In my project, I want to create a few AzureRM service connections with different levels of access. I want to allow only certain pipelines to use the service connections. And I am aiming to use API or az devops extension to do this. Portal already allows to choose which pipelines are allowed to use the service connection through service connection security settings.
So far I was able to find the relevant permission in the ServiceEndpoints namespace
Name Permission Description Permission Bit
Use Use Service Connection 1
However, I do not know how to grant the permission to the pipeline. I think i should use 'az devops security permission update' from the extension however can not figure what the subject should be in case of a pipeline. Looking at the output of 'az pipelines build definition show' i do not see any unique identifier for a pipeline and documentation for security permission update says subject should be a user of group.
If i want to use the API, i will need to know how to create the descriptor to pass to Set Access Control Lists.
Any hint is appreciated.