Access rights for Azure DevOps Services pipeline

0
votes

What are the best practices for accesses permission for programmers working in Azure DevOps? I would like the programmers to be able to use it, by for example having the possibility to create branches.

As far as I can understand by reading documents such as https://docs.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops#git-repository

The only permission needed is a contributor? Is this correct or have I misunderstood the whole thing? The organization I’m working for have for example set the contributor to be a member of : Build Administrators, Endpoint creators, Release Administrators

3
azureserviceazure-devops

3 Answers

1
votes

Creating users is different thing and assining rights is different thing. Your are looking for something named Policies.

Check for Branching policies in this case.

EDIT:

I was confused with the branching rights, however you can follow the Repository Permissions and Branch permissions to find how you can give permissions on your projects to users

0
votes

You need to navigate to project settings and then to repositories. there you will find list of repositories and each repo can have certain rights assigned to it. some are inherited, some assigned. You can modify those to fit your likings.

this is the url: https://dev.azure.com/org_name/project_name/_settings/repositories

For more details, follow this link: https://docs.microsoft.com/en-us/azure/devops/organizations/security/set-git-tfvc-repository-permissions?view=azure-devops

0
votes

thanks for you quick answer. Have digged into the documentation and repository permissions. I gave definitely som insight. My concern is that I want a predefined setting for managing the code repository on a team level, thus would no want to give project permission to the programmers. In my azure devops setup I have only on organization with hundreds of teams.

As I understand it, the permission for the repos are set at the project level. I would like to minimize the project level access since it gives to wide accesses in other cases and other teams. So my hope was that giving programmers contributor access would give the more or less all needed access for the repos out of the box. Such as: 1. Clone, fetch, contribute to pull requests, and explore the contents of a repository 2. Contribute to a repository, create branches, create tags, manage notes

Do not really understand why more access are needed. But could for example give the security control to the build admin role by granting the access to change permission. In this case the ones with build amdnin could adminitrate the security for its own team repos.

Any thoughs on this? Apologize if I have misunderstood you answer...