Forum Discussion

bbliang's avatar
bbliang
Copper Contributor
Feb 16, 2023

How to grant Service Principle access right to Azure Repos

In Azure Pipelines, we need to get source code of another organization's Azure Repos. Currently we use personal access token, but it links to a user who might leave the organization. Can we use a ser...
azure devops
bbliang's avatar
bbliang
Copper Contributor
Mar 28, 2023

Robina 

for the 2nd step, the organization level means Azure DevOps Organization? How to assign "Contributor" Role to service principle at the organization level?

 

Auzre DevOps API permission was granted to the service principle.

 

But I cannot find the service principle in Azure Devops organization users, project contributor, and repos security settings tab.

 

 

 

Robina's avatar
Robina
MCT
Mar 28, 2023

bbliang 

Azure DevOps, an organization is the top-level container that holds all your projects, teams, and other resources.To assign the "Contributor" role to a service principle at the organization level in Azure DevOps, you can follow these steps:

  1. Go to your Azure DevOps organization and click on the "Organization settings" gear icon in the lower left corner.
  2. In the left-hand menu, click on "Permissions".
  3. Click on "Security groups".
  4. Create a new security group or select an existing one.
  5. Click on "Members" to add members to the security group.
  6. Click on "Add" and select "Service principal".
  7. Type in the name or ID of the service principal and click "Add".
  8. Click on the security group again and click on "Permissions".
  9. Click on "Add" to add a new permission.
  10. Select the "Contributor" role from the list of available roles.
  11. Choose the scope of the permission (in this case, the organization).
  12. Click "Add" to save the permission.

 

After completing these steps, the service principal should have the "Contributor" role at the organization level. If you cannot find the service principal in the Azure DevOps organization users, project contributor, and repos security settings tab, make sure that you have granted the appropriate Azure DevOps API permissions to the service principal and that it has been added to the appropriate security group with the "Contributor" role.

  • bbliang's avatar
    bbliang
    Copper Contributor
    Apr 03, 2023

    Robina 

    For step 8-12, I cannot find the "Add" button to add a new permission (role) for the security group, but can only set the permission for items listed.

     

    • Robina's avatar
      Robina
      MCT
      Apr 04, 2023
      It's possible that the "Add" button is not available because there are no permissions that can be added to the security group at the organization level. The organization-level permissions in Azure DevOps are typically set at the individual or team project level.

      To check if this is the case, you can navigate to the "Permissions" section again and select the security group you created or selected. Then, look for the "Permissions" tab and check if there are any available permissions listed that can be assigned to the security group at the organization level.

      If there are no available permissions listed, then it's likely that the security group can only be assigned permissions at the individual or team project level. In that case, you will need to navigate to the specific project or team and assign the "Contributor" role to the security group there.

Resources