I want to set some Scrum Masters up with privileges to amend the Capacity of team members within a Sprint of a Project:
Which permissions are needed for a basic user to access this? I'm NOT using Azure AD, so just using the Web Portal to setup.
This is for the SaaS Visual Studio Team Services Online.
There are two options to grant permission to edit work item capacity for a certain user.
Option 1: Add the user as a member for the default team
You just need to add the user to the default team, then he/she can edot the work item capacity:
In project Security page (https://account.visualstudio.com/project/_admin/_security) -> select default team (such as Git_Scrum Team in below example) -> Members Tab -> Add -> add the user -> Save changes.
Option 2: Add the user as a member for the Project Administrators group
In project Security page -> select Project Administrators group -> Members Tab -> Add -> add the user -> Save changes.
You could set the user as a team administrator.
https://learn.microsoft.com/en-us/vsts/work/scale/add-team-administrator?view=vsts
Related
We use Azure DevOps for source control.
I would like some users to be able to create work items, but not be able to make changes to source code for a specific project. It is ok for these users to be able to view / read the code, I just don't want them to be able to change it.
I've looked at the permission settings for groups in Azure DevOps, and read the Microsoft definitions of the permissions here: https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page#project-level-permissions.
Is it possible in an Azure DevOps project to set up a group that allows some users to create work items but not edit source code?
1.Create a new Group for these users, add this group to the Project scope "Readers" group
2.Make sure these users are not member or group member in "Contributors" group
3.Set the permission for this group to edit work items for Area Path in Project Settings -> Project configuration -> Security -> find the group. Check the doc.
A new person in our company cannot delete work items in DevOps. Their "Type" is listed as "aad user" under Teams and they are included in all the right groups, just like everyone else in the company, but they do not have the Delete option on a work item. This is annoying. It doesn't matter which work type.
What can we check, double-check and check again to make sure they're set up correctly?
Since the new users couldn't see the delete option, you could check the following points:
You could check if the users have the Basic Access level in Organization Settings -> Users .
Note: The Stakeholder Access level will have no access to delete work items
You need to check if the users are in the Contributors Group in Project Settings -> Permissions
To delete work items, you need to check if the users have the Delete and restore work items project-level permission in Project Settings -> Permissions.
For more detailed information, you could refer to this doc: Remove, delete, or restore work items.
I want to set up a portfolio where all projects names will be my epics and every individual project will have their own space where they will manage thier pbis..now my question is how can I control the user access in my parent space ..like what access and roles I should give to each pm in the parent epic spac
For each project that you create, the system creates the followings project-level groups. These groups are assigned project-level permissions.
The full name of each of these groups is [{project name}]{group name}. For example, the contributors group for a project called "My Project" is [My Project]\Contributors.
For your PM, they should be assigned Project Administrators permission.
Project Administrators
Has permissions to administer all aspects of teams and project,
although they can't create team projects.
Assign to users who manage user permissions, create or edit teams,
modify team settings, define area an iteration path, or customize work
item tracking.
Members of the Project Administrators group are granted permissions to perform the following tasks:
Add and remove users from project membership
Add and remove custom security groups from a project
Add and administer all project teams and team-related features
Edit project level permission ACLs
Edit event subscriptions (email or SOAP) for teams or project-level
events.
As for Access levels, it grant or restrict access to select web portal features. Access levels enable administrators to provide their user base access to the features they need and only pay for those features. They should as least owe Basic access level.
For more detail info, please refer our official doc here:
Project-level permissions
About access levels
I am an admin to a lot many projects. I have permissions to add members to any particular Project. But if I would like to promote a member as a Project Admin, I would like him to have permissions to add new members to the project.
I have added this person as a member of Project Administrator. Though he can now see the + symbol to add a member in Dashboard, it says he doesn't have permissions to add a member. What am I missing?
Seems you are talking about the team member dashboard to add member to the default team.
First double confirm you have promoted the member as a Project Admin
correctly, you could refer this question:
Manage user project permissions
Check the user is adding to VSTS for the first time or not. If it's,
need add account users for VSTS first. For this, the member will
need VSTS project collection administrator or account owner
permissions. However he is just a project admin, this maybe why he doesn't have permission.
Besides you could also add/manager members of other team, choose the gear cog
and Security from the menu. Then find the team on the left pane
of the security page and select it. In the right pane, choose the
Members view (next to Permissions), and then you will see a green plus symbol and the Add... button.
More details please refer this tutorial--Add team project members in VSTS
I need to transfer a repository from a user account to an organization the user is a member of. Per GitHUb's docs, I need to make the user account an admin of the organization first.
GitHub's docs describe the different levels of access to an organization, but I can't find out how to actually change a user's level of access to an organisation.
How can I make the organization member an admin?
Access levels in GitHub are configured per Team inside the Organization.
Log into GitHub.
Switch your account context to the organization using the dropdown near the top-left of the screen:
Click on "View organization":
Click the Teams tab in the top navigation bar:
Decide whether you want to change the permissions of an existing team (and all of its members) or to create a new team for a single user.
If you are modifying an existing Team,
click on the Team name,
then click the gear icon at the top right,
then change the Team's access to Admin and
click Update.
If you are creating a new Team,
click the New Team button,
give the Team an appropriate name,
set its access to Admin and
click Create Team.
Team memberships have somewhat limited permissions scopes to individually named repositories.
If you want to set someone as an admin for the entire organization:
Navigate to the Organization > People
Identify the member you want to update and click on the settings cog
Set role to Owner
Update 2022: GitHub entitlements can help you define an IAM (Identity and Access Management) complete with audits.
2017: Note that since June 2017, you can apply an Admin access right to a sub-team (instead of one giant unique team as before)
See "Nested teams add depth to your team structure":
Child teams inherit their parent's access permissions, so repository permissions and #mentioning among nested teams work from top to bottom.
If your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access.
So that is another way to assign a user admin right: make him/her part of a sub-sub team called "admins" within an organization.
Official GitHub Documentation: Nested Teams.