How to allow users to view all projects on Azure DevOps Server 2019 [closed]

1
votes

By default Azure DevOps Server 2019 allows the user to view only the projects to which he belongs, however I need that all users can view all the projects in the collection with the following restriction, if the user does not belong to the project team he will not be able to see some project repositories.

In my attempts I created a group of users called 'Viewers' and placed this group as readers in the project's repositories and denied the visualization of a specific repository, the result was that the team of that project also lost the right to view the repository because team members were included in the 'Viewers' group

Is there any way to enable this type of visualization? Because in my research I didn't find anything that was of the type.

1
azure-devops

1 Answers

0
votes

That's an expect behavior. According to TFS permission setting, most groups and almost all permissions, Deny trumps Allow. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user will not be able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.

In your scenario, if you want the user does not belong to the project team he will not be able to see some project repositories.

You need to evidently deny those users which out of that project team for viewing some project repositories.

If you have many projects and repos to take such a step. This will be a lot of work. You could achieve it with the help of command line.

The tfssecurity command line tool allows us to manage permissions for TFS groups and users. We could use it in a PowerShell script to grant access to projects that already exists.