0

I need to review all source code permissions on a particular folder structure. I have gone through the apis and can't find what I need or haven't figured out how to use them correctly yet. I have also tried the tfssecurity command but, can't figure out how to make it look at just a specific team project.

I am using Azure DevOps Server 2020 and the source is in TFVC.

This is part of a source control audit and I need to produce a report of what permissions users have on a folder in source.

I have tried the following apis: https://learn.microsoft.com/en-us/rest/api/azure/devops/security/?view=azure-devops-server-rest-6.0 Along with the tfssecurity command.

None are producing the results I need.

huntantr
  • 23
  • 3
  • From Azure DevOps Server 2020, there should be a same repo security permission view (the same as Service) in Project Settings -> Repo -> choose your target TFVC repo -> Security -> Download Detailed report. – Kim Xu-MSFT Nov 07 '22 at 09:08
  • Unfortunately that option is not available in onprem. I have even checked 2022, and it's not there either. – huntantr Nov 08 '22 at 14:20
  • I have checked the TFS 2020 view, there's no "Download Detailed report". Similar to your scenario, the API for this seems not implemented: https://stackoverflow.com/questions/63450768/how-to-list-the-groups-user-who-has-permissions-to-the-project-repo-with-azure-d – Kim Xu-MSFT Nov 11 '22 at 07:12

1 Answers1

0

Found the APIs needed to do this.

Use this one to get all of the namespaces and find the ones that you want to get the security data for. https://{instance}/{collection}/_apis/securitynamespaces

After that call this API to get the ACLs for that namespace. https://{instance}/{collection}/_apis/accesscontrollists/{securityNamespaceId}?alwaysAllowAdministrators=True

Once you get all of the ACLs for the namespace, you can then look at each ACE to find out the permissions. https://{instance}/{collection}/_apis/identities?descriptors={descriptors}&queryMembership=expandedDown

huntantr
  • 23
  • 3