Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Adding Build Service 'user' to 'Project Collection Build Services' in Azur DevOps

Tags:

git

azure-devops

I am trying to allow my build pipeline in Azure DevOps to push changes to a git repo, there is some good documentation from microsoft on how to do this but in my case the build pipeline and the git repo are in two separate projects within the same organisation.

I have tried granting the necessary repo permissions to the 'Project Collection Build Services' group, however I then discovered that this group has no users listed in it.

I have also noticed that in the repo permissions I see listed a user named 'MyProject Build Service (MyOrganisation)', but this user is not listed in the Users for the project (or organisation) and therefore I cannot add it to 'Project Collection Build Services' group. I suppose this User is a system generated user which is used to run the pipeline, is there a way to grant permissions to this user for a repo on another project within the same organisation?

like image 529
Techromancer Avatar asked Oct 12 '25 15:10

Techromancer

2 Answers

I have resolved the issue, I have found more documentation that explains in more detail user accounts and permissions are set for build pipelines: Manage build service account permissions.

The thing that caught me out was that there are to types of build identities, project scoped (which is the one I was referring in my question above and one that is organisation/collection scoped which has the following name: 'Project Collection Build Service (MyOrganisation)', granting the permission to the latter solved my issue.

like image 141
Techromancer Avatar answered Oct 14 '25 06:10

Techromancer

Setting up a new project, I had issues with pipeline permissions. I found this post, which led me to the answer, but the accepted answer links to a section further down the page.

Limit job authorization scope to current project for release pipelines

I had to change the Job Authorization Scope under Organization > Project > Settings > Pipeline Settings:

  • Limit job authorization scope to current project for non-release pipelines
  • Limit job authorization scope to current project for release pipelines

These settings are on by default. Turning them off gives the build service access to shared feeds from other projects in your organization.

like image 32
Kovaris Avatar answered Oct 14 '25 06:10

Kovaris

Sign in to Comment

Related questions

Git: How do I undo a cherry-pick --no-commit that generated conflicts?
Git clone works in AWS CodeCommit but pushing fails with 403

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!