Is there a way to grant team members access to the Repos section of a team project without granting them access to the Pipelines section of the team project?
Asked
Active
Viewed 515 times
1 Answers
0
You may try this:
- Create new security group:
- Add users to this group
- Get Security Setting for Pipeline
- Update view setting to Deny
Shamrai Aleksander
- 13,096
- 3
- 24
- 31
-
Thanks @Shamrai. I have set up security as you proposed and the user is still able to see the Variable Groups. The Builds and Releases are hidden, but not the VGs. – tlatkovich Sep 12 '19 at 15:21
-
The way I understand the security for the release Library is access is granted through roles and if a user isn't in a role granted access, they shouldn't be able to view the Variable Groups within the library. But that doesn't seem to be the case as users have seemingly unfettered access to them. – tlatkovich Sep 12 '19 at 15:36
-
@tlatkovich Yes, this is a problem. I think, each user consists in **Contributor** and **Project Valid Users** groups that have access to variables. So in this case we have to use another way. As example: 1) Remove these groups from role assignments 2) Add new group and users into new group who can work with variables 3) Add role assignment in variables for this group. But I recommend to check this on some test project. – Shamrai Aleksander Sep 12 '19 at 16:30
-
@tlatkovich Did you try out Shamrai's suggestion. How did it go? – Levi Lu-MSFT Sep 17 '19 at 08:07
-
@LeviLu-MSFT - access to variable groups should only be allowed for users in a security role. There is a bug in the DevOps product that allows users access to variable groups without a role. The team is working on a fix. Here's the developer community forum thread to follow: https://developercommunity.visualstudio.com/content/problem/733068/how-to-secure-variable-groups.html. I'll follow up here when the fix is released. – tlatkovich Sep 18 '19 at 12:58
-
@tlatkovich Please also help to share the fix here, When you get the solution from developer community. – Levi Lu-MSFT Sep 20 '19 at 04:29
-
1@LeviLu-MSFT - the DevOps team has fixed the issue. Access to variable groups now works as expected, which means explicit permissions must be granted to users to access the variable groups. https://developercommunity.visualstudio.com/content/problem/733068/how-to-secure-variable-groups.html?childToView=769153#comment-769153 – tlatkovich Oct 09 '19 at 12:46