How do I set the build authorization scope for my project?

Question

Right now my NuGet restore fails since the project build user doesn't have contributor access to the package feed.

/usr/share/dotnet/sdk/3.0.100/NuGet.targets(123,5): error : Unable to load the service index for source pkgs.dev.azure.com[..]index.json. /usr/share/dotnet/sdk/3.0.100/NuGet.targets(123,5): error : Response status code does not indicate success: 403 (Forbidden - User 'xxxxxxx' lacks permission to complete this action. You need to have 'ReadPackages'.

The solution is to change the build authorization scope from current project to project collection. This seems very doable as seen here:

https://learn.microsoft.com/en-us/azure/devops/pipelines/build/options?view=azure-devops

But where, in DevOps' myriad menus, can this scope be set?

Answer 1

There was a workaround for this 403 error posted a few hours ago: https://developercommunity.visualstudio.com/content/problem/795493/403-error-during-nuget-restore.html

In short, this seems to affect new projects connecting to a private feed. Here's the suggested work around:

1. Click "Artifacts" in the project with the failing build

   

2. Select the feed you were trying to consume in your build and click the cog in the top right corner

   

3. Click "Feed Settings"

   

4. Go to the Permissions tab

   

5. Click the 3 dots [...] that appeared to the right of the tab

   

6. Click "Allow project-scoped builds"

   

This adds the relevant user permissions that the error the OP posted was complaining about. Hopefully Microsoft will make a proper fix for this soon.

Full credit to Tim Lynch from the developer community page.