We need to grant "Read" access to all git repos in our AzureDevOps organization. I don't think there is a common root to all team projets GIT repos (like it's the case for TFVC). Each team projet seems to be "it's own git server".
Currently, only a few collection-leve groups are automatically added to new projects. "Project Collection Build Service Account" would grant just enough access to repos but would grant permissions in other modules.
Is there a way to edit the process template as we did in TFS? I could then create a collection-level group and ensure access to GIT Repos root level.
Unless I'm just missing out on some obvious alternative solution.
For general DevOps organization, you can't edit the process template as you did in TFS.
I suggest that you could create a new group in collection level, then add it to team projects manually.
Related
We are group of developers who have a joint organisation on GitHub.
When we create a repository for the organisation on GitHub it is only the creator that is made admin and read, write, and maintainance rights are not given to the organisation, nor the organisation team.
We have to go to Settings => Manage Access every time.
Can this somehow be changed?
We have already contact GitHub support but after 3 months and no answer, we believe it is okay to ask the question here.
You can configure it in the organisation settings under Member privileges. The option is named Base permissions.
You can also access it under https://github.com/organizations/<organisation name>/settings/member_privileges.
By default, organisation members have no permissions in repositories created by other organisation members. In this setting, you can configure the permissions every member has in every repository owned by the organisation.
You can also create a team for the developers and give the team the required permission per-repository.
I manage an Azure DevOps organization with a couple dozen users, all with either Visual Studio subscriber or Basic user access level on the organization.
When someone creates a new project, which need to be private repos, I want all the organization users to automatically get read access to see the project and clone repos. Is there a way to do that? Everything works great once we grant the access at the project level, but sometimes people create projects and don't grant the access, so I don't know what projects exist. Do we need to rely on people creating the projects to grant read access to the group of users when they create them?
When someone creates a new project, which need to be private repos, I
want all the organization users to automatically get read access to
see the project and clone repos. Is there a way to do that?
This is not supported by design.
To protect private project, Azure Devops doesn't support automatically granting any access of newly created project to those normal Organization-level users unless the users belongs to the PCA (Project Collection Administrators, highest level in whole Org. It shouldn't be granted to normal users).
So we do need to rely on people creating the projects to grant read access to the group of users when they create them. Apart from project creators(people creating the projects), PCA or project administrators can also do this job.
You can create a new organization group which contains the Org users:
Then grant the access to those users by manually adding this group as member of default Project Reader group:
Which of the Repos permissions grant the ability to set cross-repo branch policies? If I look at Organization Settings > Security Permissions..Do I need Administer shelved changes or Administer workspaces?
I'm already a member of Project Collection Build Administrators, but I am not given the ability to add cross-repo branch policies. I want to know exactly which permission is necessary.
You should to be an admin of this project to add cross-repo branch policies. You need to be added to Project Administrators group. You can check the document here.
You can have some user who is in the Project Administrators group follow below steps to add you to this group.
Project settings --> Permissions under General---> Project Administrators --> Members-- Add
In Azure DevOps, is it possible to have users accessing all services except for the repo? By that I mean they should not be able to see any sourcecode.
Thanks
You can set deny permissions for all Git repositories for a project, or for a single repository.
Open the web portal and choose the project where you want to add users or groups.
To set the set the permissions for all Git repositories for a project, choose Git Repositories and then choose the security group whose permissions you want to manage.
Set all the permissions to "Deny" and then save the changes.
Setting permissions for all Git repositories for a project, or for a single repository is as follows.
Open the web portal and choose the project where you want to add users or groups.
To set the permissions for all Git repositories for a project, choose Git Repositories and then choose the security group or user whose permissions you want to manage. You can search for the user or group if not shown on the list as shown below
Set all the permissions to "Deny" or as dim fit and then save the changes.
click to see image
I have a github account: https://github.com/remkohdev
and am a member of several github organizations
I have added all organizations to the Bluemix DevOps Third Party applications authorizations.
But I cannot change the default github organization to a different organization when I enable the Toolchain on Bluemix, so that I can create/edit the source code to the repo in a different than default Github organization?
Error:
The integration could not be set up. Check the settings and try again.
Reason: Unable to update the git integration. An error occurred while cloning the git repository. Error details: Unable to read the repository on: https://github.com/eventquarry/server.git. User is not authorized, or repository does not exist.
When you authorized with GitHub you probably did not explicitly grant access to the eventquarry organization.
To fix this, first you need to revoke your token by logging into Github.com, then click settings > Authorized applications > Revoke "IBM Bluemix Toolchains". Now go back to Bluemix, and when you click on the GitHub tool you will see an “Authorize” button. Upon clicking, you will be taken to GitHub, and here you need to click "Grant Access" next to eventquarry (and all orgs you would like to grant access to) before clicking "Authorize application".
Now you should be able to fork/clone/link with the private repositories in the eventquarry organization.
The devops git folks responded with this:
Right now, we don't support the ability to create new organization repositories through the toolchain UI. Any new repos are created under the personal account of the user. It is possible to link to existing organization repos by typing in the repo URL in the field. (Org repos won't show up in the dropdown, but the URL can be entered manually.) Note that the user needs admin privileges on the repo they're linking to in order to have a fully functioning integration though. It's possible to link to a repo without admin privileges, but we can't create a webhook on the repo, so there's no way for us to be notified of commit events. Pipelines will only run manually if the user doesn't have admin privileges on the repo.
Let me know if this is helpful...