Limited access user on Azure DevOps on-premise can add/delete folders

0
votes

We have Azure DevOps on-premise server 2020.1 RTW, we wanted to add users/groups with limited access to Wiki pages only. We added the group to the project and added the user to the group and updated all the permissions from Project Security to: Deny except for: View project-level information permission (set to: Allow). Permissions have also been updated from Collection Security settings. The user currently can view Wiki pages but he can also add/delete Pipeline folders. Any idea on how can we revoke the folder deletion permission? Note: I followed the below articles but the issue still not resolved:

https://docs.microsoft.com/en-us/azure/devops/pipelines/policies/set-permissions?view=azure-devops&viewFallbackFrom=vsts

How to restrict access to Pipelines in Azure DevOps

Update: Included Image for access control summary for Pipeline level permissions:

This is the access control summary for Pipeline security

1
azureazure-devopsdevops

1 Answers

0
votes

As per my knowledge we may set different level of pipeline permissions for the users. Pipeline permissions are the permissions associated with pipelines in an Azure DevOps project. Permissions in Azure DevOps are hierarchical and can be set at the organization, server (for on-premises), project, and object levels.

Object-level permissions are designed to be more granular than organization-level permissions. For example, a user could have access to your Azure repository thanks to their organization-level permissions. However, that same user could be prevented from running a pipeline manually because of that pipeline's permissions. Here is the reference for pipeline permissions https://docs.microsoft.com/en-us/azure/devops/pipelines/policies/permissions?view=azure-devops#pipeline-permissions-reference

This for access levels in azure devops https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops