Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure DevOps default permissions

In Azure DevOps, branch security for git repos defaults the 'Force push' property to 'Not set' for all Azure DevOps Groups. This effectively denies this permission.

We're following gitflow where I work and would generally deny this permission explicitly for persistent branches, Master and Develop; however, for feature branches I would rather this default to 'Allow', so that an admin doesn't have to be involved. Is there a way to default 'Force push' to 'Allow' for the Azure DevOps 'contributor' group for all branches, unless explicitly set to 'Deny'?

Cheers.

like image 622
Ryan.Bartsch Avatar asked Sep 26 '18 02:09

Ryan.Bartsch


People also ask

How do I set permissions on Azure DevOps?

Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team. Choose Project settings and then Permissions. Choose Project Administrators group, Members, and then Add.

How do I manage permissions in Azure DevOps?

You manage organization-level permissions through the web portal admin context or with the az devops security group commands. Project Collection Administrators are granted all organization-level permissions. Other organization-level groups have select permission assignments.

What is basic access in Azure DevOps?

Basic access provides access to all features and tasks for using Azure Boards, Azure Repos, Azure Pipelines, and Azure Artifacts. Users who require access to manage Azure Test Plans need to be granted Basic + Test Plans or Advanced access.

How do I check permissions on Azure DevOps?

View organization or collection-level permissionsOpen admin settings for the organization or a project collection. Choose the Azure DevOps logo to open Projects. Then choose Organization settings. Choose Permissions, the Project Collection Administrators group, and then Members.


1 Answers

You need to understand the Securities of Azure Repos first

There are two level of securities

  1. Repo Level
  2. Branch Level (By Default -Inherited from Repo Level) - YOU CAN CHANGE THIS ALSO

Default, in Azure Repos (Git), Rewrite and destroy history (force push) is Not Set at Repo Level.

This is the Inherited(by default) for every new branch you create. So you will have the value as Not set for every new branch you create with-in that Repo.

Your requirement will not be implemented directly since all the securities for a branch are by default inherited from the repo level.

The answer for your question

  1. At repo level Set the Force Push - > Allow
  2. This will be default inherited to all branches under your repo.
  3. Change this Setting to Deny for the master, Develop, QA so far (which you need to administrate/secure)

BE CAREFUL ON THIS PERMISSION SINCE YOU ARE SETTING THIS TO ALLOW AT REPO LEVEL IS VERY DANGEROUS

like image 169
Jayendran Avatar answered Oct 05 '22 12:10

Jayendran