The azure-pipeline.yml is placed in the repo, I don't want other users to be able to edit it while running the pipeline. How can I achieve this from Azure devops. Locking a branch is available, can I use same for a single file azure-pipeline.yml in my case.
Asked
Active
Viewed 307 times
1 Answers
0
You should go under Project -> Repositories -> Security and restrict access to the particular user or group. This way user could run the pipeline but cannot view the .YAML file or edit it.
You cannot restrict a single file, permissions should be given on the repository.
GeralexGR
- 2,973
- 6
- 24
- 33
-
If permissions need to given on the whole repository, how would I get to know if the specific azure-pipeline.yml is being edited. – Priyanka Sharma Jul 22 '22 at 09:40
-
You can restrict those users from having commit access on your whole repository. As a result you do not have to track if this file is changed – GeralexGR Jul 22 '22 at 09:42
-
From this the `edit policies` would be used? Secondly, how it will restrict the user, will it not allow to edit and ask for review or something else ? – Priyanka Sharma Jul 23 '22 at 10:56
-
I am a devops person, the repository is maintained by the devs in our case, how can I make sure that they wont allow any edits to the azure-pipeline file. How can I have control only to the pipeline file, cause changes and update to code on whole repository is there responsibility. – Priyanka Sharma Jul 23 '22 at 11:00
-
then you could separate your pipelines code in another repository and leave the code in the dev team. you can specify triggers also for the dev team repository although that your pipelines will be hosted on another repository. – GeralexGR Jul 23 '22 at 18:06