1

Some users in our client's Azure DevOps Server (on-prem) instance are unable to see the Request, Response and Event tabs when they view the history for webhooks. Other users can see the tabs.

The issue is as follows...

  • Under Project Settings --> Service Hooks, my client has a number of service hooks/webhooks defined.
  • When clicking the ellipse menu next to a Service Hook and selecting "History" it opens a modal window showing previous "runs" of the service hook in question.
  • On the right hand side of the modal window there are several tabs. Summary, Request, Response and Event (Screenshot attached)
  • Some users are unable to see the "Response", "Request" and "Event" tabs.

Some more background... The users in question cannot be placed in the "Project Collection Administrators" group due to company policy. They have been given "EditSubscription" permissions using tfssecurity.exe command line but it's still not working. I was hoping there might be a way to give them the required access using the REST API but it seems like the Azure DevOps CLI does not work with Azure DevOps Server 2019?

If anyone else has any advice I'd appreciate the help.

enter image description here

Thanks in advance. Devon.

Devon Britton
  • 21
  • 2
  • Hi Devon Britton, Did you get a chance to implement the solution that I suggested? Were you able to resolve? If my reply helped or gave a right direction. Appreciate for [marking it as an answer](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work)which will also help others in the community. – PatrickLu-MSFT Mar 28 '20 at 01:50

1 Answers1

1

You should be able to grant a regular project user the ability to view and manage service hook subscriptions for a project.

   tfssecurity /a+ /collection: https://dev.azure.com/fabrikam-fiber-inc/DefaultCollection ServiceHooks PublisherSecurity/abcdef00-abcd-0000-0000-abcdef000000 EditSubscriptions n:fabrikamfiber4@hotmail.com ALLOW

Make sure you used the command with same format and the users also have View subscriptions permission.

Take a look at What permissions do I need to set up a subscription?

Q: What are the security implications of granting Edit subscriptions and View subscriptions permissions?

A: The user with these permissions can see all subscriptions created in the project and the notification history for those subscriptions. That user can then create any type of service hook subscription in that project. If the user sets up a subscription for a resource that they don't otherwise have permission to access, the subscription won't get triggered.

For example: if I don't have access to work items in area path XYZ, and I set up a subscription to the work item update events, I won't get notifications for updates to work items in area path XYZ. However, if another user who does have access to the work items in area path XYZ is receiving those "work item update" events, then I could see the notification history of that other user's events, which includes work item data that I don't otherwise have access to.

If users are still not able to view those tabs with granting both Edit subscriptions and View subscriptions. Suggest they completely sign out the browser and clear cache. Then login in TFS web portal again. Which may do the trick.

PatrickLu-MSFT
  • 49,478
  • 5
  • 35
  • 62