I have in Azure Devops one project with a lot of developer teams. Our Cloud Platform team uses a different project to create artifacts with ARM templates as result of a build pipeline.
How do I grant access to these artifacts for all my developers at group level? At the second project I can create a new group with View project-level information permissions. But I can only add users, not groups from that project.
Anyone any ideas?
When you add other project groups to the newly created group, do you receive the following error message?
If so, we can make clear from the error message that this is by design, auzre devops does not support adding groups of different projects to the group.
If you want to add a group as a member to the group you created, then the added group needs to be organization-level. Only organization-level groups can be added to project-level groups.
Related
I have added multiple team members to two different teams in Azure Devops project. But team members are not able to see organization, project and dashboards when they login to devops account?
team members are not able to see organization, project and dashboards
Users cannot see the organization, you can first check whether these users have been added to the organization in Users of Organization Settings.
Then you can check whether the user has the permission to access the project on the Manage user page.
Regarding that users cannot see the projects, you can check whether the “View project-level information” permission of the team is set to Deny in the Permissions of Projects Settings.
Regarding that the user cannot see the dashboard, there should be no permission to restrict it. All users in the project should be able to see the dashboard. Can you share the screenshots about this issue?
In addition, you can try to let users log in with incognito window to see if the problem exists. Check if your organization is connected to AAD.
This is the answer for my additional questinos.
To get an access to Devops project user must be added in the organization either as stakeholder or owner
Once they are owner or stakeholder they are able to access all the features.
I have a user who is both Project Admin and Team Admin (all teams) within a project in Azure DevOps. They appear to be unrestricted within the project except when they attempt to modify sprint taskboard settings. They are immediately presented with a warning:
'You do not have sufficient permissions to configure cards for this
team. You must either be a team administrator or a project
administrator.'
As the user is both project/team admin and able to modify the project's process, I'm at a loss as to what is missing. Or could this possibly be a bug? This is the only thing within the project that is blocking the user.
The screen is under 'Boards/Sprints/[Sprint Name]/[Cog icon in top right]'
The access level of this user is stakeholder. Please contact members of the Project Collection Administrators group to change the access level of the user to Basic.
Users with Stakeholder access level have partial access to Azure Boards in private projects. You can find more detailed information about access level in this document.
I manage an Azure DevOps organization with a couple dozen users, all with either Visual Studio subscriber or Basic user access level on the organization.
When someone creates a new project, which need to be private repos, I want all the organization users to automatically get read access to see the project and clone repos. Is there a way to do that? Everything works great once we grant the access at the project level, but sometimes people create projects and don't grant the access, so I don't know what projects exist. Do we need to rely on people creating the projects to grant read access to the group of users when they create them?
When someone creates a new project, which need to be private repos, I
want all the organization users to automatically get read access to
see the project and clone repos. Is there a way to do that?
This is not supported by design.
To protect private project, Azure Devops doesn't support automatically granting any access of newly created project to those normal Organization-level users unless the users belongs to the PCA (Project Collection Administrators, highest level in whole Org. It shouldn't be granted to normal users).
So we do need to rely on people creating the projects to grant read access to the group of users when they create them. Apart from project creators(people creating the projects), PCA or project administrators can also do this job.
You can create a new organization group which contains the Org users:
Then grant the access to those users by manually adding this group as member of default Project Reader group:
According to Microsoft's document, a project could be deleted from the Overview menu of Project settings. but in my own on premise Azure Devops 2019, there is no Delete button at all.
Does anyone know any solution?
screenshot:
If you are not a member of the Project Administrators group, the Delete project column will not be displayed.
If you want to have permission to delete the project, you need to be added to the Project Administrators group in project settings or Project Collection Administrators group in organization settings.
You can also delete the project in the Projects of organization settings,see if this is feasible.
I am using Visual Studio Team Services.
Part of Release Management is allowing users to approve a deployment environment or not. I have noticed that the list of approvers can only be of people added to VSTS. Is it possible to have approvers who are not added to VSTS.
I want to have the tracking of their inputs for approving, but they don't have any interest in seeing user stories, source code, etc.
If you don't want people to have access to work items and source code, restrict their access by defining security groups and adding them to these groups.
Yes — they will need at least a basic licence.
You can add the specific approver with a basic licence, then use the security settings to add them to either the approver group or give them specifically approval rights. (More info.)
You can also specify account (user) groups as approvers. When a group is specified as an approver, only one of the users in that group needs to approve in order for the release to move forward. If you are using Visual Studio Team Services, you can use local groups managed in Team Services or Azure Active Directory (AAD) groups if they have been added into Team Services. If you are using Team Foundation Server (TFS), you can use local groups managed in TFS or Active Directory (AD) groups if they have been added into TFS.