I am setting up an Azure DevOps organization with separate team projects. I don't want users to be able to go to "Organization Settings" -> "Permissions" -> "Users" page and see all the users in the Organization and their email addresses.
I've tried setting the "View Instance-Level Information" permission to "Deny" for a user, but they can still see it.
Any ideas?
How to prevent users from seeing all users within "Users" page?
For this issue, I am afraid this feature is currently not supported in azure devops.
Users in the organization can see all members from the "Users" page.
You could raise your feature demand here to promote development of richer features.
After suggest raised, you can vote and add your comments for this feedback. When there are enough communities vote and add comments for this feedback, the product team member will take this feedback seriously.
Related
We have an Azure DevOps environment(online dev.azure.com/aaaa). Here we have multiple projects. Each project has multiple users.
I would like to avoid users from project A being able to mention users from project B due to privacy.
Is this possible?
There is the concept of "project scoped users".
To limit the identity selection to just those users and groups added to a project, perform the following procedure for your organization and projects.
Enable the Limit user visibility and collaboration to specific projects preview feature for the organization.
Add the users to your project(s) as described in Add users to a project or team. Users added to a team are automatically added to the project and team group.
Open Organizations Settings>Security>Permissions and choose Project-Scoped Users. Choose the Members tab. Add all users and groups that you want to scope to the project(s) you've added them to.
In Azure devops, I have a team and there are lot of members in it. In Epic I created a new custom field called "No. of Resources" and it need to be auto-populate the number of team members to the field "No. of Resources".
need to be auto-populate the number of team members to the field "No.
of Resources"
I am afraid this is currently not possible in azure devops. The process rule in the organization settings does not provide an action that can obtain the number of team members.
You could add your request for this feature on our UserVoice site , which is our main forum for product suggestions. After suggest raised, you can vote and add your comments for this feedback. The product team would provide the updates if they view it.
We've been using Azure DevOps but I'm wondering what the Organisation Owner does? Do they have extra permissions in Azure DevOps or is it just a 'for info' type field so people know who to speak with about any DevOps queries / change requests with the setup.
Thinking ours may need to change but just looking to see what the impact is in changing that - i.e. what permissions would the existing person lose (and what would a new person gain) if that was to change to someone else.
Generally, there aren't extra permissions for the owner account, so, just feel free to change owner. For the new owner, he has the admin permission.
On the other hand, you may just add the new user to Project Collection administrators group, then this new user will has admin permission too.
From the docs
An administrator or organization Owner can give you access to select
features or functions, or change your permissions. In this article,
learn how to look up administrators or organization Owners.
and here are the rights or things that organization owner can do.
Generally, as an organization Owner, you are the administrator of your DevOps service and you have super permission. You can manage your project, includes:
Add users to your project
Grant or restrict permissions
Share your project vision and support collaboration
Remove unused services from the user interface
Set code, test, and other policies
Define area and iteration paths for work tracking
Customize work-tracking processes
Review and update notifications
Add teams to scale your organization
Install and manage extensions
Set up billing
Detailed information, you can refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/user-guide/project-admin-tutorial?view=azure-devops
Our main Azure DevOps Organization is linked to our Azure AD. We need to invite customers to specific projects as stakeholder only, and with this, they are added as external users in our AD. We found that within a customer project also, all other external users are visible, e.g. via mention with # anywhere in the text or assignment drop-down, although these do not have access to that project. Our only workaround so far is to create new non AD linked customer specific organizations, but this is really not the right way to go (licencing, management etc.)
Is there any option to prevent this and to restrict visibility to only those users, which are part of a project (or planned)?
I tested and found the same issue as you said. It is by design, you can raise a problem in the Developer Community
https://developercommunity.visualstudio.com/spaces/21/index.html
Besides, since there is a workaround that works now, continue on this basis. You can create different AAD for the customer specific organizations, then add the customers to these AAD. Thus, these users will be invisible because they are in different AAD organizations.
I am making a small Git / Github demo for first-time users and want to use Github Pages, for which I needed to create a new Github organization. During the 30 min I'll have to do the demo, users will need to create new Github accounts and join the organization. Since I'll have so little time, is it possible for users to request organization membership, rather than me having to invite each person manually by email lookup?
I've seen this before but only through third-party apps. Is there no way to do this directly within Github?
Directly with GitHub, I have seen no evidence of that feature.
Through third-party apps indeed, yes.
As an example: benbalter/add-to-org would automatically add users to an organization.
For smaller teams, this may not be possible. The feature that you have mentioned seems similar to user provisioning and is available for Enterprises through Okta /Azure Active Directory. This link has more details on the User Provisioning.