I am trying to edit my branch security policies, but nothing ever seems to save. I've tried editing permissions, adding groups, removing groups and nothing seems to happen.
Is there supposed to be save button? This interface is new and appears not to be working.
I am an admin on this Azure account.
To the above question you posted in comment, here is the answer for that:
The groups listed below are inbuilt groups. You will not be able to delete those inbuilt groups.
And if you would like to add any groups, you would need to first create that group in Project Settings and then come back to Branch Security and Add that group here :
Go to Project Settings --> Security --> Create Group
Once you Create the group, go back to Repos --> Branches --> Branch Security --> Click on Add Group and search for the group you created earlier.
You should be able to delete the groups that you have created, But keep one thing in mind that if you delete a group that you created all the users in the group will loose permissions as well.
Yes this is a New UI and it is automatic save when you change the permissions.
Have you tried changing the selection in the dropdown and see if it works?
Once you change the selection in dropdown there will be an indication that the value is changed.
There is no Save Button in the new UI.
The Green tick indicates that the value is changed.
Please take a look at the screenshot below.
Related
In my Azure boards, I have a hierarchical structure of the areas. In the team settings, all teams have areas being set, just like described here: https://learn.microsoft.com/en-us/azure/devops/boards/plans/safe-configure-boards?view=azure-devops#configure-area-paths
Is there a way for one team to see only the area it is set to, but no other areas? Currently, in Boards>Work items any member of any team can see everything, even User stories that do not belong to his area. How can I restrict this?
Edit: it might be from Security options of an area, add a group to it and make work items invisible, see this screenshot from Azure documentation.
But, even as an admin, I don't have such option to add! Why is that?
The UI has changed. There is no add option in the security settings page now.
You can directly search for the Team Group in the Search box and change its permission settings. See below screenshot.
Okay, in addition to Levi's answer:
First, every new user added to a project is also added by default to one of this project's groups: Contributors, Readers, Admins. I'm not considering admins here.
If we want to make one area visible to only one team, we need to do the following:
Either modify Contributors or Readers rights so that the "View project-level information" is set to Deny, and then for each new user, add it to a team and for that team set this option to Allow for the area needed
or (better)
Create our own groups for which "View project-level information" is set to Deny (for ex. Developers, QAs, etc.), and then for each new user, remove it from Contributors or Readers and add it to the corresponding group. Then add the user to a team, and for that team set the "View project-level information" option to Allow for the area needed
I would like to allow all members of the organization in Azure DevOps to view all projects (become Readers).
I tried to set up a group rule on the organization settings page.
Group: "Project Collection Valid Users"
Access level: Stakeholder
Projects: Selected them all, and picked Readers for each one.
After that I clicked on Add.
Now, when I try to view the rule I just made with "Manage rule", the project settings have been cleared.
If I select the projects again, and pick Readers, then save, the same thing happens.
Why do the settings disappear?
Also, if I do "Re-evaluate Rules", it runs for a bit. But none of the existing users regardless of their Access level have gotten Reader access to any project.
However, using "Manage user" -> Group rules, the group rule is listed.
So the group rule is applied but the project settings are not working for some reason? How do I fix this?
I chose a different group from AD instead of "Project Collection Valid Users" and now it seems to work as expected.
Using "Project Collection Valid Users" in this context seems to bring some bugs or unexpected behaviour.
I have 2 private projects in my Azure DevOps Organization, say Project A and Project B. I need to mention a User in Project B from a work item in Project A. I'm able to do it. But the mentioned user is not able to view the Work Item as he don't have access. Any Solution or Work Around to achieve this?
Giving Reader Access permissions will solve the problem of user being able to view the work item.
If you haven't already given reader access to the user, try giving it and see if that helps.
See the below Image for reference :
Click on Project Settings -> Permissions -> Readers -> Click on Add -> and add that user.
Currently we cannot set permissions for a single work item. If you would like that feature, please use the below link and create a request for this feature: https://developercommunity.visualstudio.com/content/idea/post.html?space=21. This link is directly monitored by the product team and they will look into this request and share their views on the same. If lot of users request for the same feature, they will add this item to backlog to implement in the future sprints.
We have a DevOps project we've been using for over a year now and we needed to add a new developer to the team. I was able to add the user to the organization, he replied to the invite, and I have added him to the contributor group.
After adding him I then went to my project and opened up that project's Team Settings. When I click Add and try to find his name I am getting a spinning status graphic and "Loading..." but it does not find the user. It does not give me an error or a "No Results Found". Eventually it just resets back as though I first landed on the page.
I thought this could be a permissions issue so I removed an existing user in the group. Right after removing I tried to re-add the user and cannot. I get the same results. I know this user is using the project and has permission to get the code and check in changes. So it does not seem to be an issue with the original new user.
My next move was to try to do this using the Azure CLI but it turns out that adding a user to a project is not currently supported by the CLI, only adding the user to the organization is currently supported. I also searched for this particular error and can't find anyone else having this issue.
There was a [[[bug]]] in the Azure portal. Users could not be added from the Team page. However, I had a widget on my dashboard for Users and it had the ability to add a User. When I used this widget I was able to add users. I could add the ones I deleted during testing and the new user.
This is a few different questions.
First one is how do you delete a user group? I've seen the option for removing a group from another group, but I haven't been able to find an option for completely deleting the group.
Second is how do I set security so that users in a specific group can only view and run reports? So far, I've gone into User Security on the group, disabled inheriting from the parent group and folder, and set "View" and "View On Demand" in basic settings and "View objects" and "View objects that the user owns" in advanced. But regardless of what they have, either they can still move and delete reports or can't view anything at all depending on whether they're under the Administrators group.
Related to that last part of the second question, when the user group is a subgroup of Adminsitrators they can see all the tabs, but if I move them to the Everyone group, then they can't see anything when logged in when I set the Folders view on Configure CMC Tabs. Ideally, I'd like the users to be under a different group entirely for clarity, but then they can't seem to do anything, which definitely won't work.
Finally figured this out.
For the first one, I couldn't delete the group because it had customized security settings. After resetting those to the default inheritance and removing it from all other groups, I was able to delete it fine.
For the folders and running the reports, the security has to be set on the folder structure, not on the user group.