Need a powershell VSTeam Module script to edit the security permissions of both build and release pipelines

MethodsAndPractices / vsteam

PowerShell module for accessing Azure DevOps Services and Azure DevOps Server (formerly VSTS or TFS)

https://methodsandpractices.github.io/vsteam-docs/

MIT License

444 stars 155 forks source link

Need a powershell VSTeam Module script to edit the security permissions of both build and release pipelines #431

Closed Shravanannavajjala-gep closed 2 years ago

Shravanannavajjala-gep commented 2 years ago

Hi Support,

We need a powershell VSTeam Module script to edit the security permissions of both build and release pipelines at the project level. Want to deny permissions of contributors in security tab in both build and release pipelines. Please find the attachment for reference. Looking forward for your response

SebastianSchuetze commented 2 years ago

Hi.

Did you check the documentation?

This one is helping you: https://methodsandpractices.github.io/vsteam-docs/docs/modules/vsteam/commands/Add-VSTeamBuildPermission

Be aware that you need additional script lines like getting the user or group you want to configure the permissions for.

Shravanannavajjala-gep commented 2 years ago

Hi,

Can we deny the permissions for entire group instead of every build pipelines or release pipelines. For example in manage security tab we have contributor group, In that contributor group can we deny the permissions for both build and release pipelines in one project at one time

SebastianSchuetze commented 2 years ago

First question yes: You can deny for the whole project for build / multi-staging pipelines

For release it is trickier because it is a different technology internally. There is not one command approach for this. If you read through the API docs for permission and check the general corresponding cmdlets we have then you are able to do it.

Bit in that case you need to understand the permission model with Access Control Lists. It is the normal way and not a work around, but you need basic understanding how the AzDO API works.

long story short: You can do both.

One word of advice: Use Multi-Staging Pipelines with YAML and not classic UI based build / release pipelines. The code based ones are much more flexible, portable, secure and easier to make compliant than the classic ones!

Shravanannavajjala-gep commented 2 years ago

Hi @SebastianSchuetze,

can you guide me for understanding the permissions with ACS. If yes can we schedule a call ?

SebastianSchuetze commented 2 years ago

No sorry. This is not possible. I am not doing this open source as part of my job. It is my private time mostly.

You will have to read through the documentation.

Sorry for that.

SebastianSchuetze commented 2 years ago

I am going to close this. You can give it a try and send a sample script if you get stuck. But please use the discussions for this.