudio.com/t/Users-able-to-change-required-reviewer-t/1196519

How do I add a required reviewer when people of a given team create a pull request in DevOps?

After hours of googling and search, I can't find how to add a required reviewer when people of a given team create a pull request in DevOps.
Some people will be able to contribute to our repository, but they are external to our company, that's why we want to enforce this control.
Does anyone ever did it?
Thanks.
It seems that you want to conditionally set the required reviewers according to which team the pull request creator comes from. If so, I think there is no such built-in function currently provided.
Currently only the filter condition of "based on which files changed" is provided.
You could add this feature request on our UserVoice site , which is our main forum for product suggestions. After suggest raised, you can vote and add your comments for this feedback. The product team would provide the updates if they view it.
You can do this with a branch policy in Azure DevOps Repos. In ADO, go to project settings and click Repositories in the menu in the Repos section of the project settings page. Click the repository you would like to protect with code reviews and then select the Policies tab. Next select the git branch needing reviews.
On the bottom of the branch policies page you can select Automatically included reviewers. Click the + button to add reviewers. When adding the reviewers you can select if these selected reviewers are required or optional. This is actually something of a rule-builder, you can add multiple 'rules' by repeatedly going through click + and add reviewers
There is also some documentation on branch policies that might be helpful
This is my solution, this has been work for year
Azure DevOps: Automatically add different Reviewers based on Pull Request author using Microsoft Power Automate

Azure DevOps; Why are reviewers optional by default

When we create a new Pull Request in Azure DevOps, we've recently noticed that the Reviewer is Optional by default.
This has caused some confusion, as far as I recall, reviewers were always Required by default in the past.
Has this changed?
To make the Reviewer required, I know we can do this via the 'Add Required Reviewer' option but it would be nice if we could make the Reviewer Required by default...
For recent changes you may be seeing, see the this user voice request and the blog post about the new pull request experience.
One thing we've done in the past to ensure a pull request always gets a review is create teams within the project adding a set of users of which at least one will have to approve the pull request and then update the target branch policies to add the team as a required reviewer.
you can do that by using branch policies, the bit thats called add automatic reviewers: https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops#automatically-include-code-reviewers

Only allow users under a certain AD Group to approve Pull Requests on Azure DevOps

On my organisation we use Azure DevOps and we have a repository where we want developers to be able to create pull requests with changes to it, but only develpers belonging to certain AD group to be able to approve them. What's the best way to achieve this in Azure DevOps?
According to Microsoft Documentation there is a permission called "Contribute to pull requests " which allows "Can create, comment on, and vote on pull requests." However, disabling this would mean that people cannot create pull requests. I want them to be able to create the pull request, just not able to approve them and complete them.
However, disabling this would mean that people cannot create pull
requests. I want them to be able to create the pull request, just not
able to approve them and complete them.
If the Contribute is set to Deny, then the developer can review the code/create new branch/create PR/approve PR but can't push changes to master branch or branch not created by himself/complete PR. So this option can only partly meet your needs.
Apart from above, a most recommended way in this scenario is to use Branch Policies.
Since the original purpose is to avoid developers to complete the PR themselves, you can set both Require a minimum number of reviewers and Automatically Include reviewers options to meet your original needs:
So that all the PRs in master branch can't be completed until it gets enough approvals from specific Group. (The group you're in, Project Administrators or what) Then the developers can create the PR, but the PR can only be completed by approvals from you(Team admins/managers?).
You can choose one of the above two options or combine them together to meet your needs.
In addition: If all above still can't meet your requirements very well, feel free to post your feature request in our User Voice forum, the Product Team would consider about your feedback. Follow the feedback and you can get notifications if there's any update.
Hope all above helps :)

Prevent User from approving Pull Request

I have run into an issue where if my project managers are rushing, they sometimes will help move pull requests along by 'approving' them. As we have set the branch policy to require at least 2 approvals (and the creator cannot be one), this can be a bit of a frustration. I have moved the PMs into a new security group to isolate them from most options but I cannot find anything specific about Pull Requests. Does this just follow under the Contribute option or is there a specific way I can block them from being able to approve pull requests?
They have "Contribute to Pull Request" permissions, located under repo security settings. Remove that permission for the people you don't want to be approving PRs.