Is there an API for editing/adding users/user groups to a project's security groups in Azure DevOps? For example, create a new security group under project and add members under it?
0
votes
1 Answers
1
votes
Create a group and add members under this new group are separate steps. As of now, we have not provide one api that you can achieve them at once.
(1) To create a new user group under project level:
POST https://vssps.dev.azure.com/{organization}/_apis/graph/groups?scopeDescriptor={scopeDescriptor}&api-version=6.1-preview.1
Request body:
{
"displayName": "{group name}",
"description": "{The description of this group}"
}
Notes:
The only trouble here is getting scopeDescriptor of the project. Since you are trying to add group under Project level, scopeDescriptor is a necessary parameter of this api.
a. Please firstly use this api to retrieve the id of the project that you would like to add the group to.
GET https://dev.azure.com/{organization}/_apis/projects?api-version=6.0b. Then calling this Descriptors - Get api to get the corresponding scopeDescriptor.
GET https://vssps.dev.azure.com/{organization}/_apis/graph/descriptors/{storageKey}?api-version=5.0-preview.1Please replace storageKey with project Id since we need to get the scope descriptor for a project. The content of Value property is what we are looking for:
Please copy the "descriptor" value into a txt file from the response body after you create a new group successfully, it is the important parameter for next steps.
(2) Adding a member into this new group, please refer to this api:
POST https://vssps.dev.azure.com/{organization}/_apis/graph/users?groupDescriptors={xxxxx}&api-version=6.1-preview.1
Request body:
{
"principalName": "{user' account address}"
}
Notes:
Here please input the descriptor value you copied from previous api's response body, as the value of groupDescriptors parameter.
For request body, just input the user's account address is ok.
