Apr 25 2023
03:27 AM
- last edited on
Mar 05 2024
02:39 PM
by
TechCommunityAP
Apr 25 2023
03:27 AM
- last edited on
Mar 05 2024
02:39 PM
by
TechCommunityAP
Hello, im trying to generate a report on "who has access" on all Projects in Azure DevOps
I use the following
$organization = "RELEVENT NAME"
$pat = "APATKEY"
$baseUrl = "https://dev.azure.com/$organization/_apis"
$APIVersion = "7.0"
# Get all projects in the organization
$projectsUrl = "$baseUrl/projects?api-version=$APIVersion"
$projects = Invoke-RestMethod -Uri $projectsUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}
# Loop through each project and get the groups and permissions for each added user
foreach ($project in $projects.value) {
$projectName = $project.name
$projectUrl = "$baseUrl/$projectName/_apis/graph/users?api-version=$APIVersion&direction=2&$top=5000"
$addedUsers = Invoke-RestMethod -Uri $projectUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}
Write-Host "Project: $projectName"
foreach ($user in $addedUsers.value) {
$userId = $user.descriptor
$userUrl = "$baseUrl/$projectName/_apis/accesscontrolentries?api-version=$APIVersion&identityDescriptor=$userId"
$permissions = Invoke-RestMethod -Uri $userUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}
$groups = $user.memberOf | Where-Object { $_.subjectKind -eq "Group" }
$groups = $groups | ForEach-Object { $_.displayName }
$groups = $groups -join ', '
Write-Host "User: $($user.displayName), Groups: $groups"
foreach ($permission in $permissions.value) {
$permissionName = $permission.displayName
Write-Host " Permission: $permissionName"
}
}
Write-Host ""
}
can any one help me figure out why it returns empty all the time.