How do I make someone an administrator in VSO? - azure-devops

I need to set someone as having full administrative rights to do anything in VSO. Where/how do I set this?

After you add a user to your VSTS, you also need to add it to project collection administrators group, after that he can add users to VSTS too.
Go to admin page (https://XXX.visualstudio.com/_admin/_security)
Select Project Collection Administrators
Click Members tab
Click Add button to add user to Project Collection Administrators group

Related

Fellow Project Administrator Cannot Delete User Stories (But I can)

I have an Administrator in an Administrative group with the Boards Permissions all set to "Allow (inherited)".
He cannot delete a User Story he created.
We both inherit the permissions from the same "Project Administrators" group.
I can delete stories as expected, but he doesn't even have the option in the drop-down.
Any idea why that would be?
UPDATE: I had a co-worker who is also an administrator with the same permissions as the affected Admin, and they were able to create and delete stories. So now we've verified that 2/3 of the Admins tested with this setting are able to delete, but the other is not. The affected admin doesn't even have delete as an option when selecting "…" for an item.
I found the solution.
Under Organization Settings > Users, the user in question was listed as a Stakeholder.
I had to promote him to Basic.
This solved the problem, and it might not be discoverable as the cause of the problem if a Project admin is not also an Org admin.

Restrict to add and remove users from other built-in group in Azure DevOps

In Azure DevOps, I want to restrict Project Admins to add and remove users from other built-in groups. Now I know I cannot change the Project Admin permissions in Azure DevOps(ADO) and they are all greyed out but I can add Azure Active Directory group and change the permissions and add all the project admins in that AAD group, but the problem is there is no visible permission I can change to restrict Project admins from adding and removing members. CONTRIBUTORS built ion group is already restricted. Can anyone advise what to change in the permissions to restrict them from adding and removing users from the groups?
As you have connected your AD in your organization you should go in organization settings under policies and deactivate allow team and project administrators to invite new users
I know it's late and you might have already found a solution. However, for any future readers, the way I handled that use case is with the help of custom TFS group called Administrators and leave default Project Administrators intact. Then you can add AD groups inside custom Administrators group and manage permissions for this group.
HTH.

Azure DevOps Shared Query permission not inheriting from Project Administrator Group

I am in the project administrator group, since we have a requirement to set the shared query to read-only to Contributors, I toggled the permission for Contributors to Deny except for "Read"
When I try to create new shared query, it says:
TF401256: You do not have Write permission for query Shared Queries.
I clicked on the three dots and bring up the "Permission for Shared Queries" menu, searched my name and a few other people in the Project Administrator Group or Project Collection Administrator Group, it shows all "Deny" permission except for the "Read" for all of us.
When I hover over, it says our permission is being inherited through the {project}\Contributors, but we are in the Administrator group.
Why is that and How can I fix it? I cannot even overwrite the permission. It is stuck at being inherited from the Contributor group.
enter image description here
It seems you are in a different group(project administrator group and Contributors), check this doc:
In the Azure DevOps, for most groups and almost all permissions, Deny overrides Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user is not able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
This is why you get the error message. You could open project settings->Permissions->Search the permission group {project}\Contributors->click the tab Members and remove your account. Then you could create new shared query
Update1
Steps:
Open project settings->Teams->select the team->click the tab Settings->add Administrator, then we could move our account.
link to MS forum for this issue (or similar posted by other people):
https://developercommunity2.visualstudio.com/t/Project-administrator-cannot-save-shared/1339863
It just doesn't sound right to me that in order to have admin permission you cannot be in any team. That maybe workable for a test account but for an organization this workaround or restriction could mess things up a lot.

Permit a member to add more members to the team

I am an admin to a lot many projects. I have permissions to add members to any particular Project. But if I would like to promote a member as a Project Admin, I would like him to have permissions to add new members to the project.
I have added this person as a member of Project Administrator. Though he can now see the + symbol to add a member in Dashboard, it says he doesn't have permissions to add a member. What am I missing?
Seems you are talking about the team member dashboard to add member to the default team.
First double confirm you have promoted the member as a Project Admin
correctly, you could refer this question:
Manage user project permissions
Check the user is adding to VSTS for the first time or not. If it's,
need add account users for VSTS first. For this, the member will
need VSTS project collection administrator or account owner
permissions. However he is just a project admin, this maybe why he doesn't have permission.
Besides you could also add/manager members of other team, choose the gear cog
and Security from the menu. Then find the team on the left pane
of the security page and select it. In the right pane, choose the
Members view (next to Permissions), and then you will see a green plus symbol and the Add... button.
More details please refer this tutorial--Add team project members in VSTS

GitHub: how do I make a user an admin of an organization?

I need to transfer a repository from a user account to an organization the user is a member of. Per GitHUb's docs, I need to make the user account an admin of the organization first.
GitHub's docs describe the different levels of access to an organization, but I can't find out how to actually change a user's level of access to an organisation.
How can I make the organization member an admin?
Access levels in GitHub are configured per Team inside the Organization.
Log into GitHub.
Switch your account context to the organization using the dropdown near the top-left of the screen:
Click on "View organization":
Click the Teams tab in the top navigation bar:
Decide whether you want to change the permissions of an existing team (and all of its members) or to create a new team for a single user.
If you are modifying an existing Team,
click on the Team name,
then click the gear icon at the top right,
then change the Team's access to Admin and
click Update.
If you are creating a new Team,
click the New Team button,
give the Team an appropriate name,
set its access to Admin and
click Create Team.
Team memberships have somewhat limited permissions scopes to individually named repositories.
If you want to set someone as an admin for the entire organization:
Navigate to the Organization > People
Identify the member you want to update and click on the settings cog
Set role to Owner
Update 2022: GitHub entitlements can help you define an IAM (Identity and Access Management) complete with audits.
2017: Note that since June 2017, you can apply an Admin access right to a sub-team (instead of one giant unique team as before)
See "Nested teams add depth to your team structure":
Child teams inherit their parent's access permissions, so repository permissions and #mentioning among nested teams work from top to bottom.
If your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access.
So that is another way to assign a user admin right: make him/her part of a sub-sub team called "admins" within an organization.
Official GitHub Documentation: Nested Teams.