Azure Question posted in
The official documentation to get you started can be found here.

Adding external users to Azure DevOps git repository and deny in multiple repositories isn't working

I have gone through so many blogs and none of them were helpful for my use case. I have a few external users and I added them all in a Permission group and denied "Read" permissions all of them in security section.
Then I went to the repo where I want to add the group and gave the necessary permissions (read, contribute, create branch, etc)
The good thing is, I get "You dont have access" to all the repositories, but along with the repo where I need access.
Tried everything, inheritance permissions, removed the group and gave individual access, nothing worked.
Please can someone help me or at least help me know if there is a solution for this?

Tags:

2

Answers


  1. 0

    From your description, you have denied "Read" permissions for the group in global repo security settings(Project Settings -> All Repositories -> Security) and allowed necessary permissions to the required repos(Project Settings -> All Repositories -> Target Repors -> Security).

    These settings are effective. It should make users in the group only able to access repos for which they have read permissions.

    I get "You dont have access" to all the repositories, but along with the repo where I need access.

    The cause of the issue could be that users in the group only have the Stakeholder access level. In this case, even though the user has read permissions on the required repos, they still cannot access the repo.

    You need to grant the Basic or higher Access Level to the users in the group.

    Navigate to Organization Settings -> Users and grant the Basic Access Level.

    For example:

    enter image description here

    Then they can access the required repos which they have the Read Permission.

    For more detailed info, you can refer to this doc: Set Git repository permissions

    To contribute to the source code, you must be granted Basic access level or greater. Users granted Stakeholder access for private projects have no access to source code.

    Update:

    Here is my test Result:

    First of all, Users have Basic access level.

    Step1: Deny Read permissions to all Repos(Global Level).

    enter image description here

    Step2: Allow Read Permission to Target Repo.

    enter image description here

    Step3: The user in the group will have the Allow Read Permission for target repo.

    enter image description here

    Result: User can only access the repo which has Read Permission.

    enter image description here

    Login or Signup to reply.
  2. 0

    Kevin Lu is incorrect. Permissions in Azure DevOps work as follows:

    • Allow: Grant access unless explicitly denied
    • Deny: Do not allow access under any circumstances, even if Allow is set
    • Not set: Deny if not explicitly allowed

    By setting a global "Deny", you are disallowing access under all circumstances. Use "Not set" instead.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search