Can't leave organization I'm not an admin of - azure-devops

I am a member of an organization I am not the admin of. I can't seem to find a way to leave.
I don't know who is the admin. It seems to be a long deceased project/organization where I was once added as a member. Now I can't get rid of it.

Go My profile, open the org which you are the member is and want to leave. Then you will see a button Leave in the right panel.
Click that, you will delete yourself from the organization will remove your permissions permanently and this don't need the admin's allow or contact with org's admin.

Related

Fellow Project Administrator Cannot Delete User Stories (But I can)

I have an Administrator in an Administrative group with the Boards Permissions all set to "Allow (inherited)".
He cannot delete a User Story he created.
We both inherit the permissions from the same "Project Administrators" group.
I can delete stories as expected, but he doesn't even have the option in the drop-down.
Any idea why that would be?
UPDATE: I had a co-worker who is also an administrator with the same permissions as the affected Admin, and they were able to create and delete stories. So now we've verified that 2/3 of the Admins tested with this setting are able to delete, but the other is not. The affected admin doesn't even have delete as an option when selecting "…" for an item.
I found the solution.
Under Organization Settings > Users, the user in question was listed as a Stakeholder.
I had to promote him to Basic.
This solved the problem, and it might not be discoverable as the cause of the problem if a Project admin is not also an Org admin.

Azure DevOps Shared Query permission not inheriting from Project Administrator Group

I am in the project administrator group, since we have a requirement to set the shared query to read-only to Contributors, I toggled the permission for Contributors to Deny except for "Read"
When I try to create new shared query, it says:
TF401256: You do not have Write permission for query Shared Queries.
I clicked on the three dots and bring up the "Permission for Shared Queries" menu, searched my name and a few other people in the Project Administrator Group or Project Collection Administrator Group, it shows all "Deny" permission except for the "Read" for all of us.
When I hover over, it says our permission is being inherited through the {project}\Contributors, but we are in the Administrator group.
Why is that and How can I fix it? I cannot even overwrite the permission. It is stuck at being inherited from the Contributor group.
enter image description here
It seems you are in a different group(project administrator group and Contributors), check this doc:
In the Azure DevOps, for most groups and almost all permissions, Deny overrides Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user is not able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
This is why you get the error message. You could open project settings->Permissions->Search the permission group {project}\Contributors->click the tab Members and remove your account. Then you could create new shared query
Update1
Steps:
Open project settings->Teams->select the team->click the tab Settings->add Administrator, then we could move our account.
link to MS forum for this issue (or similar posted by other people):
https://developercommunity2.visualstudio.com/t/Project-administrator-cannot-save-shared/1339863
It just doesn't sound right to me that in order to have admin permission you cannot be in any team. That maybe workable for a test account but for an organization this workaround or restriction could mess things up a lot.

Why can't I assign work items to a team member?

In my organisation, I have tried setting up my team member as having Basic Access and Stakeholder access.
However neither allow me to assign a work item to her.
She uses an gmail address to log in.
In my organisation->Users->User I make her a project administrator but it reverts to Custom.
In my project->Teams-> MyTeam
I can see we are both members
However when I go to assign a work item there is only 1 person in the combo box.
How do I enable the ability to assign work items to her?
[Update]
I think a Microsoft Account or AD login is needed
looking at this quick start
However if gmail accounts don't work then we should be prevented from adding them as users.
because I did not realize that I need to type part of the users name and click search.
I was mislead by the combo box with just my name in it.
When you invite a user, you are only inviting an email address and that could be Gmail, Apple, or Amazon. When they select the invitation link, they are taken to the experience where they are asked to sign in with their Microsoft account (MSA).

Can a GitHub organization owner remove another owner?

Say I make an organization, and set someone else to owner. Will they be able to remove me from that organization? Or are there special elevated perms for the "original" owner?
I'm not sure if StackOverflow is even the right place for this question, but I haven't been able to find anything about this online.
Yes, once you make a user owner of your organization, user gets all the permissions as you. So, user can remove you from organization.
Github can't recognize you as Original owner. There are only two possible roles, OWNER and MEMBER.
Depends what you want to do. If you want them to be able to add/remove other members without giving over full organisation access you try to add a team, add the repositories you want to that team with write access, then make the user a "maintainer" of the team which should allow them to add/remove users and therefore manage write access to particular repositories.
https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization

Sitecore - Is there a way to reset all Access Rights in User Manager or Security Editor?

I currently have a user whose Access Rights are messed up and I'd like to reset them. I could be blind but does anyone know of a way to do this?
I am not aware of a way to reset the user rights.
The only way I can think of is deleting the user and create a new one, or write a script that loops to the tree or retrieves al items that the current user has rights on and resets the rights for this user.
Security of an item is stored within the __security field on the item itself. Furthermore, security is stored by the name of the user or role, not by an ID. Deleting a user/role will not modify any item that references that user/role so you effectively get orphaned access rights.
I had created a script years ago that will report on (and reset) the security of items. It is available from my blog post and I referenced it within this similar question. You should be able to modify that script to remove a single user's rights.
So far, the only way I've been able to do this is to go into the Security Editor, select the user, then open every item in the tree and unset every access right manually to the default setting of Inherited.
For instance, there are at least a Read/Write/Rename/Create/Delete/Administer/Inheritance permission on just the Home item alone. Each permission has one of the following states: Inherited/Allowed/Denied/Item vs. Descendant Right/Protected/Not Applicable. If any of those are set, manually unset it. So, if it were set to Allowed, you'd click the green check mark which would unset it from Allowed (I guess you could argue I'm setting it to Inherited).
To get back to square one, everything should be set back to Inherited.