In the Azure DevOps project I'm currently working on, I am unable to use the # mention feature and am not able to assign work items to other users because no users are ever found. I am aware that you should be able to search for other users if they don't initially show-up in the drop-down list, but searching always returns "No identities found".
Other members of my team that have elevated permissions than I do can use these features because they are able to search for any other user in the same Azure DevOps project. My project administrator gave-up trying to figure-out why these features won't work for me.
Is there a setting in the Azure DevOps Project Settings Permissions that enables or disables the ability to view other user names?
Here is an example of me trying to look-up my own name to assign a bug to myself without success:
And here is an example of me trying to #mention a user in a bug discussion section without success:
* Update *
When my project administrator gives me project administrator rights, I am able to #mention others. Obviously, that isn't the desired user level for a non admin like myself.
Related
I was moved from one DevOps organisation to another and access to the old org was removed. This caused my MS Teams DevOps plugin to stop working in private chats, but was fine in team channels.
When I tried to open the app settings, I got a white window with a JSON that suggested a permission problem.
How do I connect the app to the new organisation?
Trying to open the app settings using the Teams webpage I got a popup that let me read the request URL and I saw the two GET parameters for organisation and project ID.
Removing those two parameters gave me a screen to select an organisation and a project. The tab closed right away and the integration is fixed.
I guess replacing the project_id and tfs_uri with the correct data from the target project would work, too, but that's the purpose of the section page, already.
Going to the app settings now yields this exact selection page, by the way, so this is a bug in the DevOps Teams app. There's one line of information at the top that apparently requires access to the DevOps organisation and needlessly gates the whole dialog behind organisation access permissions.
I've had a standalone Azure Devops Organisation (call it MyOrg1) for quite a while, and I've recently linked it to my Azure Active Directory, and set my Azure AD user myname#my-azure-ad as the organisation owner.
This seemed to work ok. I can go directly to the URL dev.azure.com/MyOrg1, and see all my projects etc. All good so far.
The problem is that if instead I go directly to dev.azure.com, and login as my Azure AD user, it doesn't seem to recognise that this user is already associated with an existing devops account. It instead prompts me with the "Get started with Azure DevOps" screen with the option to "Continue".
If I choose "Continue" it then creates a new Organization for me like "[myname]1234".
So far this is mostly just a nuisance, but not a huge problem. However the more significant problem is that in Visual Studio, I'm not able to see MyOrg1. It will only list the new organisation "[myname]1234". If I attempt to manually add the server URL "dev.azure.com/MyOrg1" it won't work, and doesn't seem to recognise that the user myname#my-azure-ad has access to this organisation.
It shows the message "To access an Azure DevOps account, login using the picker above". The picker already shows my user myname#my-azure-ad
In the MyOrg1 organization settings, I can see that my account is definitely listed as the organisation owner, and I can see that my Azure AD is definitely linked.
I can't figure out what could be wrong. Everything looks correct, but it just doesn't work.
Just in case it makes a difference, organisation MyOrg1 is in a different region to my Azure AD. I can't really see why that would matter though, since it seemed to link it just fine.
I managed to correct the issue by doing the following...
Create a new Global Admin user account in AAD
Add this user to the DevOps organisation and set as owner
Remove my original myname#my-azure-ad from the DevOps org
Re-add myname#my-azure-ad to the org and re-assign as the owner
The only thing I can conclude is that because myname#my-azure-ad was originally added to the org before the org was linked to the AAD that this must have messed something up.
We have a DevOps project we've been using for over a year now and we needed to add a new developer to the team. I was able to add the user to the organization, he replied to the invite, and I have added him to the contributor group.
After adding him I then went to my project and opened up that project's Team Settings. When I click Add and try to find his name I am getting a spinning status graphic and "Loading..." but it does not find the user. It does not give me an error or a "No Results Found". Eventually it just resets back as though I first landed on the page.
I thought this could be a permissions issue so I removed an existing user in the group. Right after removing I tried to re-add the user and cannot. I get the same results. I know this user is using the project and has permission to get the code and check in changes. So it does not seem to be an issue with the original new user.
My next move was to try to do this using the Azure CLI but it turns out that adding a user to a project is not currently supported by the CLI, only adding the user to the organization is currently supported. I also searched for this particular error and can't find anyone else having this issue.
There was a [[[bug]]] in the Azure portal. Users could not be added from the Team page. However, I had a widget on my dashboard for Users and it had the ability to add a User. When I used this widget I was able to add users. I could add the ones I deleted during testing and the new user.
Our main Azure DevOps Organization is linked to our Azure AD. We need to invite customers to specific projects as stakeholder only, and with this, they are added as external users in our AD. We found that within a customer project also, all other external users are visible, e.g. via mention with # anywhere in the text or assignment drop-down, although these do not have access to that project. Our only workaround so far is to create new non AD linked customer specific organizations, but this is really not the right way to go (licencing, management etc.)
Is there any option to prevent this and to restrict visibility to only those users, which are part of a project (or planned)?
I tested and found the same issue as you said. It is by design, you can raise a problem in the Developer Community
https://developercommunity.visualstudio.com/spaces/21/index.html
Besides, since there is a workaround that works now, continue on this basis. You can create different AAD for the customer specific organizations, then add the customers to these AAD. Thus, these users will be invisible because they are in different AAD organizations.
I was trying to follow this tutorial here from official Microsoft Docs in order to give in a specific user group a role.
https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure
I want that role to be applied on subscription level. First, the screenshots are outdated and they are not represent the current portal. Second, the current portal seems to be unable to find the user groups through the search.
After searching and changing a lot of things I had realized that the issue wasn't on my action but on Azure portal. I gave up the portal and I started trying PowerShell and it works as it is expected to work.
https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-manage-access-powershell
Therefore, save your time and use PowerShell instead of portal in case that you want to set a role in a user group. Again, there is no specific command as far as it concerns subscription level access. You need to modify a bit the one for Resource Groups and add -Scope. Your final command should be this:
New-AzureRmRoleAssignment -ObjectId $userGroupId -RoleDefinitionName 'Reader' -scope '/subscriptions/{Change_To_Subscription_ID}'