Managing Access Levels and Azure Repo Permissions in Azure DevOps

Managing Access Levels and Azure Repo Permissions in Azure DevOps

  1. Basic Access Level:

    • Features: Users with Basic access have access to the core features of Azure DevOps, such as version control, work tracking, build, and release.

    • Usage: This access level is suitable for team members who need to actively contribute to the development process by creating work items, participating in discussions, and checking in code.

  2. Stakeholder Access Level:

    • Features: Stakeholders have more limited access compared to Basic users. They can access work items, track progress, and view dashboards and boards. However, they have restricted access to code repositories and build/release pipelines.

    • Usage: Stakeholder access is appropriate for individuals who need visibility into the project's progress without actively contributing to the development process. Examples include product managers, executives, or customers.

  3. Visual Studio Subscriber Access Level:

    • Features: Visual Studio Subscribers have access to all features of Azure DevOps, providing the most comprehensive set of capabilities. This includes advanced features like code search, package management, and integration with additional tools.

Usage: This access level is typically assigned to users who have Visual Studio subscriptions and require full access to all Azure DevOps features. Developers and other team members who need access to advanced tools and features fall into this category.

Comprehensive Repository Access Control: Understanding and Managing Key Security Permissions

  1. Bypass policies when completing pull requests:

    • This permission allows a user to complete (merge) pull requests without being restricted by any configured policies. Policies might include things like code review requirements, status checks, or other conditions that must be satisfied before a pull request can be merged.
  2. Bypass policies when pushing:

    • Similar to the first permission, this allows a user to push changes to a branch without being restricted by any configured policies. Policies could include checks on code quality, tests, or other conditions before changes are pushed to the repository.
  3. Contribute:

    • This is a broad permission that generally allows a user to contribute to the repository in some way. It might include the ability to create, modify, and delete files or make other changes.
  4. Contribute to pull requests:

    • This permission specifically allows a user to make contributions (additions or modifications) to existing pull requests.
  5. Create branch:

    • Users with this permission can create new branches within the repository.
  6. Create tag:

    • This permission enables a user to create tags, which are often used to mark specific points in the version history of a repository.
  7. Delete or disable repository:

    • This permission grants the ability to delete the entire repository or disable it, effectively making it inaccessible.
  8. Edit policies:

    • Users with this permission can modify the policies configured for the repository. This includes things like branch protection rules, required status checks, and other governance measures.
  9. Force push (rewrite history, delete branches and tags):

    • This powerful permission allows a user to force push changes to a branch, effectively rewriting its history. It also allows the deletion of branches and tags, even if they contain commits.
  10. Manage notes:

    • This permission allows a user to manage notes associated with commits. In Git, notes are additional pieces of information that can be attached to a commit.
  11. Manage permissions:

    • Users with this permission can manage the access permissions of other users or teams within the repository.
  12. Read:

    • This basic permission allows a user to view the contents of the repository.
  13. Remove others' locks:

    • Some version control systems allow users to lock files to prevent concurrent editing. This permission allows a user to remove locks placed by others.
  14. Rename repository:

Users with this permission can change the name of the repository.

Comprehensive Azure DevOps Permissions Overview

  1. General:

    • Alter trace settings: Modify tracing configuration for debugging and diagnostics.

    • Create new projects: Ability to create new projects within the Azure DevOps organization.

    • Delete this node: Permission to delete a specific node or element within the organization.

    • Edit instance-level information: Modify information at the organization level.

    • View instance-level information: View information at the organization level.

  2. Service Account:

    • Make requests on behalf of others: Ability to make API requests on behalf of other users.

    • Trigger events: Initiate events within the Azure DevOps services.

    • View system synchronization information: View information about system synchronization processes.

  3. Boards:

    • Administer process permissions: Manage permissions related to work item processes.

    • Create process: Ability to create new work item processes.

    • Delete field from organization: Remove a field from the organization-level configuration.

    • Delete process: Remove a work item process from the organization.

    • Edit process: Modify an existing work item process.

  4. Repos:

    • Administer shelved changes: Manage shelved changes in version control.

    • Administer workspaces: Control permissions related to version control workspaces.

    • Create a workspace: Ability to create new version control workspaces.

  5. Pipelines:

    • Administer build resource permissions: Manage permissions for build resources.

    • Manage build resources: Control and manage build resources.

    • Manage pipeline policies: Administer policies related to pipeline configurations.

    • Use build resources: Ability to use allocated build resources.

    • View build resources: View information about available build resources.

  6. Test Plans:

    • Manage test controllers: Administer test controllers in Azure Test Plans.
  7. Auditing:

    • Delete audit streams: Remove audit streams containing recorded activities.

    • Manage audit streams: Control configuration and settings related to auditing.

    • View audit log: View the log of audited activities.

  8. Policies:

    • Manage enterprise policies: Administer policies at the enterprise level.